Removed duplicate line

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,6 @@
+*Issue #, if available:*
+
+*Description of changes:*
+
+
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

CHANGES.txt

@@ -1,6 +1,58 @@
-Version 3.3.2 - March 2018
+Version 3.7.1 - July 2022
+- Fixed security vulnerabilities in dependencies.
+
+Version 3.7.0 - March 2021
+- Fixed following two security risks :
+1. Deprecated setSecretKey(String) method & enabled setSecretKey(char[]) in Config & PayConfig
+2. Buyer Access token is passed as HTTP header instead of query parameter in URL for GetUserInfo API
+- Note: Consumers of previous SDK versions strongly recommended to update data type of secret key from string to char[] as of this SDK Version 3.7.0. Please check the link : https://www.techiedelight.com/why-character-array-preferred-over-string-storing-passwords/ to know why char array is preferred over string for string. 
+
+Version 3.6.5 - January 2021
+- Added additional attribute (expectImmediateAuthorization) to ConfirmOrderReference. This value can be set to true or false (Boolean). See Amazon Pay Strong Customer Authentication (SCA) Upgrade Integration Guide for more information.
+
+Version 3.6.4 - September 2020
+- getPaymentDetails was throwing NPE instead of AmazonServiceException in certain situations
+- Remediate weakly configured XML processor in PayLogUtil class
+
+Version 3.6.3 - February 2020
+- Fix Refund operation so that the ProviderCreditList is handled properly
+- Add ProviderCreditList support to the AuthorizeOnBillingAgreement operation
+
+Version 3.6.2 - August 2019
+- Fix SetBillingAgreementDetails NPE for US and JP regions
+
+Version 3.6.1 - August 2019
+- Strong Customer Authentication (SCA) implementation bug fix
+
+Version 3.6.0 - August 2019
+- Added additional attributes (successUrl, failureUrl) to ConfirmBillingAgreement and (subscriptionAmount, billingAgreementType) to SetBillingAgreement Details
+  See Amazon Pay Strong Customer Authentication (SCA) Upgrade Integration Guide for more information
+
+Version 3.5.1 - May 2019
+- PaymentAuthenticationStatus getter added for GetOrderReferenceDetails, SetOrderReferenceDetails, and SetOrderAttributes API calls
+- StaticToken getter added for GetOrderReferenceDetails
+
+Version 3.5.0 - February 2019
+- ConfirmOrderReference API has four new request parameters:
+      SuccessUrl, FailureUrl, AuthorizationAmount, and AuthorizationCurrencyCode
+  For usage instructions, please consult the
+  Amazon Pay Strong Customer Authentication (SCA) Upgrade Integration Guide
+
+Version 3.4.1 - October 2018
+- Updated XMLInputFactory.newFactory() to XMLInputFactory.newInstance() in generateErrorException method (now consistent with 3.0.1 release).
+- Add parameter SupplementaryData to SetOrderAttributes and SetOrderReferenceDetails API calls.  Only use this field at the specific direction of Amazon Pay.
+- Force InputStreamReader to use UTF-8 encoding for request responses, overriding any local environment setting.
+- ErrorResponse object collects both "RequestID" (returned from Throttled calls) and "RequestId" (everywhere else) in the XML instead so that it is accessible via getRequestId().
+- AuthorizeOnBillingAgreement can now properly set the sellerNote and platformId fields
+
+Version 3.4.0 - April 2018
+- Add support for GetMerchantAccountStatus API
+- Solution Providers can now override the Seller ID on a per-request basis instead of having to instantiate a new Client object for each request.
+- Fixed pay.amazon.com links to online API documentaton in Client.java
+
+Version 3.3.5 - March 2018
 - Maven Central Release
-- Documentation changes to satisfy Maven central release
+- JavaDoc changes to satisfy Maven central release
 
 Version 3.3.1 - January 2018
 - Fix the SDK version number in all files

CODE_OF_CONDUCT.md

@@ -0,0 +1,4 @@
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
+opensource-codeofconduct@amazon.com with any additional questions or comments.

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing Guidelines
+
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 
+documentation, we greatly value feedback and contributions from our community.
+
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 
+information to effectively respond to your bug report or contribution.
+
+
+## Reporting Bugs/Feature Requests
+
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
+
+When filing an issue, please check [existing open](https://github.com/amzn/amazon-pay-sdk-java/issues), or [recently closed](https://github.com/amzn/amazon-pay-sdk-java/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already 
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
+
+
+## Contributing via Pull Requests
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+
+1. You are working against the latest source on the *master* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+
+To send us a pull request, please:
+
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+
+
+## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/amzn/amazon-pay-sdk-java/labels/help%20wanted) issues is a great place to start. 
+
+
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
+opensource-codeofconduct@amazon.com with any additional questions or comments.
+
+
+## Security issue notifications
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+
+
+## Licensing
+
+See the [LICENSE](https://github.com/amzn/amazon-pay-sdk-java/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+
+We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

README.md

@@ -1,5 +1,6 @@
-[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.amazon.pay/amazon-pay-java-sdk/badge.svg)]
-(https://maven-badges.herokuapp.com/maven-central/com.amazon.pay/amazon-pay-java-sdk)
+[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.amazon.pay/amazon-pay-java-sdk/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.amazon.pay/amazon-pay-java-sdk)
+
+> **Important:** This SDK has been deprecated. Amazon Pay will continue to support this version but it will not be updated with new features. New integrations should use [Amazon Pay API SDK (Java)](https://github.com/amzn/amazon-pay-api-sdk-java) & refer this [documentation](https://developer.amazon.com/docs/amazon-pay/intro.html) for more details.
 
 ### Amazon Pay Java SDK
 
@@ -9,7 +10,7 @@
 * Java 1.6 or higher *(including JCE Java Cryptography Extension)*
 * Apache Commons Logging 1.2 *(or JCL-over-SLF4J drop in replacement)*
 * Apache Commons Codec 1.10
-* Google Gson 2.2.2 or higher *(for GetUserInfo and IPN handling only)*
+* Google Gson 2.8.9 or higher *(for GetUserInfo and IPN handling only)*
 
 Amazon Pay API Integration
 
@@ -26,7 +27,7 @@ import com.amazon.pay.impl.PayConfig;
 ```java
 String merchantId = "YOUR_MERCHANT_ID";
 String accessKey = "YOUR_ACCESS_KEY";
-String secretKey = "YOUR_SECRET_Key";
+char[] secretKey = getSecretKey() // Replace with your implementation
 
 Config config = new PayConfig()
                 .withSellerId(merchantId)
@@ -420,7 +421,7 @@ XMLGregorianCalendar endTime =
 ListOrderReferenceRequest listOrderReferenceRequest =
         new ListOrderReferenceRequest("YOUR_SELLER_ORDER_ID", "SellerOrderId");
 // optional parameters
-listOrderReferenceRequest.setMwsAuthToken("YOUR_MWS_AUTH_TOKEN");
+listOrderReferenceRequest.setMWSAuthToken("YOUR_MWS_AUTH_TOKEN");
 listOrderReferenceRequest.setStartTime(startTime);
 listOrderReferenceRequest.setEndTime(endTime);
 listOrderReferenceRequest.setPageSize(5);
@@ -436,8 +437,42 @@ This API returns a list of the continued orders from the previous call (ListOrde
 ```java
 ListOrderReferenceByNextTokenRequest listOrderReferenceByNextTokenRequest = new ListOrderReferenceByNextTokenRequest(nextPageToken); //nextPageToken is derived from the ListOrderReference response explained above
 //optional parameters
-listOrderReferenceByNextTokenRequest.setMwsAuthToken("YOUR_MWS_AUTH_TOKEN");
+listOrderReferenceByNextTokenRequest.setMWSAuthToken("YOUR_MWS_AUTH_TOKEN");
 
 ListOrderReferenceByNextTokenResponseData response =
    client.listOrderReferenceByNextToken(listOrderReferenceByNextTokenRequest);
 ```
+
+### Get Merchant Account Status API
+The GetMerchantAccountStatus operation is used to query the status of a particular merchant account and to retrieve information if the account is active or inactive.
+
+```java
+import com.amazon.pay.response.model.AccountStatus;
+import com.amazon.pay.response.parser.GetMerchantAccountStatusResponseData;
+import com.amazon.pay.request.GetMerchantAccountStatusRequest;
+...
+
+// To check the status of your merchant account
+final GetMerchantAccountStatusResponseData response = client.getMerchantAccountStatus();
+final AccountStatus accountStatus = response.getAccountStatus();
+
+if (accountStatus.equals(AccountStatus.ACTIVE)) {
+    System.out.println("Merchant account is enabled");
+} else if (accountStatus.equals(AccountStatus.INACTIVE)) {
+    System.out.println("Merchant account is disabled");
+}
+
+// Or using MWS delegation to check on the status of another merchant account
+final GetMerchantAccountStatusRequest request = new GetMerchantAccountStatusRequest();
+request.setSellerId("REPLACE_WITH_OTHER_MERCHANT_ID");
+request.setMWSAuthToken("REPLACE_WITH_MWS_AUTH_TOKEN");
+
+final GetMerchantAccountStatusResponseData resp = client.getMerchantAccountStatus(request);
+final AccountStatus status = resp.getAccountStatus();
+
+if (status.equals(AccountStatus.ACTIVE)) {
+    System.out.println("Child merchant account is enabled");
+} else if (status.equals(AccountStatus.INACTIVE)) {
+    System.out.println("Child merchant account is disabled");
+}
+```

pom.xml

@@ -4,7 +4,7 @@
     <groupId>com.amazon.pay</groupId>
     <artifactId>amazon-pay-java-sdk</artifactId>
     <packaging>jar</packaging>
-    <version>3.3.2</version>
+    <version>3.7.1</version>
     <dependencies>
         <dependency>
             <groupId>commons-codec</groupId>
@@ -14,7 +14,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.2.2</version>
+            <version>2.8.9</version>
         </dependency>
         <dependency>
             <groupId>org.json</groupId>
@@ -42,77 +42,83 @@
     <distributionManagement>
         <snapshotRepository>
             <id>ossrh</id>
-            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+            <url>https://aws.oss.sonatype.org/content/repositories/snapshots</url>
         </snapshotRepository>
         <repository>
             <id>ossrh</id>
-            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+            <url>https://aws.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
         </repository>
     </distributionManagement>
     <parent>
         <groupId>org.sonatype.oss</groupId>
         <artifactId>oss-parent</artifactId>
         <version>7</version>
     </parent>
-    <profiles>
-    <profile>
-    <id>release</id>
     <build>
-        <directory>target</directory>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.6.0</version>
-                <configuration>
-                    <compilerVersion>1.6</compilerVersion>
-                    <source>1.6</source>
-                    <target>1.6</target>
-                    <encoding>UTF-8</encoding>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-source-plugin</artifactId>
-                <version>2.2.1</version>
-                <executions>
-                    <execution>
-                        <id>attach-sources</id>
-                        <goals>
-                            <goal>jar-no-fork</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.9.1</version>
-                <executions>
-                    <execution>
-                        <id>attach-javadocs</id>
-                        <goals>
-                            <goal>jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-gpg-plugin</artifactId>
-                <version>1.6</version>
-                <executions>
-                    <execution>
-                        <id>sign-artifacts</id>
-                        <phase>verify</phase>
-                        <goals>
-                            <goal>sign</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
+	<directory>target</directory>
+        <sourceDirectory>src</sourceDirectory>
+        <testSourceDirectory>tst</testSourceDirectory>
     </build>
-    </profile>
-</profiles>
+    <profiles>
+        <profile>
+            <id>release</id>
+            <build>
+                <plugins>
+                     <plugin>
+                         <groupId>org.apache.maven.plugins</groupId>
+                         <artifactId>maven-compiler-plugin</artifactId>
+                         <version>3.6.0</version>
+                         <configuration>
+                             <compilerVersion>1.6</compilerVersion>
+                             <source>1.6</source>
+                             <target>1.6</target>
+                             <encoding>UTF-8</encoding>
+                         </configuration>
+                     </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-source-plugin</artifactId>
+                        <version>2.2.1</version>
+                        <executions>
+                            <execution>
+                                <id>attach-sources</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>jar-no-fork</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-javadoc-plugin</artifactId>
+                        <version>2.9.1</version>
+                        <executions>
+                            <execution>
+                                <id>attach-javadocs</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>jar</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-gpg-plugin</artifactId>
+                        <version>1.6</version>
+                        <executions>
+                            <execution>
+                                <id>sign-artifacts</id>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>