From 521019fed800faad31eed88fda77ca963b4dbd83 Mon Sep 17 00:00:00 2001
From: Enrico Vianello <enrico.vianello@cnaf.infn.it>
Date: Wed, 26 Jul 2023 10:55:10 +0100
Subject: [PATCH] Use unencoded hash function and bump version to
 v1.3.6.cnaf.20230726

---
 openid-connect-client/pom.xml                                | 2 +-
 openid-connect-common/pom.xml                                | 2 +-
 .../java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java | 5 ++---
 openid-connect-server/pom.xml                                | 2 +-
 .../oauth2/repository/impl/JpaOAuth2TokenRepository.java     | 2 +-
 pom.xml                                                      | 2 +-
 6 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml
index 549f8b4ef..776e113ea 100644
--- a/openid-connect-client/pom.xml
+++ b/openid-connect-client/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.6.cnaf-20230725</version>
+		<version>1.3.6.cnaf-20230726</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>
diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml
index 2175b48be..c8a4b2b84 100644
--- a/openid-connect-common/pom.xml
+++ b/openid-connect-common/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.6.cnaf-20230725</version>
+		<version>1.3.6.cnaf-20230726</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-common</artifactId>
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 613acc2c8..841ffd863 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -20,7 +20,6 @@
  */
 package org.mitre.oauth2.model;
 
-import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -282,7 +281,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	 * @return the tokenValueHash
 	 */
 	@Basic
-	@Column(name = "token_value_hash")
+	@Column(name = "token_value_hash", length = 64)
 	public String getTokenValueHash() {
 		return tokenValueHash;
 	}
@@ -351,7 +350,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
   public void hashMe() {
     if (jwtValue != null) {
       this.tokenValueHash = Hashing.sha256()
-        .hashString(jwtValue.serialize(), StandardCharsets.UTF_8)
+        .hashUnencodedChars(jwtValue.serialize())
         .toString();
     }
   }
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
index ccd5b3a28..97d569fec 100644
--- a/openid-connect-server/pom.xml
+++ b/openid-connect-server/pom.xml
@@ -23,7 +23,7 @@
 	<parent>
 		<groupId>org.mitre</groupId>
 		<artifactId>openid-connect-parent</artifactId>
-		<version>1.3.6.cnaf-20230725</version>
+		<version>1.3.6.cnaf-20230726</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<build>
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index 6452bf4cf..60f763630 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -83,7 +83,7 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 	public OAuth2AccessTokenEntity getAccessTokenByValue(
 			String accessTokenValue) {
 		String atHashed = Hashing.sha256()
-			.hashString(accessTokenValue, StandardCharsets.UTF_8)
+			.hashUnencodedChars(accessTokenValue)
 			.toString();
 		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
 				OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
diff --git a/pom.xml b/pom.xml
index 15149b420..94a7a038e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mitre</groupId>
 	<artifactId>openid-connect-parent</artifactId>
-	<version>1.3.6.cnaf-20230725</version>
+	<version>1.3.6.cnaf-20230726</version>
 	<name>MITREid Connect</name>
 	<packaging>pom</packaging>
 	<parent>