You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/16 12:20:24 UTC

[cxf] 03/10: Change OAuthUtils.generateRandomTokenKey to use 32 bytes by default

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 2e7278c35f3fadc94e03dcf8c9b10a5f46053fce
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 11 18:32:40 2019 +0100

    Change OAuthUtils.generateRandomTokenKey to use 32 bytes by default
---
 .../cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java     | 2 +-
 .../main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
index 668910f..78ebcaa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
@@ -44,7 +44,7 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager {
         MultivaluedMap<String, String> redirectMap = new MetadataMap<>();
 
         if (generateNonce) {
-            String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(16));
+            String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(32));
             requestState.putSingle(OAuthConstants.NONCE, nonceParam);
             redirectMap.putSingle(OAuthConstants.NONCE, nonceParam);
         }
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 356f599..f975a31 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -271,7 +271,7 @@ public final class OAuthUtils {
     }
 
     public static String generateRandomTokenKey() throws OAuthServiceException {
-        return generateRandomTokenKey(16);
+        return generateRandomTokenKey(32);
     }
     public static String generateRandomTokenKey(int byteSize) {
         if (byteSize < 16) {