From 594c7848b0d18e1d1e5d37a6a2be31a0530756b0 Mon Sep 17 00:00:00 2001
From: Tor Brede Vekterli
Date: Tue, 6 Jun 2023 14:56:53 +0200
Subject: Emit fingerprints with delimiters by default
Uses standard fingerprint `hex:hex:hex:...` format
---
.../src/main/java/com/yahoo/security/token/Token.java | 2 +-
.../main/java/com/yahoo/security/token/TokenFingerprint.java | 10 +++++++++-
.../src/test/java/com/yahoo/security/token/TokenTest.java | 9 ++++++++-
3 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/security-utils/src/main/java/com/yahoo/security/token/Token.java b/security-utils/src/main/java/com/yahoo/security/token/Token.java
index e830bdfd63d..bc1d7239310 100644
--- a/security-utils/src/main/java/com/yahoo/security/token/Token.java
+++ b/security-utils/src/main/java/com/yahoo/security/token/Token.java
@@ -67,7 +67,7 @@ public class Token {
@Override
public String toString() {
// Avoid leaking raw token secret as part of toString() output
- return "Token(fingerprint: %s)".formatted(fingerprint.toHexString());
+ return "Token(fingerprint: %s)".formatted(fingerprint);
}
/**
diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
index acbf7c085fd..9ce8d55f161 100644
--- a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
+++ b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java
@@ -2,6 +2,7 @@
package com.yahoo.security.token;
import java.util.Arrays;
+import java.util.HexFormat;
import static com.yahoo.security.ArrayUtils.hex;
@@ -11,6 +12,9 @@ import static com.yahoo.security.ArrayUtils.hex;
*
* Token fingerprints should not be used directly for access checks; use derived
* {@link TokenCheckHash} instances for this purpose.
+ *
+ * Fingerprints are printed in the common hex:hex:hex:... format, e.g.
+ * 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2
*
*/
public record TokenFingerprint(byte[] hashBytes) {
@@ -36,9 +40,13 @@ public record TokenFingerprint(byte[] hashBytes) {
return hex(hashBytes);
}
+ public String toDelimitedHexString() {
+ return HexFormat.ofDelimiter(":").formatHex(hashBytes);
+ }
+
@Override
public String toString() {
- return toHexString();
+ return toDelimitedHexString();
}
public static TokenFingerprint of(Token token) {
diff --git a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java
index 24c1be4cfa3..6af2452eb7e 100644
--- a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java
@@ -70,6 +70,13 @@ public class TokenTest {
assertEquals("201890b5e18e69c364ca09f3c7a00f8e", t4.fingerprint().toHexString());
}
+ @Test
+ void fingerprint_is_printed_with_delimiters_by_default() {
+ var t = Token.of(TEST_DOMAIN, "bar");
+ var fp = t.fingerprint();
+ assertEquals("7c:47:14:4e:5d:c6:84:7a:5d:20:08:6d:bd:17:70:00", fp.toString());
+ }
+
@Test
void token_check_hash_differs_from_fingerprint() { // ... with extremely high probability
var t = Token.of(TEST_DOMAIN, "foo");
@@ -95,7 +102,7 @@ public class TokenTest {
@Test
void token_stringification_only_contains_fingerprint() {
var t = Token.of(TEST_DOMAIN, "foo");
- assertEquals("Token(fingerprint: 532e4e09d54f96f41a4482eff044b9a2)", t.toString());
+ assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2)", t.toString());
}
@Test
--
cgit v1.2.3