From c462da60a44d547329de855f7e2d79edc475eafc Mon Sep 17 00:00:00 2001 From: Steve Phelps Date: Sun, 3 Mar 2024 09:32:35 +0000 Subject: [PATCH] update dependencies and no longer depend on javax --- project/Dependencies.scala | 8 ++++---- .../SlackSignatureVerifyAction.scala | 16 +++++++++++++--- src/test/scala/ServiceTests.scala | 4 ++-- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index 251682f..25c22fd 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -5,12 +5,12 @@ import sbt.plugins.JvmPlugin object Dependencies extends AutoPlugin { object Version { - val scala212 = "2.12.18" - val scala213 = "2.13.12" + val scala212 = "2.12.19" + val scala213 = "2.13.13" - val play = "2.8.21" + val play = "2.9.2" val guice = "7.0.0" - val jackson = "2.13.4" + val jackson = "2.16.1" val scalatic = "3.2.17" val scalaMock = "5.2.0" diff --git a/src/main/scala/com/mesonomics/playhmacsignatures/SlackSignatureVerifyAction.scala b/src/main/scala/com/mesonomics/playhmacsignatures/SlackSignatureVerifyAction.scala index edb00af..42723a5 100644 --- a/src/main/scala/com/mesonomics/playhmacsignatures/SlackSignatureVerifyAction.scala +++ b/src/main/scala/com/mesonomics/playhmacsignatures/SlackSignatureVerifyAction.scala @@ -6,12 +6,21 @@ package com.mesonomics.playhmacsignatures import akka.util.ByteString import com.google.inject.Inject +import com.mesonomics.playhmacsignatures.SlackSignatureVerifyAction.convertBytesToHex import play.api.Configuration import play.api.mvc.BodyParsers -import javax.xml.bind.DatatypeConverter import scala.concurrent.ExecutionContext +object SlackSignatureVerifyAction { + def convertBytesToHex(bytes: Seq[Byte]): String = { + val sb = new StringBuilder + for (b <- bytes) { + sb.append(String.format("%02x", Byte.box(b))) + } + sb.toString + } +} /** This class can be used to validate signatures in * [[https://api.slack.com/authentication/verifying-requests-from-slack#verifying-requests-from-slack-using-signing-secrets__a-recipe-for-security__step-by-step-walk-through-for-validating-a-request Slack requests]]. * @@ -39,8 +48,9 @@ class SlackSignatureVerifyAction @Inject() ( s"v0:${timestamp.value}:${body.utf8String}" } - override def expectedSignature(macBytes: Array[Byte]): HmacSignature = + override def expectedSignature(macBytes: Array[Byte]): HmacSignature = { HmacSignature( - s"v0=${DatatypeConverter.printHexBinary(macBytes).toLowerCase}" + s"v0=${convertBytesToHex(macBytes)}" ) + } } diff --git a/src/test/scala/ServiceTests.scala b/src/test/scala/ServiceTests.scala index cdce119..4867ff4 100644 --- a/src/test/scala/ServiceTests.scala +++ b/src/test/scala/ServiceTests.scala @@ -3,6 +3,7 @@ */ import akka.util.ByteString +import com.mesonomics.playhmacsignatures.SlackSignatureVerifyAction.convertBytesToHex import com.mesonomics.playhmacsignatures._ import org.scalatest.matchers.should import org.scalatest.wordspec.AnyWordSpecLike @@ -10,7 +11,6 @@ import org.scalatest.wordspec.AnyWordSpecLike import java.time.{Clock, OffsetDateTime} import javax.crypto.Mac import javax.crypto.spec.SecretKeySpec -import javax.xml.bind.DatatypeConverter import scala.concurrent.duration.{DurationInt, FiniteDuration} import scala.util.{Failure, Success} @@ -35,7 +35,7 @@ class ServiceTests extends AnyWordSpecLike with should.Matchers { def expectedSignature(macBytes: Array[Byte]): HmacSignature = { HmacSignature( ByteString( - s"v0=${DatatypeConverter.printHexBinary(macBytes).toLowerCase}" + s"v0=${convertBytesToHex(macBytes)}" ) ) }