Updated OAuth2 token length & secure random algorithm config.

Change-Id: I1c0cd2d7ad6e7c3e5570fae19fa86211a01bfeff
diff --git a/full/Changes b/full/Changes
index 0a27f6d..7d19904 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,3 +1,7 @@
+# version 0.63.2
+2021-06-11
+ - Updated OAuth2 token length & secure random algorithm config.
+
 # version 0.63.1
 2021-02-22
  - Updated libraries (margaretha)
@@ -17,7 +21,9 @@
 2021-04-30
  - Updated parameters in the error responses of OAuth2 APIs for coherence (margaretha)
  - Updated OAuth2 API responses for coherence (margaretha) 
- 
+2021-06-07
+ - Updated OAuth2 client dto (margaretha)
+  
 # version 0.63
 26/10/2020
  - Updated dependency of nimbus-jose-jwt and oauth2-oidc-sdk (diewald)
diff --git a/full/pom.xml b/full/pom.xml
index b0a1ae6..f6baf10 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.ids_mannheim.korap</groupId>
 	<artifactId>Kustvakt-full</artifactId>
-	<version>0.63.1</version>
+	<version>0.63.2</version>
 	<properties>
 		<java.version>1.8</java.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -149,12 +149,12 @@
 		<dependency>
 			<groupId>de.ids_mannheim.korap</groupId>
 			<artifactId>Kustvakt-core</artifactId>
-			<version>[0.63.1,)</version>
+			<version>[0.63.2,)</version>
 		</dependency>
 		<dependency>
 			<groupId>de.ids_mannheim.korap</groupId>
 			<artifactId>Kustvakt-core</artifactId>
-			<version>[0.63.1,)</version>
+			<version>[0.63.2,)</version>
 			<classifier>tests</classifier>
       		<type>test-jar</type>
       		<scope>test</scope>
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index 4d63e75..8741553 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
@@ -348,6 +348,7 @@
             throws OAuthSystemException, KustvaktException {
 
         String random = randomGenerator.createRandomCode();
+        random += randomGenerator.createRandomCode();
         if (isPublicClient){
             return createsAccessTokenResponse(scopes, accessScopes, clientId,
                     userId, authenticationTime);
@@ -366,6 +367,7 @@
             throws OAuthSystemException, KustvaktException {
 
         String accessToken = randomGenerator.createRandomCode();
+        accessToken +=randomGenerator.createRandomCode();
         tokenDao.storeAccessToken(accessToken, refreshToken, accessScopes,
                 userId, clientId, authenticationTime);
 
@@ -383,6 +385,7 @@
             throws OAuthSystemException, KustvaktException {
 
         String accessToken = randomGenerator.createRandomCode();
+        accessToken +=randomGenerator.createRandomCode();
         tokenDao.storeAccessToken(accessToken, null, accessScopes,
                 userId, clientId, authenticationTime);
 
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index a9086ba..daf0e9a 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -69,8 +69,8 @@
 oauth2.client.credentials.scopes = client_info
 
 ## see SecureRandom Number Generation Algorithms
-## default SHA1PRNG
-security.secure.random.algorithm=SHA1PRNG
+## optional
+# security.secure.random.algorithm=SHA1PRNG
 
 ## see MessageDigest Algorithms
 ## default MD5
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java b/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java
new file mode 100644
index 0000000..6097cd2
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java
@@ -0,0 +1,57 @@
+package de.ids_mannheim.korap.authentication;
+
+import static org.junit.Assert.assertEquals;
+
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.oltu.oauth2.as.issuer.MD5Generator;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.encryption.RandomCodeGenerator;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+
+public class RandomCodeGeneratorTest extends SpringJerseyTest {
+
+    @Autowired
+    private RandomCodeGenerator random;
+
+    @Test
+    public void testRandomGenerator ()
+            throws NoSuchAlgorithmException, KustvaktException {
+        String value = random.createRandomCode();
+        assertEquals(22, value.length());
+        //System.out.println(value);
+    }
+
+    public void testRandomGeneratorPerformance () throws OAuthSystemException,
+            NoSuchAlgorithmException, KustvaktException {
+        long min = Integer.MAX_VALUE, max = Integer.MIN_VALUE;
+
+        while (true) {
+            long start = System.currentTimeMillis();
+            for (int i = 0; i < 10000; i++) {
+                random.createRandomCode();
+            }
+            long end = System.currentTimeMillis();
+            long duration = end - start;
+            if (duration < min)
+                min = duration;
+            else if (duration > max) max = duration;
+            System.out.println(
+                    "d : " + duration + " min :" + min + ", max: " + max);
+
+        }
+    }
+
+    public void testMD5Generator () throws OAuthSystemException,
+            NoSuchAlgorithmException, KustvaktException {
+        MD5Generator m = new MD5Generator();
+        String value = m.generateValue();
+        value = m.generateValue(value);
+        System.out.println(value);
+    }
+
+}
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 03badfb..512ef34 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -90,7 +90,7 @@
 rsa.key.id = 74caa3a9-217c-49e6-94e9-2368fdd02c35
 
 ## see SecureRandom Number Generation Algorithms
-## default SHA1PRNG
+## optional
 security.secure.random.algorithm=SHA1PRNG
 
 ## see MessageDigest Algorithms