From e8b5a5e4eb2409705bedc3a9e0ddf451e0e3e55e Mon Sep 17 00:00:00 2001
From: Tor Brede Vekterli <vekterli@yahooinc.com>
Date: Tue, 6 Jun 2023 15:04:53 +0200
Subject: Also include domain when printing token

---
 security-utils/src/main/java/com/yahoo/security/token/Token.java    | 3 ++-
 .../src/main/java/com/yahoo/security/token/TokenDomain.java         | 6 ++++++
 .../src/test/java/com/yahoo/security/token/TokenTest.java           | 6 ++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

(limited to 'security-utils')

diff --git a/security-utils/src/main/java/com/yahoo/security/token/Token.java b/security-utils/src/main/java/com/yahoo/security/token/Token.java
index bc1d7239310..af50ad9a733 100644
--- a/security-utils/src/main/java/com/yahoo/security/token/Token.java
+++ b/security-utils/src/main/java/com/yahoo/security/token/Token.java
@@ -67,7 +67,8 @@ public class Token {
     @Override
     public String toString() {
         // Avoid leaking raw token secret as part of toString() output
-        return "Token(fingerprint: %s)".formatted(fingerprint);
+        // Fingerprint first, since that's the most important bit.
+        return "Token(fingerprint: %s, domain: %s)".formatted(fingerprint, domain);
     }
 
     /**
diff --git a/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java b/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java
index b29815f3a56..e01d942cacf 100644
--- a/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java
+++ b/security-utils/src/main/java/com/yahoo/security/token/TokenDomain.java
@@ -3,6 +3,7 @@ package com.yahoo.security.token;
 
 import java.util.Arrays;
 
+import static com.yahoo.security.ArrayUtils.fromUtf8Bytes;
 import static com.yahoo.security.ArrayUtils.toUtf8Bytes;
 
 /**
@@ -43,6 +44,11 @@ public record TokenDomain(byte[] fingerprintContext, byte[] checkHashContext) {
         return result;
     }
 
+    @Override
+    public String toString() {
+        return "'%s'/'%s'".formatted(fromUtf8Bytes(fingerprintContext), fromUtf8Bytes(checkHashContext));
+    }
+
     public static TokenDomain of(String fingerprintContext, String checkHashContext) {
         return new TokenDomain(toUtf8Bytes(fingerprintContext),
                                toUtf8Bytes(checkHashContext));
diff --git a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java
index 6af2452eb7e..3418929f60b 100644
--- a/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/token/TokenTest.java
@@ -100,9 +100,11 @@ public class TokenTest {
     }
 
     @Test
-    void token_stringification_only_contains_fingerprint() {
+    void token_stringification_does_not_contain_raw_secret() {
         var t = Token.of(TEST_DOMAIN, "foo");
-        assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2)", t.toString());
+        assertEquals("Token(fingerprint: 53:2e:4e:09:d5:4f:96:f4:1a:44:82:ef:f0:44:b9:a2, " +
+                           "domain: 'my fingerprint'/'my check hash')",
+                     t.toString());
     }
 
     @Test
-- 
cgit v1.2.3