From 594c7848b0d18e1d1e5d37a6a2be31a0530756b0 Mon Sep 17 00:00:00 2001 From: Tor Brede Vekterli Date: Tue, 6 Jun 2023 14:56:53 +0200 Subject: Emit fingerprints with delimiters by default Uses standard fingerprint `hex:hex:hex:...` format --- .../src/main/java/com/yahoo/security/token/Token.java | 2 +- .../main/java/com/yahoo/security/token/TokenFingerprint.java | 10 +++++++++- .../src/test/java/com/yahoo/security/token/TokenTest.java | 9 ++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/security-utils/src/main/java/com/yahoo/security/token/Token.java b/security-utils/src/main/java/com/yahoo/security/token/Token.java index e830bdfd63d..bc1d7239310 100644 --- a/security-utils/src/main/java/com/yahoo/security/token/Token.java +++ b/security-utils/src/main/java/com/yahoo/security/token/Token.java @@ -67,7 +67,7 @@ public class Token { @Override public String toString() { // Avoid leaking raw token secret as part of toString() output - return "Token(fingerprint: %s)".formatted(fingerprint.toHexString()); + return "Token(fingerprint: %s)".formatted(fingerprint); } /** diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java index acbf7c085fd..9ce8d55f161 100644 --- a/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java +++ b/security-utils/src/main/java/com/yahoo/security/token/TokenFingerprint.java @@ -2,6 +2,7 @@ package com.yahoo.security.token; import java.util.Arrays; +import java.util.HexFormat; import static com.yahoo.security.ArrayUtils.hex; @@ -11,6 +12,9 @@ import static com.yahoo.security.ArrayUtils.hex; *

* Token fingerprints should not be used directly for access checks; use derived * {@link TokenCheckHash} instances for this purpose. + *

+ * Fingerprints are printed in the common hex:hex:hex:... format, e.g. + * 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2 *

*/ public record TokenFingerprint(byte[] hashBytes) { @@ -36,9 +40,13 @@ public record TokenFingerprint(byte[] hashBytes) { return hex(hashBytes); } + public String toDelimitedHexString() { + return HexFormat.ofDelimiter(":").formatHex(hashBytes); + } + @Override public String toString() { - return toHexString(); + return toDelimitedHexString(); } public static TokenFingerprint of(Token token) { diff --git a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java index 24c1be4cfa3..6af2452eb7e 100644 --- a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java +++ b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java @@ -70,6 +70,13 @@ public class TokenTest { assertEquals("201890b5e18e69c364ca09f3c7a00f8e", t4.fingerprint().toHexString()); } + @Test + void fingerprint_is_printed_with_delimiters_by_default() { + var t = Token.of(TEST_DOMAIN, "bar"); + var fp = t.fingerprint(); + assertEquals("7c:47:14:4e:5d:c6:84:7a:5d:20:08:6d:bd:17:70:00", fp.toString()); + } + @Test void token_check_hash_differs_from_fingerprint() { // ... with extremely high probability var t = Token.of(TEST_DOMAIN, "foo"); @@ -95,7 +102,7 @@ public class TokenTest { @Test void token_stringification_only_contains_fingerprint() { var t = Token.of(TEST_DOMAIN, "foo"); - assertEquals("Token(fingerprint: 532e4e09d54f96f41a4482eff044b9a2)", t.toString()); + assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2)", t.toString()); } @Test -- cgit v1.2.3