Updated OAuth2 token length & secure random algorithm config.
Change-Id: I1c0cd2d7ad6e7c3e5570fae19fa86211a01bfeff
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index 4d63e75..8741553 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
@@ -348,6 +348,7 @@
throws OAuthSystemException, KustvaktException {
String random = randomGenerator.createRandomCode();
+ random += randomGenerator.createRandomCode();
if (isPublicClient){
return createsAccessTokenResponse(scopes, accessScopes, clientId,
userId, authenticationTime);
@@ -366,6 +367,7 @@
throws OAuthSystemException, KustvaktException {
String accessToken = randomGenerator.createRandomCode();
+ accessToken +=randomGenerator.createRandomCode();
tokenDao.storeAccessToken(accessToken, refreshToken, accessScopes,
userId, clientId, authenticationTime);
@@ -383,6 +385,7 @@
throws OAuthSystemException, KustvaktException {
String accessToken = randomGenerator.createRandomCode();
+ accessToken +=randomGenerator.createRandomCode();
tokenDao.storeAccessToken(accessToken, null, accessScopes,
userId, clientId, authenticationTime);
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index a9086ba..daf0e9a 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -69,8 +69,8 @@
oauth2.client.credentials.scopes = client_info
## see SecureRandom Number Generation Algorithms
-## default SHA1PRNG
-security.secure.random.algorithm=SHA1PRNG
+## optional
+# security.secure.random.algorithm=SHA1PRNG
## see MessageDigest Algorithms
## default MD5
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java b/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java
new file mode 100644
index 0000000..6097cd2
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/RandomCodeGeneratorTest.java
@@ -0,0 +1,57 @@
+package de.ids_mannheim.korap.authentication;
+
+import static org.junit.Assert.assertEquals;
+
+import java.security.NoSuchAlgorithmException;
+
+import org.apache.oltu.oauth2.as.issuer.MD5Generator;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.encryption.RandomCodeGenerator;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+
+public class RandomCodeGeneratorTest extends SpringJerseyTest {
+
+ @Autowired
+ private RandomCodeGenerator random;
+
+ @Test
+ public void testRandomGenerator ()
+ throws NoSuchAlgorithmException, KustvaktException {
+ String value = random.createRandomCode();
+ assertEquals(22, value.length());
+ //System.out.println(value);
+ }
+
+ public void testRandomGeneratorPerformance () throws OAuthSystemException,
+ NoSuchAlgorithmException, KustvaktException {
+ long min = Integer.MAX_VALUE, max = Integer.MIN_VALUE;
+
+ while (true) {
+ long start = System.currentTimeMillis();
+ for (int i = 0; i < 10000; i++) {
+ random.createRandomCode();
+ }
+ long end = System.currentTimeMillis();
+ long duration = end - start;
+ if (duration < min)
+ min = duration;
+ else if (duration > max) max = duration;
+ System.out.println(
+ "d : " + duration + " min :" + min + ", max: " + max);
+
+ }
+ }
+
+ public void testMD5Generator () throws OAuthSystemException,
+ NoSuchAlgorithmException, KustvaktException {
+ MD5Generator m = new MD5Generator();
+ String value = m.generateValue();
+ value = m.generateValue(value);
+ System.out.println(value);
+ }
+
+}
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 03badfb..512ef34 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -90,7 +90,7 @@
rsa.key.id = 74caa3a9-217c-49e6-94e9-2368fdd02c35
## see SecureRandom Number Generation Algorithms
-## default SHA1PRNG
+## optional
security.secure.random.algorithm=SHA1PRNG
## see MessageDigest Algorithms