refactor: replace the deprecated SHA-1 algorithm for generating open-api token to SHA-256

mghio · nobodyiam · commit 4ca97397a72e · 2022-08-08T22:47:29.000+08:00
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/service/ConsumerService.java
@@ -250,9 +250,9 @@ void generateAndEnrichToken(Consumer consumer, ConsumerToken consumerToken) {
         .getDataChangeCreatedTime(), portalConfig.consumerTokenSalt()));
   }
 
-  String generateToken(String consumerAppId, Date generationTime, String
-      consumerTokenSalt) {
-    return Hashing.sha1().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format
+  @SuppressWarnings("UnstableApiUsage")
+  String generateToken(String consumerAppId, Date generationTime, String consumerTokenSalt) {
+    return Hashing.sha256().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format
         (generationTime), consumerTokenSalt), Charsets.UTF_8).toString();
   }
 
diff --git a/apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java b/apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/service/ConsumerServiceTest.java
@@ -66,7 +66,6 @@ public class ConsumerServiceTest extends AbstractUnitTest {
   @InjectMocks
   private ConsumerService consumerService;
 
-
   private String someTokenSalt = "someTokenSalt";
   private String testAppId = "testAppId";
   private String testConsumerName = "testConsumerName";
@@ -75,7 +74,6 @@ public class ConsumerServiceTest extends AbstractUnitTest {
   @Before
   public void setUp() throws Exception {
     when(portalConfig.consumerTokenSalt()).thenReturn(someTokenSalt);
-
   }
 
   @Test
@@ -126,9 +124,11 @@ public void testGenerateConsumerToken() throws Exception {
     String someConsumerAppId = "100003171";
     Date generationTime = new GregorianCalendar(2016, Calendar.AUGUST, 9, 12, 10, 50).getTime();
     String tokenSalt = "apollo";
+    String expectedToken = "151067a53d08d70de161fa06b455623741877ce2f019f6e3018844c1a16dd8c6";
+
+    String actualToken = consumerService.generateToken(someConsumerAppId, generationTime, tokenSalt);
 
-    assertEquals("d0da35292dd5079eeb73cc3a5f7c0759afabd806", consumerService
-        .generateToken(someConsumerAppId, generationTime, tokenSalt));
+    assertEquals(expectedToken, actualToken);
   }
 
   @Test

Original file line number	Diff line number	Diff line change
`@@ -250,9 +250,9 @@ void generateAndEnrichToken(Consumer consumer, ConsumerToken consumerToken) {`
`250`	`250`	`.getDataChangeCreatedTime(), portalConfig.consumerTokenSalt()));`
`251`	`251`	`}`
`252`	`252`
`253`		`- String generateToken(String consumerAppId, Date generationTime, String`
`254`		`- consumerTokenSalt) {`
`255`		`- return Hashing.sha1().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format`
	`253`	`+ @SuppressWarnings("UnstableApiUsage")`
	`254`	`+ String generateToken(String consumerAppId, Date generationTime, String consumerTokenSalt) {`
	`255`	`+ return Hashing.sha256().hashString(KEY_JOINER.join(consumerAppId, TIMESTAMP_FORMAT.format`
`256`	`256`	`(generationTime), consumerTokenSalt), Charsets.UTF_8).toString();`
`257`	`257`	`}`
`258`	`258`