Use Guava libraries to compute token value hash

2023-07-13 22:47:07 +02:00 · 2023-07-13 22:47:07 +02:00 · 8cbb974e09
parent 2fad5cf2b6
commit 8cbb974e09
3 changed files with 21 additions and 32 deletions
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@ -277,17 +277,17 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	}

 	/**
-     * @return the tokenValueHash
-     */
-    @Basic
-    @Column(name="token_value_hash")
-    public String getTokenValueHash() {
-        return tokenValueHash;
-    }
+	 * @return the tokenValueHash
+	 */
+	@Basic
+	@Column(name = "token_value_hash")
+	public String getTokenValueHash() {
+		return tokenValueHash;
+	}

-    public void setTokenValueHash(String hash) {
-        this.tokenValueHash = hash;
-    }
+	public void setTokenValueHash(String hash) {
+		this.tokenValueHash = hash;
+	}

 	@Override
 	@Transient
--- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@ -7,7 +7,7 @@ CREATE TABLE IF NOT EXISTS access_token (
 	token_value VARCHAR(4096),
 	expiration TIMESTAMP NULL,
 	token_type VARCHAR(256),
-	token_value_hash CHAR(64) AS (SHA2(token_value, 256)),
+	token_value_hash CHAR(64),
 	refresh_token_id BIGINT,
 	client_id BIGINT,
 	auth_holder_id BIGINT,
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@ -18,8 +18,6 @@
 package org.mitre.oauth2.repository.impl;

 import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Date;
@ -47,10 +45,10 @@ import org.mitre.uma.model.ResourceSet;
 import org.mitre.util.jpa.JpaUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.crypto.codec.Hex;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;

+import com.google.common.hash.Hashing;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;

@ -81,27 +79,18 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 		return new LinkedHashSet<>(query.getResultList());
 	}

-
 	@Override
 	public OAuth2AccessTokenEntity getAccessTokenByValue(
 			String accessTokenValue) {
-		MessageDigest md;
-		try {
-			md = MessageDigest.getInstance("SHA-256");
-			byte[] hash = md
-				.digest(accessTokenValue.getBytes(StandardCharsets.UTF_8));
-			String atHash = new String(Hex.encode(hash));
-			TypedQuery<OAuth2AccessTokenEntity> query =
-					manager.createNamedQuery(
-							OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
-							OAuth2AccessTokenEntity.class);
-			query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
-					atHash);
-			return JpaUtil.getSingleResult(query.getResultList());
-		} catch (NoSuchAlgorithmException e) {
-			e.printStackTrace();
-			return null;
-		}
+		String atHashed = Hashing.sha256()
+			.hashString(accessTokenValue, StandardCharsets.UTF_8)
+			.toString();
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
+				OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
+				OAuth2AccessTokenEntity.class);
+		query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
+				atHashed);
+		return JpaUtil.getSingleResult(query.getResultList());
 	}

 	@Override