diff options
| author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-06 14:56:53 +0200 |
|---|---|---|
| committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-06 14:56:53 +0200 |
| commit | 594c7848b0d18e1d1e5d37a6a2be31a0530756b0 (patch) | |
| tree | 033b417059a348c89fd173215239d72751d4f005 /security-utils | |
| parent | 2e1dd2e4dde2bbb335bd1eedf545c5c19319372f (diff) | |
Emit fingerprints with delimiters by default
Uses standard fingerprint `hex:hex:hex:...` format
Diffstat (limited to 'security-utils')
3 files changed, 18 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/token/Token.java b/security-utils/src/main/java/com/yahoo/security/token/Token.java index e830bdfd63d..bc1d7239310 100644 --- a/security-utils/src/main/java/com/yahoo/security/token/Token.java +++ b/security-utils/src/main/java/com/yahoo/security/token/Token.java @@ -67,7 +67,7 @@ public class Token { @Override public String toString() { // Avoid leaking raw token secret as part of toString() output - return "Token(fingerprint: %s)".formatted(fingerprint.toHexString()); + return "Token(fingerprint: %s)".formatted(fingerprint); } /** diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java index acbf7c085fd..9ce8d55f161 100644 --- a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java +++ b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java @@ -2,6 +2,7 @@ package com.yahoo.security.token; import java.util.Arrays; +import java.util.HexFormat; import static com.yahoo.security.ArrayUtils.hex; @@ -11,6 +12,9 @@ import static com.yahoo.security.ArrayUtils.hex; * </p><p> * Token fingerprints should not be used directly for access checks; use derived * {@link TokenCheckHash} instances for this purpose. + * </p><p> + * Fingerprints are printed in the common hex:hex:hex:... format, e.g. + * <code>53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2</code> * </p> */ public record TokenFingerprint(byte[] hashBytes) { @@ -36,9 +40,13 @@ public record TokenFingerprint(byte[] hashBytes) { return hex(hashBytes); } + public String toDelimitedHexString() { + return HexFormat.ofDelimiter(":").formatHex(hashBytes); + } + @Override public String toString() { - return toHexString(); + return toDelimitedHexString(); } public static TokenFingerprint of(Token token) { diff --git a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java index 24c1be4cfa3..6af2452eb7e 100644 --- a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java +++ b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java @@ -71,6 +71,13 @@ public class TokenTest { } @Test + void fingerprint_is_printed_with_delimiters_by_default() { + var t = Token.of(TEST_DOMAIN, "bar"); + var fp = t.fingerprint(); + assertEquals("7c:47:14:4e:5d:c6:84:7a:5d:20:08:6d:bd:17:70:00", fp.toString()); + } + + @Test void token_check_hash_differs_from_fingerprint() { // ... with extremely high probability var t = Token.of(TEST_DOMAIN, "foo"); var fp = t.fingerprint(); @@ -95,7 +102,7 @@ public class TokenTest { @Test void token_stringification_only_contains_fingerprint() { var t = Token.of(TEST_DOMAIN, "foo"); - assertEquals("Token(fingerprint: 532e4e09d54f96f41a4482eff044b9a2)", t.toString()); + assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2)", t.toString()); } @Test |