You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cr...@apache.org on 2021/04/20 16:33:32 UTC
[sling-org-apache-sling-auth-saml2] branch master updated: change
algorithm for SAML2 token store from HmacSHA1 to HmacSHA256
This is an automated email from the ASF dual-hosted git repository.
cris pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-saml2.git
The following commit(s) were added to refs/heads/master by this push:
new c344226 change algorithm for SAML2 token store from HmacSHA1 to HmacSHA256
c344226 is described below
commit c3442267abeffad22e411fb1149cb8f80ef9361a
Author: Cris Rockwell <cm...@umich.edu>
AuthorDate: Tue Apr 20 12:33:08 2021 -0400
change algorithm for SAML2 token store from HmacSHA1 to HmacSHA256
---
.../java/org/apache/sling/auth/saml2/impl/TokenStore.java | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/main/java/org/apache/sling/auth/saml2/impl/TokenStore.java b/src/main/java/org/apache/sling/auth/saml2/impl/TokenStore.java
index e178274..c80a86e 100644
--- a/src/main/java/org/apache/sling/auth/saml2/impl/TokenStore.java
+++ b/src/main/java/org/apache/sling/auth/saml2/impl/TokenStore.java
@@ -63,7 +63,7 @@ class TokenStore {
* The name of the HMAC function to calculate the hash code of the payload
* with the secure token.
*/
- private static final String HMAC_SHA1 = "HmacSHA1";
+ private static final String ALGORITHM = "HmacSHA256";
/**
* String encoding to convert byte arrays to strings and vice-versa.
@@ -142,8 +142,8 @@ class TokenStore {
}
byte[] b = new byte[20];
random.nextBytes(b);
- final SecretKey secretKey = new SecretKeySpec(b, HMAC_SHA1);
- final Mac m = Mac.getInstance(HMAC_SHA1);
+ final SecretKey secretKey = new SecretKeySpec(b, ALGORITHM);
+ final Mac m = Mac.getInstance(ALGORITHM);
m.init(secretKey);
m.update(UTF_8.getBytes(StandardCharsets.UTF_8));
m.doFinal();
@@ -172,7 +172,7 @@ class TokenStore {
InvalidKeyException {
String cookiePayload = "" + token + expires + "@" + userId;
- Mac m = Mac.getInstance(HMAC_SHA1);
+ Mac m = Mac.getInstance(ALGORITHM);
m.init(key);
m.update(cookiePayload.getBytes(StandardCharsets.UTF_8));
String cookieValue = byteToHex(m.doFinal());
@@ -270,7 +270,7 @@ class TokenStore {
byte[] b = new byte[20];
random.nextBytes(b);
- SecretKey newToken = new SecretKeySpec(b, HMAC_SHA1);
+ SecretKey newToken = new SecretKeySpec(b, ALGORITHM);
int nextToken = currentToken + 1;
if (nextToken == currentTokens.length) {
nextToken = 0;
@@ -335,7 +335,7 @@ class TokenStore {
if (readBytes != l){
throw new IOException("could not confirm bytes read");
}
- newKeys[i] = new SecretKeySpec(b, HMAC_SHA1);
+ newKeys[i] = new SecretKeySpec(b, ALGORITHM);
} else {
newKeys[i] = null;
}