Introduce a separate method for hashing

wso2-extensions · Oct 5, 2023 · c582197 · c582197
1 parent 4c7abc0
commit c582197
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 18 deletions.
diff --git a/...c/main/java/org/wso2/carbon/identity/recovery/confirmation/ResendConfirmationManager.java b/...c/main/java/org/wso2/carbon/identity/recovery/confirmation/ResendConfirmationManager.java
@@ -47,10 +47,10 @@
 import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
 import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
 import org.wso2.carbon.identity.recovery.util.Utils;
-import org.wso2.carbon.user.api.UserStoreException;
 
 import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
+import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.UUID;
 
@@ -183,8 +183,8 @@ public ResendConfirmationDTO resendConfirmation(String tenantDomain, String rese
             confirmationCode = Utils.concatRecoveryFlowIdWithSecretKey(recoveryFlowId, notificationChannel,
                     confirmationCode);
             try {
-                hashedConfirmationCode = Utils.doHash(confirmationCode);
-            } catch (UserStoreException e) {
+                hashedConfirmationCode = Utils.hashCode(confirmationCode);
+            } catch (NoSuchAlgorithmException e) {
                 throw Utils.handleServerException(
                         IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
             }

diff --git a/.../carbon/identity/recovery/internal/service/impl/password/PasswordRecoveryManagerImpl.java b/.../carbon/identity/recovery/internal/service/impl/password/PasswordRecoveryManagerImpl.java
@@ -54,8 +54,8 @@
 import org.wso2.carbon.identity.user.functionality.mgt.UserFunctionalityManager;
 import org.wso2.carbon.identity.user.functionality.mgt.exception.UserFunctionalityManagementException;
 import org.wso2.carbon.identity.user.functionality.mgt.model.FunctionalityLockStatus;
-import org.wso2.carbon.user.api.UserStoreException;
 
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Map;
 import java.util.UUID;
@@ -195,10 +195,10 @@ public PasswordResetCodeDTO confirm(String confirmationCode, String tenantDomain
         // Get Recovery data.
         UserRecoveryData userRecoveryData;
         try {
-            String hashedConfirmationCode = Utils.doHash(confirmationCode);
+            String hashedConfirmationCode = Utils.hashCode(confirmationCode);
             userRecoveryData = userAccountRecoveryManager
                     .getUserRecoveryData(hashedConfirmationCode, RecoverySteps.UPDATE_PASSWORD);
-        } catch (UserStoreException e) {
+        } catch (NoSuchAlgorithmException e) {
             throw Utils.handleServerException(
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
         } catch (IdentityRecoveryException e) {
@@ -260,8 +260,8 @@ public PasswordResetCodeDTO confirm(String otp, String confirmationCode, String
                     userRecoveryData.getUser().getUserStoreDomain());
             String hashedCode;
             try {
-                hashedCode = Utils.doHash(code);
-            } catch (UserStoreException e) {
+                hashedCode = Utils.hashCode(code);
+            } catch (NoSuchAlgorithmException e) {
                 throw Utils.handleServerException(
                         IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
             }

diff --git a/.../java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java b/.../java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
@@ -65,6 +65,7 @@
 
 import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
+import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -262,8 +263,8 @@ private UserRecoveryData generateNewConfirmationCode(User user, String notificat
                 RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY.name());
         secretKey = Utils.concatRecoveryFlowIdWithSecretKey(recoveryFlowId, notificationChannel, secretKey);
         try {
-            hashedSecretKey = Utils.doHash(secretKey);
-        } catch (UserStoreException e) {
+            hashedSecretKey = Utils.hashCode(secretKey);
+        } catch (NoSuchAlgorithmException e) {
             throw Utils.handleServerException(
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
         }
@@ -583,9 +584,9 @@ public User updateUserPassword(String code, String password, Property[] properti
         UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
         UserRecoveryData userRecoveryData;
         try {
-            String hashedCode = Utils.doHash(code);
+            String hashedCode = Utils.hashCode(code);
             userRecoveryData = userRecoveryDataStore.load(hashedCode);
-        } catch (UserStoreException e) {
+        } catch (NoSuchAlgorithmException e) {
             throw Utils.handleServerException(
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
         } catch (IdentityRecoveryException e) {
@@ -692,13 +693,13 @@ public User updateUserPassword(String code, String confirmationCode, String pass
 
             String hashedCode;
             try {
-                hashedCode = Utils.doHash(code);
-            } catch (UserStoreException e) {
+                hashedCode = Utils.hashCode(code);
+            } catch (NoSuchAlgorithmException e) {
                 throw Utils.handleServerException(
                         IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
             }
-            if (!StringUtils.equals(hashedCode, userRecoveryData.getSecret()) && !StringUtils.equals(code,
-                    userRecoveryData.getSecret())) {
+            if (!(StringUtils.equals(hashedCode, userRecoveryData.getSecret()) || StringUtils.equals(code,
+                    userRecoveryData.getSecret()))) {
                 if ((failedAttempts + 1) >= Integer.parseInt(Utils.getRecoveryConfigs(IdentityRecoveryConstants.
                         ConnectorConfig.RECOVERY_OTP_PASSWORD_MAX_FAILED_ATTEMPTS, userRecoveryData.getUser().
                         getTenantDomain()))) {
@@ -1076,9 +1077,9 @@ public User getValidatedUser(String code, String recoveryStep) throws IdentityRe
         UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
         UserRecoveryData userRecoveryData;
         try {
-            String hashedCode = Utils.doHash(code);
+            String hashedCode = Utils.hashCode(code);
             userRecoveryData = userRecoveryDataStore.load(hashedCode);
-        } catch (UserStoreException e) {
+        } catch (NoSuchAlgorithmException e) {
             throw Utils.handleServerException(
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO_FOR_CODE, null);
         } catch (IdentityRecoveryException e) {

diff --git a/....carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java b/....carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java
@@ -427,6 +427,19 @@ public static String doHash(String value) throws UserStoreException {
         }
     }
 
+    /**
+     * @param value     Value to be hashed
+     * @return          Hashed value
+     * @throws NoSuchAlgorithmException If the algorithm is not found.
+     */
+    public static String hashCode(String value) throws NoSuchAlgorithmException {
+
+        String digsestFunction = "SHA-256";
+        MessageDigest dgst = MessageDigest.getInstance(digsestFunction);
+        byte[] byteValue = dgst.digest(value.getBytes(StandardCharsets.UTF_8));
+        return Base64.encode(byteValue);
+    }
+
     /**
      * Set claim to user store manager
      *