summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java22
-rw-r--r--security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java4
2 files changed, 15 insertions, 11 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java b/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java
index e01d942cacf..ad01a2f8b5b 100644
--- a/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java
+++ b/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java
@@ -26,32 +26,34 @@ import static com.yahoo.security.ArrayUtils.toUtf8Bytes;
* never be made to match, be it accidentally or deliberately.
* </p>
*/
-public record TokenDomain(byte[] fingerprintContext, byte[] checkHashContext) {
+public record TokenDomain(byte[] checkHashContext) {
+
+ public TokenDomain {
+ if (Arrays.equals(checkHashContext, TokenFingerprint.FINGERPRINT_CONTEXT)) {
+ throw new IllegalArgumentException("Fingerprint and check hash contexts can not be equal");
+ }
+ }
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
TokenDomain that = (TokenDomain) o;
- return Arrays.equals(fingerprintContext, that.fingerprintContext) &&
- Arrays.equals(checkHashContext, that.checkHashContext);
+ return Arrays.equals(checkHashContext, that.checkHashContext);
}
@Override
public int hashCode() {
- int result = Arrays.hashCode(fingerprintContext);
- result = 31 * result + Arrays.hashCode(checkHashContext);
- return result;
+ return Arrays.hashCode(checkHashContext);
}
@Override
public String toString() {
- return "'%s'/'%s'".formatted(fromUtf8Bytes(fingerprintContext), fromUtf8Bytes(checkHashContext));
+ return "'%s'".formatted(fromUtf8Bytes(checkHashContext));
}
- public static TokenDomain of(String fingerprintContext, String checkHashContext) {
- return new TokenDomain(toUtf8Bytes(fingerprintContext),
- toUtf8Bytes(checkHashContext));
+ public static TokenDomain of(String checkHashContext) {
+ return new TokenDomain(toUtf8Bytes(checkHashContext));
}
}
diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
index 0bec3d8af80..bb08653da43 100644
--- a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
+++ b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
@@ -5,6 +5,7 @@ import java.util.Arrays;
import java.util.HexFormat;
import static com.yahoo.security.ArrayUtils.hex;
+import static com.yahoo.security.ArrayUtils.toUtf8Bytes;
/**
* <p>A token fingerprint represents an opaque sequence of bytes that is expected
@@ -21,6 +22,7 @@ public record TokenFingerprint(byte[] hashBytes) {
public static final int FINGERPRINT_BITS = 128;
public static final int FINGERPRINT_BYTES = FINGERPRINT_BITS / 8;
+ public static final byte[] FINGERPRINT_CONTEXT = toUtf8Bytes("Vespa token fingerprint");
@Override
public boolean equals(Object o) {
@@ -50,7 +52,7 @@ public record TokenFingerprint(byte[] hashBytes) {
}
public static TokenFingerprint of(Token token) {
- return new TokenFingerprint(token.toDerivedBytes(FINGERPRINT_BYTES, token.domain().fingerprintContext()));
+ return new TokenFingerprint(token.toDerivedBytes(FINGERPRINT_BYTES, FINGERPRINT_CONTEXT));
}
public static TokenFingerprint ofRawBytes(byte[] hashBytes) {