diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 1d60fc872..3b38521c1 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -277,17 +277,17 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
}
/**
- * @return the tokenValueHash
- */
- @Basic
- @Column(name="token_value_hash")
- public String getTokenValueHash() {
- return tokenValueHash;
- }
+ * @return the tokenValueHash
+ */
+ @Basic
+ @Column(name = "token_value_hash")
+ public String getTokenValueHash() {
+ return tokenValueHash;
+ }
- public void setTokenValueHash(String hash) {
- this.tokenValueHash = hash;
- }
+ public void setTokenValueHash(String hash) {
+ this.tokenValueHash = hash;
+ }
@Override
@Transient
diff --git a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
index a3fba496d..cbdba5d9c 100644
--- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@@ -7,7 +7,7 @@ CREATE TABLE IF NOT EXISTS access_token (
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
token_type VARCHAR(256),
- token_value_hash CHAR(64) AS (SHA2(token_value, 256)),
+ token_value_hash CHAR(64),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index 72eca59ae..6452bf4cf 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -18,8 +18,6 @@
package org.mitre.oauth2.repository.impl;
import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
@@ -47,10 +45,10 @@ import org.mitre.uma.model.ResourceSet;
import org.mitre.util.jpa.JpaUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.crypto.codec.Hex;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
+import com.google.common.hash.Hashing;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
@@ -81,27 +79,18 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
return new LinkedHashSet<>(query.getResultList());
}
-
@Override
public OAuth2AccessTokenEntity getAccessTokenByValue(
String accessTokenValue) {
- MessageDigest md;
- try {
- md = MessageDigest.getInstance("SHA-256");
- byte[] hash = md
- .digest(accessTokenValue.getBytes(StandardCharsets.UTF_8));
- String atHash = new String(Hex.encode(hash));
- TypedQuery<OAuth2AccessTokenEntity> query =
- manager.createNamedQuery(
- OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
- OAuth2AccessTokenEntity.class);
- query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
- atHash);
- return JpaUtil.getSingleResult(query.getResultList());
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- return null;
- }
+ String atHashed = Hashing.sha256()
+ .hashString(accessTokenValue, StandardCharsets.UTF_8)
+ .toString();
+ TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
+ OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
+ OAuth2AccessTokenEntity.class);
+ query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
+ atHashed);
+ return JpaUtil.getSingleResult(query.getResultList());
}
@Override