Updated OAuth2 token length & secure random algorithm config.
Change-Id: I1c0cd2d7ad6e7c3e5570fae19fa86211a01bfeff
diff --git a/full/Changes b/full/Changes
index 0a27f6d..7d19904 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,3 +1,7 @@
+# version 0.63.2
+2021-06-11
+ - Updated OAuth2 token length & secure random algorithm config.
+
# version 0.63.1
2021-02-22
- Updated libraries (margaretha)
@@ -17,7 +21,9 @@
2021-04-30
- Updated parameters in the error responses of OAuth2 APIs for coherence (margaretha)
- Updated OAuth2 API responses for coherence (margaretha)
-
+2021-06-07
+ - Updated OAuth2 client dto (margaretha)
+
# version 0.63
26/10/2020
- Updated dependency of nimbus-jose-jwt and oauth2-oidc-sdk (diewald)
diff --git a/full/pom.xml b/full/pom.xml
index b0a1ae6..f6baf10 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-full</artifactId>
- <version>0.63.1</version>
+ <version>0.63.2</version>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -149,12 +149,12 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>[0.63.1,)</version>
+ <version>[0.63.2,)</version>
</dependency>
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>[0.63.1,)</version>
+ <version>[0.63.2,)</version>
<classifier>tests</classifier>
<type>test-jar</type>
<scope>test</scope>
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index 4d63e75..8741553 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
@@ -348,6 +348,7 @@
throws OAuthSystemException, KustvaktException {
String random = randomGenerator.createRandomCode();
+ random += randomGenerator.createRandomCode();
if (isPublicClient){
return createsAccessTokenResponse(scopes, accessScopes, clientId,
userId, authenticationTime);
@@ -366,6 +367,7 @@
throws OAuthSystemException, KustvaktException {
String accessToken = randomGenerator.createRandomCode();
+ accessToken +=randomGenerator.createRandomCode();
tokenDao.storeAccessToken(accessToken, refreshToken, accessScopes,
userId, clientId, authenticationTime);
@@ -383,6 +385,7 @@
throws OAuthSystemException, KustvaktException {
String accessToken = randomGenerator.createRandomCode();
+ accessToken +=randomGenerator.createRandomCode();
tokenDao.storeAccessToken(accessToken, null, accessScopes,
userId, clientId, authenticationTime);
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index a9086ba..daf0e9a 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -69,8 +69,8 @@
oauth2.client.credentials.scopes = client_info
## see SecureRandom Number Generation Algorithms
-## default SHA1PRNG
-security.secure.random.algorithm=SHA1PRNG
+## optional
+# security.secure.random.algorithm=SHA1PRNG
## see MessageDigest Algorithms
## default MD5
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java b/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java
new file mode 100644
index 0000000..6097cd2
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java
@@ -0,0 +1,57 @@
+package de.ids_mannheim.korap.authentication;
+
+import static org.junit.Assert.assertEquals;
+
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.oltu.oauth2.as.issuer.MD5Generator;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.encryption.RandomCodeGenerator;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+
+public class RandomCodeGeneratorTest extends SpringJerseyTest {
+
+ @Autowired
+ private RandomCodeGenerator random;
+
+ @Test
+ public void testRandomGenerator ()
+ throws NoSuchAlgorithmException, KustvaktException {
+ String value = random.createRandomCode();
+ assertEquals(22, value.length());
+ //System.out.println(value);
+ }
+
+ public void testRandomGeneratorPerformance () throws OAuthSystemException,
+ NoSuchAlgorithmException, KustvaktException {
+ long min = Integer.MAX_VALUE, max = Integer.MIN_VALUE;
+
+ while (true) {
+ long start = System.currentTimeMillis();
+ for (int i = 0; i < 10000; i++) {
+ random.createRandomCode();
+ }
+ long end = System.currentTimeMillis();
+ long duration = end - start;
+ if (duration < min)
+ min = duration;
+ else if (duration > max) max = duration;
+ System.out.println(
+ "d : " + duration + " min :" + min + ", max: " + max);
+
+ }
+ }
+
+ public void testMD5Generator () throws OAuthSystemException,
+ NoSuchAlgorithmException, KustvaktException {
+ MD5Generator m = new MD5Generator();
+ String value = m.generateValue();
+ value = m.generateValue(value);
+ System.out.println(value);
+ }
+
+}
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 03badfb..512ef34 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -90,7 +90,7 @@
rsa.key.id = 74caa3a9-217c-49e6-94e9-2368fdd02c35
## see SecureRandom Number Generation Algorithms
-## default SHA1PRNG
+## optional
security.secure.random.algorithm=SHA1PRNG
## see MessageDigest Algorithms