You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/09/16 12:20:24 UTC
[cxf] 03/10: Change OAuthUtils.generateRandomTokenKey to use 32
bytes by default
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 2e7278c35f3fadc94e03dcf8c9b10a5f46053fce
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Sep 11 18:32:40 2019 +0100
Change OAuthUtils.generateRandomTokenKey to use 32 bytes by default
---
.../cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java | 2 +-
.../main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
index 668910f..78ebcaa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
@@ -44,7 +44,7 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager {
MultivaluedMap<String, String> redirectMap = new MetadataMap<>();
if (generateNonce) {
- String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(16));
+ String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(32));
requestState.putSingle(OAuthConstants.NONCE, nonceParam);
redirectMap.putSingle(OAuthConstants.NONCE, nonceParam);
}
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 356f599..f975a31 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -271,7 +271,7 @@ public final class OAuthUtils {
}
public static String generateRandomTokenKey() throws OAuthServiceException {
- return generateRandomTokenKey(16);
+ return generateRandomTokenKey(32);
}
public static String generateRandomTokenKey(int byteSize) {
if (byteSize < 16) {