Use Guava libraries to compute token value hash

2023-07-13 22:47:07 +02:00 · 2023-07-13 22:47:07 +02:00 · 8cbb974e09
parent 2fad5cf2b6
commit 8cbb974e09
3 changed files with 21 additions and 32 deletions
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@ -277,17 +277,17 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	}
 	/**
-     * @return the tokenValueHash
+	 * @return the tokenValueHash
-     */
+	 */
-    @Basic
+	@Basic
-    @Column(name="token_value_hash")
+	@Column(name = "token_value_hash")
-    public String getTokenValueHash() {
+	public String getTokenValueHash() {
-        return tokenValueHash;
+		return tokenValueHash;
-    }
+	}
-    public void setTokenValueHash(String hash) {
+	public void setTokenValueHash(String hash) {
-        this.tokenValueHash = hash;
+		this.tokenValueHash = hash;
-    }
+	}
 	@Override
 	@Transient
--- a/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
+++ b/openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
@ -7,7 +7,7 @@ CREATE TABLE IF NOT EXISTS access_token (
 	token_value VARCHAR(4096),
 	expiration TIMESTAMP NULL,
 	token_type VARCHAR(256),
-	token_value_hash CHAR(64) AS (SHA2(token_value, 256)),
+	token_value_hash CHAR(64),
 	refresh_token_id BIGINT,
 	client_id BIGINT,
 	auth_holder_id BIGINT,
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@ -18,8 +18,6 @@
 package org.mitre.oauth2.repository.impl;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Date;
@ -47,10 +45,10 @@ import org.mitre.uma.model.ResourceSet;
 import org.mitre.util.jpa.JpaUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.crypto.codec.Hex;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 import com.google.common.hash.Hashing;
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTParser;
@ -81,27 +79,18 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 		return new LinkedHashSet<>(query.getResultList());
 	}
 	@Override
 	public OAuth2AccessTokenEntity getAccessTokenByValue(
 			String accessTokenValue) {
-		MessageDigest md;
+		String atHashed = Hashing.sha256()
-		try {
+			.hashString(accessTokenValue, StandardCharsets.UTF_8)
-			md = MessageDigest.getInstance("SHA-256");
+			.toString();
-			byte[] hash = md
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
-				.digest(accessTokenValue.getBytes(StandardCharsets.UTF_8));
+				OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
-			String atHash = new String(Hex.encode(hash));
+				OAuth2AccessTokenEntity.class);
-			TypedQuery<OAuth2AccessTokenEntity> query =
+		query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
-					manager.createNamedQuery(
+				atHashed);
-							OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
+		return JpaUtil.getSingleResult(query.getResultList());
 							OAuth2AccessTokenEntity.class);
 			query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE_HASH,
 					atHash);
 			return JpaUtil.getSingleResult(query.getResultList());
 		} catch (NoSuchAlgorithmException e) {
 			e.printStackTrace();
 			return null;
 		}
 	}
 	@Override