KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation

This commit is contained in:
Mohammad Rezai 2017-05-23 12:30:48 +04:30 committed by mrezai
parent 8d40ee17f1
commit acd78ee407
2 changed files with 7 additions and 15 deletions

View file

@ -543,13 +543,9 @@ public class TokenEndpoint {
// https://tools.ietf.org/html/rfc7636#section-4.6
private String generateS256CodeChallenge(String codeVerifier) throws Exception {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(codeVerifier.getBytes());
StringBuilder sb = new StringBuilder();
for (byte b : md.digest()) {
String hex = String.format("%02x", b);
sb.append(hex);
}
String codeVerifierEncoded = Base64Url.encode(sb.toString().getBytes());
md.update(codeVerifier.getBytes("ISO_8859_1"));
byte[] digestBytes = md.digest();
String codeVerifierEncoded = Base64Url.encode(digestBytes);
return codeVerifierEncoded;
}

View file

@ -444,13 +444,9 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
private String generateS256CodeChallenge(String codeVerifier) throws Exception {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(codeVerifier.getBytes());
StringBuilder sb = new StringBuilder();
for (byte b : md.digest()) {
String hex = String.format("%02x", b);
sb.append(hex);
}
String codeChallenge = Base64Url.encode(sb.toString().getBytes());
md.update(codeVerifier.getBytes("ISO_8859_1"));
byte[] digestBytes = md.digest();
String codeChallenge = Base64Url.encode(digestBytes);
return codeChallenge;
}