URL safr base64 encoding

OpenConext · Jun 30, 2024 · 4fee3e2 · 4fee3e2
1 parent ef2c366
commit 4fee3e2
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 11 deletions.
diff --git a/server/src/main/java/access/api/InvitationController.java b/server/src/main/java/access/api/InvitationController.java
@@ -113,7 +113,7 @@ public ResponseEntity<Map<String, Integer>> newInvitation(@Validated @RequestBod
                 .filter(emailFormatValidator::isValid)
                 .map(invitee -> new Invitation(
                         intendedAuthority,
-                        HashGenerator.generateHash(),
+                        HashGenerator.generateRandomHash(),
                         invitee,
                         invitationRequest.isEnforceEmailEquality(),
                         invitationRequest.isEduIDOnly(),

diff --git a/server/src/main/java/access/config/HashGenerator.java b/server/src/main/java/access/config/HashGenerator.java
@@ -1,33 +1,33 @@
 package access.config;
+
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.Random;
 
 public class HashGenerator {
 
     private static final Random secureRandom = new SecureRandom();
+    public static final DigestUtils digestUtils = new DigestUtils("SHA3-256");
 
     private HashGenerator() {
     }
 
-    public static String generateHash() {
+    public static String generateRandomHash() {
         byte[] aesKey = new byte[128];
         secureRandom.nextBytes(aesKey);
-        String base64 = Base64.getEncoder().encodeToString(aesKey);
-        return URLEncoder.encode(base64, StandardCharsets.UTF_8).replaceAll("%", "");
+        //Avoid decoding / encoding as URL parameter problems
+        return Base64.getUrlEncoder().withoutPadding().encodeToString(aesKey);
     }
 
     public static String generateToken() {
         return RandomStringUtils.random(36, true, true);
     }
 
     public static String hashToken(String token) {
-        return new DigestUtils("SHA3-256").digestAsHex(token);
+        return digestUtils.digestAsHex(token);
     }
 
 }
diff --git a/server/src/test/java/access/config/HashGeneratorTest.java b/server/src/test/java/access/config/HashGeneratorTest.java
@@ -2,15 +2,21 @@
 
 import org.junit.jupiter.api.Test;
 
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.nio.charset.Charset;
+
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
 class HashGeneratorTest {
 
     @Test
-    void generateHash() {
-        String hash = HashGenerator.generateHash();
-        assertTrue(hash.length() > 172);
+    void generateRandomHash() {
+        String hash = HashGenerator.generateRandomHash();
+        assertEquals(171, hash.length());
+        String encoded = URLEncoder.encode(hash, Charset.defaultCharset());
+        String decoded = URLDecoder.decode(encoded, Charset.defaultCharset());
+        assertEquals(encoded, decoded);
     }
 
     @Test