diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-11-01 13:44:42 +0100 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-11-01 14:43:54 +0100 |
commit | f59b56ae4b8fafc67ec1828f03ce3178afaf037d (patch) | |
tree | 37be6e743672efbd4816ad39cb05ab46cad66e0a /node-admin | |
parent | 43803ae25a68b4708f5846b7021e1dc3b68a82c6 (diff) |
Let token key IDs be UTF-8 byte strings instead of just an integer
This makes key IDs vastly more expressive. Max size is 255 bytes,
and UTF-8 form is enforced by checking that the byte sequence can be
identity-transformed to and from a string with UTF-8 encoding.
In addition, we now protect the integrity of the key ID by supplying
it as the AAD parameter to the key sealing and opening operations.
Reduce v1 token max length of `enc` part to 255, since this is always
an X25519 public key, which is never bigger than 32 bytes (but may
be _less_ if the random `BigInteger` is small enough, so we still have
to encode the length).
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java index 3906c13c4a4..be4ee657292 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java @@ -299,7 +299,7 @@ public class CoredumpHandlerTest { private static SecretSharedKey makeFixedSecretSharedKey() { byte[] keyBytes = bytesOf("very secret yes!"); // 128 bits var secretKey = new SecretKeySpec(keyBytes, "AES"); - int keyId = 123; + byte[] keyId = bytesOf("the shiniest key"); // We don't parse any of these fields in the test, so just use dummy contents. byte[] enc = bytesOf("hello world"); byte[] ciphertext = bytesOf("imaginary ciphertext"); |