revert: remove bounded response reader, strip internal codes, fix version

- Remove BoundedResponseReader and ResponseTooLargeException (not needed;
  Safeguard appliances are closed hardened systems)
- Revert Utils.getResponse and PkceAuthenticator to use EntityUtils
- Remove mockwebserver test dependency and response size cap test
- Remove handleDisconnect Phase-2 reconnect comment
- Strip internal finding IDs from test Javadoc
- Version 8.2.1-SNAPSHOT (patch bump, not minor)

Author: petrsnd

pipeline-templates/global-variables.yml

@@ -1,6 +1,6 @@
 variables:
   - name: semanticVersion
-    value: '8.3.0'
+    value: '8.2.1'
   - name: isTagBuild
     value: ${{ startsWith(variables['Build.SourceBranch'], 'refs/tags/') }}
   - name: isPrerelease

pom.xml

@@ -13,7 +13,7 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <revision>8.3.0-SNAPSHOT</revision>
+        <revision>8.2.1-SNAPSHOT</revision>
         <gpgkeyname>keyname</gpgkeyname>
     </properties>
 
@@ -74,12 +74,6 @@
             <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>com.squareup.okhttp3</groupId>
-            <artifactId>mockwebserver</artifactId>
-            <version>4.12.0</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
 

src/main/java/com/oneidentity/safeguard/safeguardjava/Utils.java

@@ -2,9 +2,6 @@
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.oneidentity.safeguard.safeguardjava.exceptions.ResponseTooLargeException;
-import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
-import com.oneidentity.safeguard.safeguardjava.restclient.BoundedResponseReader;
 import java.io.IOException;
 import java.security.Provider;
 import java.security.Security;
@@ -13,7 +10,9 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.ParseException;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
 
 public class Utils {
 
@@ -49,30 +48,13 @@ public static Map<String, String> parseResponse(String response) {
         return map;
     }
 
-    /**
-     * Read the response body as a String, capped at
-     * {@link BoundedResponseReader#DEFAULT_MAX_BYTES} (10 MB).
-     *
-     * <p>The cap defends against a misbehaving or malicious appliance
-     * advertising a huge Content-Length or sending an unbounded chunked
-     * stream that would otherwise OOM the client.
-     *
-     * @throws SafeguardForJavaException if the body exceeds the cap
-     *         (as {@link ResponseTooLargeException}). I/O errors during
-     *         body read are swallowed for backwards compatibility, matching
-     *         the prior behaviour of this helper.
-     */
-    public static String getResponse(CloseableHttpResponse response) throws SafeguardForJavaException {
+    public static String getResponse(CloseableHttpResponse response) {
         HttpEntity entity = response.getEntity();
         if (entity != null) {
             try {
-                String body = BoundedResponseReader.readBodyAsString(entity);
-                return body != null ? body : "";
-            } catch (ResponseTooLargeException ex) {
-                throw ex;
-            } catch (IOException ex) {
-                logger.warn("Failed to read response body", ex);
-            }
+                return EntityUtils.toString(response.getEntity());
+
+            } catch (IOException | ParseException ex) {}
         }
         return "";
     }

src/main/java/com/oneidentity/safeguard/safeguardjava/authentication/PkceAuthenticator.java

@@ -6,9 +6,7 @@
 import com.oneidentity.safeguard.safeguardjava.Utils;
 import com.oneidentity.safeguard.safeguardjava.exceptions.ArgumentException;
 import com.oneidentity.safeguard.safeguardjava.exceptions.ObjectDisposedException;
-import com.oneidentity.safeguard.safeguardjava.exceptions.ResponseTooLargeException;
 import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
-import com.oneidentity.safeguard.safeguardjava.restclient.BoundedResponseReader;
 import com.oneidentity.safeguard.safeguardjava.restclient.RestClient;
 import java.io.IOException;
 import java.net.URLEncoder;
@@ -32,8 +30,10 @@
 import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
 import org.apache.hc.core5.http.ContentType;
 import org.apache.hc.core5.http.HttpHeaders;
+import org.apache.hc.core5.http.ParseException;
 import org.apache.hc.core5.http.config.Registry;
 import org.apache.hc.core5.http.config.RegistryBuilder;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
 import org.apache.hc.core5.http.io.entity.StringEntity;
 
 /**
@@ -349,10 +349,7 @@ private String rstsFormPost(CloseableHttpClient httpClient, String url, String f
             CloseableHttpResponse response = httpClient.execute(post);
             String body = "";
             if (response.getEntity() != null) {
-                body = BoundedResponseReader.readBodyAsString(response.getEntity());
-                if (body == null) {
-                    body = "";
-                }
+                body = EntityUtils.toString(response.getEntity());
             }
 
             int statusCode = response.getCode();
@@ -366,7 +363,7 @@ private String rstsFormPost(CloseableHttpClient httpClient, String url, String f
             return body;
         } catch (SafeguardForJavaException e) {
             throw e;
-        } catch (IOException e) {
+        } catch (ParseException | IOException e) {
             throw new SafeguardForJavaException("Failed to communicate with rSTS login controller", e);
         }
     }

src/main/java/com/oneidentity/safeguard/safeguardjava/event/SafeguardEventListener.java

@@ -288,24 +288,6 @@ private void handleEvent(JsonElement eventObject) {
         eventHandlerRegistry.handleEvent(eventObject);
     }
 
-    /**
-     * Handle a SignalR disconnect.
-     *
-     * <p><b>Reconnect design note (security review FP-SafeguardJava-005, audit):</b>
-     * Unlike the sibling SafeguardDotNet event listener, this Java implementation
-     * has no native reconnect loop. On disconnect we delegate to
-     * {@code disconnectHandler.func()}; the {@link DefaultDisconnectHandler}
-     * raises {@link SafeguardEventListenerDisconnectedException} so the caller
-     * picks the reconnect strategy (immediate retry, exponential backoff, give
-     * up, etc.). This is a deliberate, valid distinct design — there is no
-     * uncapped tight-loop reconnect to harden — but it does mean the SDK does
-     * not enforce a jittered exponential backoff on the caller's behalf.
-     * When Phase 2 introduces a default backoff helper, mirror the algorithm
-     * from the sibling SafeguardDotNet SDK at
-     * {@code SafeguardDotNet/Event/ReconnectBackoff.cs}: exponential delay
-     * {@code min(60s, 2^n × 1s)} with ±25% jitter, reset on successful
-     * reconnect.
-     */
     private void handleDisconnect() throws SafeguardEventListenerDisconnectedException {
         if(!this.isStarted()) {
             return;

src/main/java/com/oneidentity/safeguard/safeguardjava/exceptions/ResponseTooLargeException.java

@@ -7,7 +7,7 @@
 import org.junit.Test;
 
 /**
- * Regression test for FP-SafeguardJava-001 (W2 — TLS version pinning).
+ * Regression test: TLS version pinning.
  *
  * <p>Mirror of {@code RestClientSSLContextTest} for the SignalR event
  * listener path: ensures the listener's HTTP client builder is wired with