refactor: replace the deprecated SHA-1 algorithm for generating open-…

…api token to SHA-256
apolloconfig · Aug 7, 2022 · 6d10847 · 6d10847
1 parent ec658b0
commit 6d10847
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
@@ -250,9 +250,9 @@ void generateAndEnrichToken(Consumer consumer, ConsumerToken consumerToken) {
         .getDataChangeCreatedTime(), portalConfig.consumerTokenSalt()));
   }
 
-  String generateToken(String consumerAppId, Date generationTime, String
-      consumerTokenSalt) {
-    return Hashing.sha1().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format
+  @SuppressWarnings("UnstableApiUsage")
+  String generateToken(String consumerAppId, Date generationTime, String consumerTokenSalt) {
+    return Hashing.sha256().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format
         (generationTime), consumerTokenSalt), Charsets.UTF_8).toString();
   }
 

diff --git a/...-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java b/...-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
@@ -66,7 +66,6 @@ public class ConsumerServiceTest extends AbstractUnitTest {
   @InjectMocks
   private ConsumerService consumerService;
 
-
   private String someTokenSalt = "someTokenSalt";
   private String testAppId = "testAppId";
   private String testConsumerName = "testConsumerName";
@@ -75,7 +74,6 @@ public class ConsumerServiceTest extends AbstractUnitTest {
   @Before
   public void setUp() throws Exception {
     when(portalConfig.consumerTokenSalt()).thenReturn(someTokenSalt);
-
   }
 
   @Test
@@ -126,9 +124,11 @@ public void testGenerateConsumerToken() throws Exception {
     String someConsumerAppId = "100003171";
     Date generationTime = new GregorianCalendar(2016, Calendar.AUGUST, 9, 12, 10, 50).getTime();
     String tokenSalt = "apollo";
+    String expectedToken = "151067a53d08d70de161fa06b455623741877ce2f019f6e3018844c1a16dd8c6";
+
+    String actualToken = consumerService.generateToken(someConsumerAppId, generationTime, tokenSalt);
 
-    assertEquals("d0da35292dd5079eeb73cc3a5f7c0759afabd806", consumerService
-        .generateToken(someConsumerAppId, generationTime, tokenSalt));
+    assertEquals(expectedToken, actualToken);
   }
 
   @Test