Replace Apache Commons Base64 Decoding

Issue gh-10923

config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java

@@ -253,7 +253,7 @@ public void authenticateWhenCustomAuthenticationConverterBeanThenUses() throws E
 	public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception {
 		this.spring.register(CustomAuthenticationFailureHandler.class).autowire();
 		byte[] invalidDeflated = "invalid".getBytes();
-		String encoded = Saml2Utils.samlEncode(invalidDeflated);
+		String encoded = Saml2Utils.samlEncodeNotRfc2045(invalidDeflated);
 		MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse",
 				encoded);
 		this.mvc.perform(request);

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java

@@ -19,31 +19,28 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
 
-import org.apache.commons.codec.binary.Base64;
-
 import org.springframework.security.saml2.Saml2Exception;
 
 /**
  * @since 5.3
  */
 final class Saml2Utils {
 
-	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
-
 	private Saml2Utils() {
 	}
 
 	static String samlEncode(byte[] b) {
-		return BASE64.encodeAsString(b);
+		return Base64.getMimeEncoder().encodeToString(b);
 	}
 
 	static byte[] samlDecode(String s) {
-		return BASE64.decode(s);
+		return Base64.getMimeDecoder().decode(s);
 	}
 
 	static byte[] samlDeflate(String s) {

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java

@@ -19,28 +19,30 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 import java.util.zip.Inflater;
 import java.util.zip.InflaterOutputStream;
 
-import org.apache.commons.codec.binary.Base64;
-
 import org.springframework.security.saml2.Saml2Exception;
 
 public final class Saml2Utils {
 
-	private static Base64 BASE64 = new Base64(0, new byte[] { '\n' });
-
 	private Saml2Utils() {
 	}
 
+	@Deprecated
+	public static String samlEncodeNotRfc2045(byte[] b) {
+		return Base64.getEncoder().encodeToString(b);
+	}
+
 	public static String samlEncode(byte[] b) {
-		return BASE64.encodeAsString(b);
+		return Base64.getMimeEncoder().encodeToString(b);
 	}
 
 	public static byte[] samlDecode(String s) {
-		return BASE64.decode(s);
+		return Base64.getMimeDecoder().decode(s);
 	}
 
 	public static byte[] samlDeflate(String s) {

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java

@@ -64,7 +64,7 @@ public void convertWhenSamlResponseThenToken() {
 				.willReturn(this.relyingPartyRegistration);
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setParameter(Saml2ParameterNames.SAML_RESPONSE,
-				Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
+				Saml2Utils.samlEncodeNotRfc2045("response".getBytes(StandardCharsets.UTF_8)));
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");
 		assertThat(token.getRelyingPartyRegistration().getRegistrationId())
@@ -115,7 +115,7 @@ public void convertWhenGetRequestThenInflates() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setMethod("GET");
 		byte[] deflated = Saml2Utils.samlDeflate("response");
-		String encoded = Saml2Utils.samlEncode(deflated);
+		String encoded = Saml2Utils.samlEncodeNotRfc2045(deflated);
 		request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded);
 		Saml2AuthenticationToken token = converter.convert(request);
 		assertThat(token.getSaml2Response()).isEqualTo("response");