Spotbugs (#75)

Add spotbugs maven plugin.

Set spotbugs threshold to medium.
Provide baseline exclude file.
Make changes identified by spotbugs.

pom.xml

@@ -54,6 +54,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <checkstyle.dir>${basedir}/src/main/checkstyle</checkstyle.dir>
+    <spotbugs.dir>${basedir}/src/main/spotbugs</spotbugs.dir>
     <assembly.dir>${basedir}/src/main/assembly</assembly.dir>
     <testng.verbosity>0</testng.verbosity>
     <japicmp.enabled>true</japicmp.enabled>
@@ -213,6 +214,25 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>4.8.4.0</version>
+        <configuration>
+          <effort>Max</effort>
+          <threshold>Medium</threshold>
+          <xmlOutput>true</xmlOutput>
+          <xmlOutputDirectory>${project.build.directory}/spotbugs</xmlOutputDirectory>
+          <excludeFilterFile>${spotbugs.dir}/exclude.xml</excludeFilterFile>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>

src/main/java/org/cryptacular/CiphertextHeader.java

@@ -173,7 +173,7 @@ public static CiphertextHeader decode(final byte[] data) throws EncodingExceptio
     }
 
     final byte[] nonce;
-    int nonceLen = 0;
+    final int nonceLen;
     try {
       nonceLen = bb.getInt();
       if (nonceLen > MAX_NONCE_LEN) {
@@ -188,7 +188,7 @@ public static CiphertextHeader decode(final byte[] data) throws EncodingExceptio
     String keyName = null;
     if (length > nonce.length + 8) {
       final byte[] b;
-      int keyLen = 0;
+      final int keyLen;
       try {
         keyLen = bb.getInt();
         if (keyLen > MAX_KEYNAME_LEN) {
@@ -224,7 +224,7 @@ public static CiphertextHeader decode(final InputStream input) throws EncodingEx
     }
 
     final byte[] nonce;
-    int nonceLen = 0;
+    final int nonceLen;
     try {
       nonceLen = ByteUtil.readInt(input);
       if (nonceLen > MAX_NONCE_LEN) {
@@ -241,7 +241,7 @@ public static CiphertextHeader decode(final InputStream input) throws EncodingEx
     String keyName = null;
     if (length > nonce.length + 8) {
       final byte[] b;
-      int keyLen = 0;
+      final int keyLen;
       try {
         keyLen = ByteUtil.readInt(input);
         if (keyLen > MAX_KEYNAME_LEN) {

src/main/java/org/cryptacular/CiphertextHeaderV2.java

@@ -197,7 +197,7 @@ private static <T> CiphertextHeaderV2 decodeInternal(
         throw new EncodingException("Unsupported ciphertext header version");
       }
       final ByteArrayOutputStream out = new ByteArrayOutputStream(100);
-      byte b = 0;
+      byte b;
       int count = 0;
       while ((b = readByteFn.apply(source)) != 0) {
         out.write(b);
@@ -254,12 +254,14 @@ private static byte[] hmac(final byte[] input, final int offset, final int lengt
    * @param  input  Input stream.
    * @param  output  Output buffer.
    *
+   * @return  number of bytes read
+   *
    * @throws  StreamException  on stream IO errors.
    */
-  private static void readInto(final InputStream input, final byte[] output)
+  private static int readInto(final InputStream input, final byte[] output)
   {
     try {
-      input.read(output);
+      return input.read(output);
     } catch (IOException e) {
       throw new StreamException(e);
     }

src/main/java/org/cryptacular/adapter/WrappedDSAPrivateKey.java

@@ -13,6 +13,9 @@
 public class WrappedDSAPrivateKey extends AbstractWrappedDSAKey<DSAPrivateKeyParameters> implements DSAPrivateKey
 {
 
+  /** serialVersionUID. */
+  private static final long serialVersionUID = 8393283358287883368L;
+
   /**
    * Creates a new instance that wraps the given BC DSA private key.
    *

src/main/java/org/cryptacular/adapter/WrappedDSAPublicKey.java

@@ -13,6 +13,9 @@
 public class WrappedDSAPublicKey extends AbstractWrappedDSAKey<DSAPublicKeyParameters> implements DSAPublicKey
 {
 
+  /** serialVersionUID. */
+  private static final long serialVersionUID = -3349509056520420431L;
+
   /**
    * Creates a new instance that wraps the given key.
    *

src/main/java/org/cryptacular/adapter/WrappedECPrivateKey.java

@@ -13,6 +13,9 @@
 public class WrappedECPrivateKey extends AbstractWrappedECKey<ECPrivateKeyParameters> implements ECPrivateKey
 {
 
+  /** serialVersionUID. */
+  private static final long serialVersionUID = -2383997830074646642L;
+
   /**
    * Creates a new instance that wraps the given key.
    *

src/main/java/org/cryptacular/adapter/WrappedECPublicKey.java

@@ -13,6 +13,9 @@
 public class WrappedECPublicKey extends AbstractWrappedECKey<ECPublicKeyParameters> implements ECPublicKey
 {
 
+  /** serialVersionUID. */
+  private static final long serialVersionUID = -8218654577692012657L;
+
   /**
    * Creates a new instance that wraps the given key.
    *

src/main/java/org/cryptacular/adapter/WrappedRSAPrivateCrtKey.java

@@ -14,6 +14,9 @@ public class WrappedRSAPrivateCrtKey extends AbstractWrappedRSAKey<RSAPrivateCrt
   implements RSAPrivateCrtKey
 {
 
+  /** serialVersionUID. */
+  private static final long serialVersionUID = 99555083744578278L;
+
   /**
    * Creates a new instance that wraps the given BC RSA private key.
    *

src/main/java/org/cryptacular/adapter/WrappedRSAPublicKey.java

@@ -13,6 +13,9 @@
 public class WrappedRSAPublicKey extends AbstractWrappedRSAKey<RSAKeyParameters> implements RSAPublicKey
 {
 
+  /** serialVersionUID. */
+  private static final long serialVersionUID = -5733201361124222309L;
+
   /**
    * Creates a new instance that wraps the given key.
    *

src/main/java/org/cryptacular/asn/PKCS8PrivateKeyDecoder.java

@@ -45,8 +45,8 @@ protected byte[] decryptKey(final byte[] encrypted, final char[] password)
   @Override
   protected AsymmetricKeyParameter decodeASN1(final byte[] encoded)
   {
-    try {
-      return PrivateKeyFactory.createKey(new ASN1InputStream(encoded).readObject().getEncoded());
+    try (ASN1InputStream is = new ASN1InputStream(encoded)) {
+      return PrivateKeyFactory.createKey(is.readObject().getEncoded());
     } catch (IOException e) {
       throw new EncodingException("ASN.1 decoding error", e);
     }

src/main/java/org/cryptacular/asn/PublicKeyDecoder.java

@@ -23,7 +23,9 @@ public AsymmetricKeyParameter decode(final byte[] encoded, final Object... args)
       if (PemUtil.isPem(encoded)) {
         return PublicKeyFactory.createKey(PemUtil.decode(encoded));
       }
-      return PublicKeyFactory.createKey(new ASN1InputStream(encoded).readObject().getEncoded());
+      try (ASN1InputStream is = new ASN1InputStream(encoded)) {
+        return PublicKeyFactory.createKey(is.readObject().getEncoded());
+      }
     } catch (IOException e) {
       throw new EncodingException("ASN.1 decoding error", e);
     }

src/main/java/org/cryptacular/bean/BCryptHashBean.java

@@ -311,15 +311,7 @@ public byte[] getHash()
      */
     public String encode()
     {
-      return new StringBuilder(60)
-          .append('$')
-          .append(version)
-          .append('$')
-          .append(cost)
-          .append('$')
-          .append(BCryptHashBean.encode(salt, 16))
-          .append(BCryptHashBean.encode(hash, 23))
-          .toString();
+      return '$' + version + '$' + cost + '$' + BCryptHashBean.encode(salt, 16) + BCryptHashBean.encode(hash, 23);
     }
 
 
@@ -332,15 +324,7 @@ public String encode()
      */
     public String encode(final String hash)
     {
-      return new StringBuilder(60)
-          .append('$')
-          .append(version)
-          .append('$')
-          .append(cost)
-          .append('$')
-          .append(BCryptHashBean.encode(salt, 16))
-          .append(hash)
-          .toString();
+      return '$' + version + '$' + cost + '$' + BCryptHashBean.encode(salt, 16) + hash;
     }
   }
 }

src/main/java/org/cryptacular/codec/AbstractBaseNDecoder.java

@@ -118,7 +118,7 @@ protected static byte[] decodingTable(final String alphabet, final int n)
     }
     final byte[] decodingTable = new byte[128];
     for (int i = 0; i < n; i++) {
-      decodingTable[(int) alphabet.charAt(i)] = (byte) i;
+      decodingTable[alphabet.charAt(i)] = (byte) i;
     }
     return decodingTable;
   }

src/main/java/org/cryptacular/generator/AESP12Generator.java

@@ -4,6 +4,7 @@
 import java.io.OutputStream;
 import java.security.SecureRandom;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -35,13 +36,14 @@
 public class AESP12Generator extends AbstractP12Generator
 {
   /** Set of supported digest algorithms. */
-  public static final Set<ASN1ObjectIdentifier> SUPPORTED_DIGEST_ALGORITHMS = new HashSet<>(Arrays.asList(
-    NISTObjectIdentifiers.id_sha256,
-    NISTObjectIdentifiers.id_sha512,
-    NISTObjectIdentifiers.id_sha3_256,
-    NISTObjectIdentifiers.id_sha3_384,
-    NISTObjectIdentifiers.id_sha3_512
-  ));
+  public static final Set<ASN1ObjectIdentifier> SUPPORTED_DIGEST_ALGORITHMS = Collections.unmodifiableSet(
+    new HashSet<>(Arrays.asList(
+      NISTObjectIdentifiers.id_sha256,
+      NISTObjectIdentifiers.id_sha512,
+      NISTObjectIdentifiers.id_sha3_256,
+      NISTObjectIdentifiers.id_sha3_384,
+      NISTObjectIdentifiers.id_sha3_512
+    )));
 
   /** Map of digest algorithm identifiers to digest specifications. */
   private static final Map<ASN1ObjectIdentifier, DigestSpec> DIGEST_ID_TO_DIGEST_SPEC_MAP = new HashMap<>();

src/main/java/org/cryptacular/generator/KeyPairGenerator.java

@@ -36,7 +36,7 @@ public static KeyPair generateDSA(final SecureRandom random, final int bitLength
 
 
   /**
-   * Generates a RSA key pair.
+   * Generates an RSA key pair.
    *
    * @param  random  Random source required for key generation.
    * @param  bitLength  Desired key size in bits.
@@ -53,7 +53,7 @@ public static KeyPair generateRSA(final SecureRandom random, final int bitLength
 
 
   /**
-   * Generates a EC key pair.
+   * Generates an EC key pair.
    *
    * @param  random  Random source required for key generation.
    * @param  bitLength  Desired key size in bits.
@@ -70,7 +70,7 @@ public static KeyPair generateEC(final SecureRandom random, final int bitLength)
 
 
   /**
-   * Generates a EC key pair.
+   * Generates an EC key pair.
    *
    * @param  random  Random source required for key generation.
    * @param  namedCurve  Well-known elliptic curve name that includes domain parameters including key size.

src/main/java/org/cryptacular/generator/LimitException.java

@@ -11,7 +11,7 @@ public class LimitException extends RuntimeException
 {
 
   /**
-   * Creates a new instance with the given error description..
+   * Creates a new instance with the given error description.
    *
    * @param  message  Error message.
    */

src/main/java/org/cryptacular/generator/SecretKeyGenerator.java

@@ -24,7 +24,7 @@ private SecretKeyGenerator() {}
   /**
    * Generates a symmetric encryption key whose size is equal to the cipher block size.
    *
-   * @param  cipher  Cipher with with key will be used.
+   * @param  cipher  Cipher with key will be used.
    *
    * @return  Symmetric encryption key.
    */
@@ -38,7 +38,7 @@ public static SecretKey generate(final BlockCipher cipher)
    * Generates a symmetric encryption key of the given length.
    *
    * @param  bitLength  Desired key length in bits.
-   * @param  cipher  Cipher with with key will be used.
+   * @param  cipher  Cipher with key will be used.
    *
    * @return  Symmetric encryption key.
    */
@@ -54,7 +54,7 @@ public static SecretKey generate(final int bitLength, final BlockCipher cipher)
    * Generates a symmetric encryption key of the given length.
    *
    * @param  bitLength  Desired key length in bits.
-   * @param  cipher  Cipher with with key will be used.
+   * @param  cipher  Cipher with key will be used.
    * @param  random  Randomness provider for key generation.
    *
    * @return  Symmetric encryption key.

src/main/java/org/cryptacular/io/FileResource.java

@@ -17,7 +17,7 @@ public class FileResource implements Resource
 {
 
   /** Underlying file resource. */
-  private File file;
+  private final File file;
 
 
   /**

src/main/java/org/cryptacular/io/URLResource.java

@@ -14,7 +14,7 @@ public class URLResource implements Resource
 {
 
   /** Location of resource. */
-  private URL url;
+  private final URL url;
 
 
   /**

src/main/java/org/cryptacular/spec/AEADBlockCipherSpec.java

@@ -23,7 +23,7 @@ public class AEADBlockCipherSpec implements Spec<AEADBlockCipher>
   /** String specification format, <code>algorithm/mode</code>. */
   public static final Pattern FORMAT = Pattern.compile("(?<alg>[A-Za-z0-9_-]+)/(?<mode>\\w+)");
 
-  /** Cipher algorithm algorithm. */
+  /** Cipher algorithm. */
   private final String algorithm;
 
   /** Cipher mode, e.g. GCM, CCM. */

src/main/java/org/cryptacular/spec/BlockCipherSpec.java

@@ -29,7 +29,7 @@
 public class BlockCipherSpec implements Spec<BlockCipher>
 {
 
-  /** Cipher algorithm algorithm. */
+  /** Cipher algorithm. */
   private final String algorithm;
 
 

src/main/java/org/cryptacular/spec/BufferedBlockCipherSpec.java

@@ -1,6 +1,7 @@
 /* See LICENSE for licensing and NOTICE for copyright. */
 package org.cryptacular.spec;
 
+import java.io.Serializable;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.bouncycastle.crypto.BlockCipher;
@@ -24,13 +25,16 @@
  * @author  Middleware Services
  * @version  $Revision: 2744 $
  */
-public class BufferedBlockCipherSpec implements Spec<BufferedBlockCipher>
+public class BufferedBlockCipherSpec implements Spec<BufferedBlockCipher>, Serializable
 {
 
   /** String specification format, <code>algorithm/mode/padding</code>. */
   public static final Pattern FORMAT = Pattern.compile("(?<alg>[A-Za-z0-9_-]+)/(?<mode>\\w+)/(?<padding>\\w+)");
 
-  /** Cipher algorithm algorithm. */
+  /** serialVersionUID. */
+  private static final long serialVersionUID = 2900237827716742605L;
+
+  /** Cipher algorithm. */
   private final String algorithm;
 
   /** Cipher mode, e.g. CBC, OFB. */
@@ -179,7 +183,7 @@ public static BufferedBlockCipherSpec parse(final String specification)
 
 
   /**
-   * Gets a instance of block cipher padding from a padding name string.
+   * Gets an instance of block cipher padding from a padding name string.
    *
    * @param  padding  Name of padding algorithm.
    *
@@ -196,7 +200,7 @@ private static BlockCipherPadding getPadding(final String padding)
     }
 
     final BlockCipherPadding blockCipherPadding;
-    if ("ISO7816d4".equalsIgnoreCase(name) | "ISO7816".equalsIgnoreCase(name)) {
+    if ("ISO7816d4".equalsIgnoreCase(name) || "ISO7816".equalsIgnoreCase(name)) {
       blockCipherPadding = new ISO7816d4Padding();
     } else if ("ISO10126".equalsIgnoreCase(name) || "ISO10126-2".equalsIgnoreCase(name)) {
       blockCipherPadding = new ISO10126d2Padding();