Commit 940d0c5a authored by Matija Obreza's avatar Matija Obreza
Browse files

Include timestamp in MD5 hash of authenticationId

parent ab42049a
......@@ -18,7 +18,6 @@ package org.genesys2.server.service.impl;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
......@@ -78,6 +77,8 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
private static final String USERNAME = "username";
private static final String TIMESTAMP = "timestamp";
public String extractKey(OAuth2Authentication authentication) {
Map<String, String> values = new LinkedHashMap<String, String>();
AuthorizationRequest authorizationRequest = authentication.getAuthorizationRequest();
......@@ -85,6 +86,7 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
values.put(USERNAME, authentication.getName());
}
values.put(CLIENT_ID, authorizationRequest.getClientId());
values.put(TIMESTAMP, Long.toHexString(System.currentTimeMillis()));
if (authorizationRequest.getScope() != null) {
values.put(SCOPE, OAuth2Utils.formatParameterList(authorizationRequest.getScope()));
}
......@@ -97,11 +99,7 @@ public class OAuth2JPATokenStoreImpl implements TokenStore {
try {
byte[] bytes = digest.digest(values.toString().getBytes("UTF-8"));
ByteBuffer bb = ByteBuffer.allocate(bytes.length + 8);
bb.put(bytes);
// Add timestamp
bb.putLong(System.currentTimeMillis());
return String.format("%032x", new BigInteger(1, bb.array()));
return String.format("%032x", new BigInteger(1, bytes));
} catch (UnsupportedEncodingException e) {
throw new IllegalStateException("UTF-8 encoding not available. Fatal (should be in the JDK).");
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment