Fix Charset to UTF-8 used by token value hash function (#11)

indigo-iam · Jan 24, 2024 · 1924382 · 1924382
1 parent 29ec962
commit 1924382
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 12 deletions.
diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.6.cnaf-20231129</version>
+		<version>1.3.6.cnaf-20240119</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>

diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.6.cnaf-20231129</version>
+		<version>1.3.6.cnaf-20240119</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-common</artifactId>

diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -20,6 +20,7 @@
  */
 package org.mitre.oauth2.model;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -349,9 +350,8 @@ public void setIdToken(JWT idToken) {
 
   public void hashMe() {
     if (jwtValue != null) {
-      this.tokenValueHash = Hashing.sha256()
-        .hashUnencodedChars(jwtValue.serialize())
-        .toString();
+      this.tokenValueHash =
+          Hashing.sha256().hashString(jwtValue.serialize(), StandardCharsets.UTF_8).toString();
     }
   }
 }
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
@@ -23,7 +23,7 @@
 	<parent>
 		<groupId>org.mitre</groupId>
 		<artifactId>openid-connect-parent</artifactId>
-		<version>1.3.6.cnaf-20231129</version>
+		<version>1.3.6.cnaf-20240119</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<build>

diff --git a/...nnect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/...nnect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -80,11 +80,9 @@ public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens() {
 	}
 
 	@Override
-	public OAuth2AccessTokenEntity getAccessTokenByValue(
-			String accessTokenValue) {
-		String atHashed = Hashing.sha256()
-			.hashUnencodedChars(accessTokenValue)
-			.toString();
+	public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
+	    String atHashed =
+	        Hashing.sha256().hashString(accessTokenValue, StandardCharsets.UTF_8).toString();
 		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
 				OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
 				OAuth2AccessTokenEntity.class);

diff --git a/pom.xml b/pom.xml
@@ -20,7 +20,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mitre</groupId>
 	<artifactId>openid-connect-parent</artifactId>
-	<version>1.3.6.cnaf-20231129</version>
+	<version>1.3.6.cnaf-20240119</version>
 	<name>MITREid Connect</name>
 	<packaging>pom</packaging>
 	<parent>