diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/token/TokenCheckHash.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/token/TokenCheckHash.java | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenCheckHash.java b/security-utils/src/main/java/com/yahoo/security/token/TokenCheckHash.java new file mode 100644 index 00000000000..e4d9825842e --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/token/TokenCheckHash.java @@ -0,0 +1,46 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.token; + +import java.util.Arrays; + +import static com.yahoo.security.ArrayUtils.hex; + +/** + * A token check hash represents a hash derived from a token in such a way that + * distinct "audiences" for the token compute entirely different hashes even for + * identical token values. + */ +public record TokenCheckHash(byte[] hashBytes) { + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + TokenCheckHash tokenCheckHash = (TokenCheckHash) o; + // We don't consider token hashes secret data, so no harm in data-dependent equals() + return Arrays.equals(hashBytes, tokenCheckHash.hashBytes); + } + + @Override + public int hashCode() { + return Arrays.hashCode(hashBytes); + } + + public String toHexString() { + return hex(hashBytes); + } + + @Override + public String toString() { + return toHexString(); + } + + public static TokenCheckHash of(Token token, int nHashBytes) { + return new TokenCheckHash(token.toDerivedBytes(nHashBytes, token.domain().checkHashContext())); + } + + public static TokenCheckHash ofRawBytes(byte[] hashBytes) { + return new TokenCheckHash(Arrays.copyOf(hashBytes, hashBytes.length)); + } + +} |