Skip to content

Commit 7226e75

Browse files
acoburnacoburn
authored
JCL-385: Improve PKCE verifier to always produce spec conforming values (#517)
1 parent 4de12e7 commit 7226e75

File tree

2 files changed

+9
-8
lines changed

2 files changed

+9
-8
lines changed

openid/src/main/java/com/inrupt/client/openid/PKCE.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@
3636
*/
3737
public final class PKCE {
3838

39+
private static final BigInteger PADDING = BigInteger.valueOf(2).pow(256);
40+
3941
/**
4042
* Create a PKCE challenge value using the S256 algorithm.
4143
*
@@ -73,7 +75,7 @@ static String createChallenge(final String verifier, final String alg) {
7375
* @return the Base64URL-encoded verifier
7476
*/
7577
static String createVerifier() {
76-
final byte[] rand = new BigInteger(32 * 8, new SecureRandom()).toByteArray();
78+
final byte[] rand = PADDING.add(new BigInteger(32 * 8, new SecureRandom())).toByteArray();
7779
return Base64.getUrlEncoder().withoutPadding().encodeToString(rand);
7880
}
7981

openid/src/test/java/com/inrupt/client/openid/PKCETest.java

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@
2020
*/
2121
package com.inrupt.client.openid;
2222

23-
import static java.nio.charset.StandardCharsets.UTF_8;
2423
import static org.junit.jupiter.api.Assertions.assertThrows;
2524
import static org.junit.jupiter.api.Assertions.assertTrue;
2625

@@ -30,16 +29,16 @@ class PKCETest {
3029

3130
@Test
3231
void createChallengeTest() {
33-
assertTrue(PKCE.createChallenge("🐶🐶🐶", "SHA-256").getBytes(UTF_8).length >= 43);
34-
assertTrue(PKCE.createChallenge("🐶🐶🐶", "SHA-256").getBytes(UTF_8).length <= 128);
35-
assertTrue(PKCE.createChallenge("", "SHA-256").getBytes(UTF_8).length >= 43);
36-
assertTrue(PKCE.createChallenge("", "SHA-256").getBytes(UTF_8).length <= 128);
32+
assertTrue(PKCE.createChallenge("🐶🐶🐶", "SHA-256").length() >= 43);
33+
assertTrue(PKCE.createChallenge("🐶🐶🐶", "SHA-256").length() <= 128);
34+
assertTrue(PKCE.createChallenge("", "SHA-256").length() >= 43);
35+
assertTrue(PKCE.createChallenge("", "SHA-256").length() <= 128);
3736
assertThrows(NullPointerException.class, () -> PKCE.createChallenge(null, "SHA-256"));
3837
}
3938

4039
@Test
4140
void createVerifierTest() {
42-
assertTrue(PKCE.createVerifier().getBytes(UTF_8).length >= 43);
43-
assertTrue(PKCE.createVerifier().getBytes(UTF_8).length <= 128);
41+
assertTrue(PKCE.createVerifier().length() >= 43);
42+
assertTrue(PKCE.createVerifier().length() <= 128);
4443
}
4544
}

0 commit comments

Comments
 (0)