diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-06 15:04:53 +0200 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-06 15:04:53 +0200 |
commit | e8b5a5e4eb2409705bedc3a9e0ddf451e0e3e55e (patch) | |
tree | db1750b404a25c31ecb35edc09818d9c7af55d6e /security-utils | |
parent | 594c7848b0d18e1d1e5d37a6a2be31a0530756b0 (diff) |
Also include domain when printing token
Diffstat (limited to 'security-utils')
3 files changed, 12 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/token/Token.java b/security-utils/src/main/java/com/yahoo/security/token/Token.java index bc1d7239310..af50ad9a733 100644 --- a/security-utils/src/main/java/com/yahoo/security/token/Token.java +++ b/security-utils/src/main/java/com/yahoo/security/token/Token.java @@ -67,7 +67,8 @@ public class Token { @Override public String toString() { // Avoid leaking raw token secret as part of toString() output - return "Token(fingerprint: %s)".formatted(fingerprint); + // Fingerprint first, since that's the most important bit. + return "Token(fingerprint: %s, domain: %s)".formatted(fingerprint, domain); } /** diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java b/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java index b29815f3a56..e01d942cacf 100644 --- a/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java +++ b/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java @@ -3,6 +3,7 @@ package com.yahoo.security.token; import java.util.Arrays; +import static com.yahoo.security.ArrayUtils.fromUtf8Bytes; import static com.yahoo.security.ArrayUtils.toUtf8Bytes; /** @@ -43,6 +44,11 @@ public record TokenDomain(byte[] fingerprintContext, byte[] checkHashContext) { return result; } + @Override + public String toString() { + return "'%s'/'%s'".formatted(fromUtf8Bytes(fingerprintContext), fromUtf8Bytes(checkHashContext)); + } + public static TokenDomain of(String fingerprintContext, String checkHashContext) { return new TokenDomain(toUtf8Bytes(fingerprintContext), toUtf8Bytes(checkHashContext)); diff --git a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java index 6af2452eb7e..3418929f60b 100644 --- a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java +++ b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java @@ -100,9 +100,11 @@ public class TokenTest { } @Test - void token_stringification_only_contains_fingerprint() { + void token_stringification_does_not_contain_raw_secret() { var t = Token.of(TEST_DOMAIN, "foo"); - assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2)", t.toString()); + assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2, " + + "domain: 'my fingerprint'/'my check hash')", + t.toString()); } @Test |