diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index ef453b4bc..276f9b61b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -28,7 +28,7 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.service.ApprovedSiteService; -import org.mitre.openid.connect.util.JWSUtils; +import org.mitre.openid.connect.util.IdTokenHashUtils; import org.mitre.openid.connect.web.AuthenticationTimeStamper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -157,7 +157,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer { Set responseTypes = OAuth2Utils.parseParameterList(responseType); if (responseTypes.contains("token")) { // calculate the token hash - Base64URL at_hash = JWSUtils.getAccessTokenHash(signingAlg, token); + Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, token); //TODO: What should happen if the hash cannot be calculated? idClaims.setClaim("at_hash", at_hash); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java similarity index 60% rename from openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java rename to openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java index 6eef8948f..de059334b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/IdTokenHashUtils.java @@ -1,3 +1,20 @@ +/******************************************************************************* + * Copyright 2013 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ + package org.mitre.openid.connect.util; import java.security.MessageDigest; @@ -12,14 +29,15 @@ import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.util.Base64URL; /** - * Utility class for JWS processing. + * Utility class for generating hashes for access tokens and authorization codes + * to be included in an ID Token. * * @author Amanda Anganes - * + * */ -public class JWSUtils { +public class IdTokenHashUtils { - private static Logger logger = LoggerFactory.getLogger(JWSUtils.class); + private static Logger logger = LoggerFactory.getLogger(IdTokenHashUtils.class); /** * Compute the SHA hash of an authorization code @@ -72,11 +90,11 @@ public class JWSUtils { hasher.reset(); hasher.update(bytes); - byte[] atHashBytes = hasher.digest(); - byte[] atHashBytesLeftHalf = Arrays.copyOf(atHashBytes, atHashBytes.length / 2); - Base64URL at_hash = Base64URL.encode(atHashBytesLeftHalf); + byte[] hashBytes = hasher.digest(); + byte[] hashBytesLeftHalf = Arrays.copyOf(hashBytes, hashBytes.length / 2); + Base64URL encodedHash = Base64URL.encode(hashBytesLeftHalf); - return at_hash; + return encodedHash; } catch (NoSuchAlgorithmException e) { diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java similarity index 90% rename from openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java rename to openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java index 61899aea9..a7dfc883a 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java @@ -38,7 +38,7 @@ import com.nimbusds.jwt.PlainJWT; * */ @RunWith(MockitoJUnitRunner.class) -public class TestJWSUtils { +public class TestIdTokenHashUtils { @Mock OAuth2AccessTokenEntity mockToken256; @@ -83,7 +83,7 @@ public class TestJWSUtils { String token = mockToken256.getJwt().serialize(); Base64URL expectedHash = new Base64URL("EP1gXNeESRH-n57baopfTQ"); - Base64URL resultHash = JWSUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256); + Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.HS256, mockToken256); assertEquals(expectedHash, resultHash); } @@ -100,7 +100,7 @@ public class TestJWSUtils { String token = mockToken384.getJwt().serialize(); Base64URL expectedHash = new Base64URL("BWfFK73PQI36M1rg9R6VjMyWOE0-XvBK"); - Base64URL resultHash = JWSUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384); + Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.ES384, mockToken384); assertEquals(expectedHash, resultHash); } @@ -117,7 +117,7 @@ public class TestJWSUtils { String token = mockToken512.getJwt().serialize(); Base64URL expectedHash = new Base64URL("vGH3QMY-knpACkLgzdkTqu3C9jtvbf2Wk_RSu2vAx8k"); - Base64URL resultHash = JWSUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512); + Base64URL resultHash = IdTokenHashUtils.getAccessTokenHash(JWSAlgorithm.RS512, mockToken512); assertEquals(expectedHash, resultHash); } @@ -129,7 +129,7 @@ public class TestJWSUtils { Base64URL expectedHash = new Base64URL("R5DCRi5eOjlvyTAJfry2dNM9adJ2ElpDEKYYByYU920"); // independently generated - Base64URL resultHash = JWSUtils.getCodeHash(JWSAlgorithm.ES512, testCode); + Base64URL resultHash = IdTokenHashUtils.getCodeHash(JWSAlgorithm.ES512, testCode); assertEquals(expectedHash, resultHash); }