From 19243821ed0c9595b1b0e328bcd7bcdda708a765 Mon Sep 17 00:00:00 2001
From: Federica Agostini <federica.agostini@cnaf.infn.it>
Date: Wed, 24 Jan 2024 12:05:23 +0100
Subject: [PATCH] Fix Charset to UTF-8 used by token value hash function (#11)

---
 openid-connect-client/pom.xml                             | 2 +-
 openid-connect-common/pom.xml                             | 2 +-
 .../org/mitre/oauth2/model/OAuth2AccessTokenEntity.java   | 6 +++---
 openid-connect-server/pom.xml                             | 2 +-
 .../oauth2/repository/impl/JpaOAuth2TokenRepository.java  | 8 +++-----
 pom.xml                                                   | 2 +-
 6 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/openid-connect-client/pom.xml b/openid-connect-client/pom.xml
index 309c9e495..00847ec2e 100644
--- a/openid-connect-client/pom.xml
+++ b/openid-connect-client/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.6.cnaf-20231129</version>
+		<version>1.3.6.cnaf-20240119</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-client</artifactId>
diff --git a/openid-connect-common/pom.xml b/openid-connect-common/pom.xml
index 836dc30eb..c644e7670 100644
--- a/openid-connect-common/pom.xml
+++ b/openid-connect-common/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<artifactId>openid-connect-parent</artifactId>
 		<groupId>org.mitre</groupId>
-		<version>1.3.6.cnaf-20231129</version>
+		<version>1.3.6.cnaf-20240119</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>openid-connect-common</artifactId>
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 841ffd863..2695c18a2 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -20,6 +20,7 @@
  */
 package org.mitre.oauth2.model;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -349,9 +350,8 @@ public void setIdToken(JWT idToken) {
 
   public void hashMe() {
     if (jwtValue != null) {
-      this.tokenValueHash = Hashing.sha256()
-        .hashUnencodedChars(jwtValue.serialize())
-        .toString();
+      this.tokenValueHash =
+          Hashing.sha256().hashString(jwtValue.serialize(), StandardCharsets.UTF_8).toString();
     }
   }
 }
diff --git a/openid-connect-server/pom.xml b/openid-connect-server/pom.xml
index 45f853c03..c1b689602 100644
--- a/openid-connect-server/pom.xml
+++ b/openid-connect-server/pom.xml
@@ -23,7 +23,7 @@
 	<parent>
 		<groupId>org.mitre</groupId>
 		<artifactId>openid-connect-parent</artifactId>
-		<version>1.3.6.cnaf-20231129</version>
+		<version>1.3.6.cnaf-20240119</version>
 		<relativePath>..</relativePath>
 	</parent>
 	<build>
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index 60f763630..becb26710 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -80,11 +80,9 @@ public Set<OAuth2RefreshTokenEntity> getAllRefreshTokens() {
 	}
 
 	@Override
-	public OAuth2AccessTokenEntity getAccessTokenByValue(
-			String accessTokenValue) {
-		String atHashed = Hashing.sha256()
-			.hashUnencodedChars(accessTokenValue)
-			.toString();
+	public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) {
+	    String atHashed =
+	        Hashing.sha256().hashString(accessTokenValue, StandardCharsets.UTF_8).toString();
 		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(
 				OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE_HASH,
 				OAuth2AccessTokenEntity.class);
diff --git a/pom.xml b/pom.xml
index 12a4fbfb4..78af85f34 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mitre</groupId>
 	<artifactId>openid-connect-parent</artifactId>
-	<version>1.3.6.cnaf-20231129</version>
+	<version>1.3.6.cnaf-20240119</version>
 	<name>MITREid Connect</name>
 	<packaging>pom</packaging>
 	<parent>