summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java52
1 files changed, 52 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
new file mode 100644
index 00000000000..acbf7c085fd
--- /dev/null
+++ b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
@@ -0,0 +1,52 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.security.token;
+
+import java.util.Arrays;
+
+import static com.yahoo.security.ArrayUtils.hex;
+
+/**
+ * <p>A token fingerprint represents an opaque sequence of bytes that is expected
+ * to globally identify any particular token within a particular token domain.
+ * </p><p>
+ * Token fingerprints should not be used directly for access checks; use derived
+ * {@link TokenCheckHash} instances for this purpose.
+ * </p>
+ */
+public record TokenFingerprint(byte[] hashBytes) {
+
+ public static final int FINGERPRINT_BITS = 128;
+ public static final int FINGERPRINT_BYTES = FINGERPRINT_BITS / 8;
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ TokenFingerprint that = (TokenFingerprint) o;
+ // We don't consider token fingerprints secret data, so no harm in data-dependent equals()
+ return Arrays.equals(hashBytes, that.hashBytes);
+ }
+
+ @Override
+ public int hashCode() {
+ return Arrays.hashCode(hashBytes);
+ }
+
+ public String toHexString() {
+ return hex(hashBytes);
+ }
+
+ @Override
+ public String toString() {
+ return toHexString();
+ }
+
+ public static TokenFingerprint of(Token token) {
+ return new TokenFingerprint(token.toDerivedBytes(FINGERPRINT_BYTES, token.domain().fingerprintContext()));
+ }
+
+ public static TokenFingerprint ofRawBytes(byte[] hashBytes) {
+ return new TokenFingerprint(Arrays.copyOf(hashBytes, hashBytes.length));
+ }
+
+}