-
Notifications
You must be signed in to change notification settings - Fork 728
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3794 from nuwandiw/master
Adding token hashing migration
- Loading branch information
Showing
4 changed files
with
261 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
120 changes: 120 additions & 0 deletions
120
...gration-service/src/main/java/org/wso2/carbon/is/migration/service/v570/dao/OAuthDAO.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| package org.wso2.carbon.is.migration.service.v570.dao; | ||
|
|
||
| import org.wso2.carbon.is.migration.service.v550.bean.AuthzCodeInfo; | ||
| import org.wso2.carbon.is.migration.service.v550.bean.OauthTokenInfo; | ||
| import java.sql.Connection; | ||
| import java.sql.PreparedStatement; | ||
| import java.sql.ResultSet; | ||
| import java.sql.SQLException; | ||
| import java.util.ArrayList; | ||
| import java.util.List; | ||
|
|
||
| public class OAuthDAO { | ||
|
|
||
| private static OAuthDAO instance = new OAuthDAO(); | ||
|
|
||
| public static final String UPDATE_ACCESS_TOKEN = "UPDATE IDN_OAUTH2_ACCESS_TOKEN SET " + | ||
| "ACCESS_TOKEN_HASH=?, REFRESH_TOKEN_HASH=? WHERE TOKEN_ID=?"; | ||
|
|
||
| public static final String RETRIEVE_ALL_TOKENS = "SELECT ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH, TOKEN_ID FROM " + | ||
| "IDN_OAUTH2_ACCESS_TOKEN"; | ||
|
|
||
| public static final String RETRIEVE_ALL_AUTHORIZATION_CODES = "SELECT AUTHORIZATION_CODE, CODE_ID, " + | ||
| "AUTHORIZATION_CODE_HASH FROM IDN_OAUTH2_AUTHORIZATION_CODE"; | ||
|
|
||
| public static final String UPDATE_AUTHORIZATION_CODE = | ||
| "UPDATE IDN_OAUTH2_AUTHORIZATION_CODE SET AUTHORIZATION_CODE_HASH=? WHERE CODE_ID=?"; | ||
|
|
||
| private OAuthDAO() { } | ||
|
|
||
| public static OAuthDAO getInstance() { | ||
|
|
||
| return instance; | ||
| } | ||
|
|
||
| /** | ||
| * Method to retrieve access token records from database | ||
| * | ||
| * @param connection | ||
| * @return list of token info | ||
| * @throws SQLException | ||
| */ | ||
| public List<OauthTokenInfo> getAllAccessTokens(Connection connection) throws SQLException { | ||
| List<OauthTokenInfo> oauthTokenInfos = new ArrayList<>(); | ||
| try (PreparedStatement preparedStatement = connection.prepareStatement(RETRIEVE_ALL_TOKENS); | ||
| ResultSet resultSet = preparedStatement.executeQuery()) { | ||
| OauthTokenInfo oauthTokenInfo; | ||
| while (resultSet.next()) { | ||
| oauthTokenInfo = new OauthTokenInfo(resultSet.getString("TOKEN_ID")); | ||
| oauthTokenInfo.setAccessTokenHash(resultSet.getString("ACCESS_TOKEN_HASH")); | ||
| oauthTokenInfo.setRefreshTokenhash(resultSet.getString("REFRESH_TOKEN_HASH")); | ||
| oauthTokenInfos.add(oauthTokenInfo); | ||
| } | ||
| } | ||
| return oauthTokenInfos; | ||
| } | ||
|
|
||
| /** | ||
| * Method to persist modified token hash in database | ||
| * | ||
| * @param updatedOauthTokenList | ||
| * @param connection | ||
| * @throws SQLException | ||
| */ | ||
| public void updateNewTokenHash(List<OauthTokenInfo> updatedOauthTokenList, Connection connection) | ||
| throws SQLException { | ||
|
|
||
| try (PreparedStatement preparedStatement = connection.prepareStatement(UPDATE_ACCESS_TOKEN)) { | ||
| for (OauthTokenInfo oauthTokenInfo : updatedOauthTokenList) { | ||
| preparedStatement.setString(1, oauthTokenInfo.getAccessTokenHash()); | ||
| preparedStatement.setString(2, oauthTokenInfo.getRefreshTokenhash()); | ||
| preparedStatement.setString(3, oauthTokenInfo.getTokenId()); | ||
| preparedStatement.addBatch(); | ||
| } | ||
| preparedStatement.executeBatch(); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Method to retrieve all the authorization codes from the database | ||
| * | ||
| * @param connection | ||
| * @return list of authorization codes | ||
| * @throws SQLException | ||
| */ | ||
| public List<AuthzCodeInfo> getAllAuthzCodes(Connection connection) throws SQLException { | ||
|
|
||
| List<AuthzCodeInfo> authzCodeInfoList = new ArrayList<>(); | ||
| try (PreparedStatement preparedStatement = connection.prepareStatement(RETRIEVE_ALL_AUTHORIZATION_CODES); | ||
| ResultSet resultSet = preparedStatement.executeQuery()) { | ||
| AuthzCodeInfo authzCodeInfo; | ||
| while (resultSet.next()) { | ||
| authzCodeInfo = new AuthzCodeInfo(resultSet.getString("AUTHORIZATION_CODE"), | ||
| resultSet.getString("CODE_ID")); | ||
| authzCodeInfo.setAuthorizationCodeHash(resultSet.getString("AUTHORIZATION_CODE_HASH")); | ||
| authzCodeInfoList.add(authzCodeInfo); | ||
| } | ||
| } | ||
| return authzCodeInfoList; | ||
| } | ||
|
|
||
| /** | ||
| * Method to update the authorization code table with modified authorization code hashes. | ||
| * | ||
| * @param updatedAuthzCodeList List of updated authorization codes | ||
| * @param connection database connection | ||
| * @throws SQLException | ||
| */ | ||
| public void updateNewAuthzCodeHash(List<AuthzCodeInfo> updatedAuthzCodeList, Connection connection) | ||
| throws SQLException { | ||
|
|
||
| try (PreparedStatement preparedStatement = connection.prepareStatement(UPDATE_AUTHORIZATION_CODE)) { | ||
| for (AuthzCodeInfo authzCodeInfo : updatedAuthzCodeList) { | ||
| preparedStatement.setString(1, authzCodeInfo.getAuthorizationCodeHash()); | ||
| preparedStatement.setString(2, authzCodeInfo.getCodeId()); | ||
| preparedStatement.addBatch(); | ||
| } | ||
| preparedStatement.executeBatch(); | ||
| } | ||
| } | ||
| } |
131 changes: 131 additions & 0 deletions
131
...e/src/main/java/org/wso2/carbon/is/migration/service/v570/migrator/OAuthDataMigrator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,131 @@ | ||
| package org.wso2.carbon.is.migration.service.v570.migrator; | ||
|
|
||
| import org.apache.commons.logging.Log; | ||
| import org.apache.commons.logging.LogFactory; | ||
| import org.json.JSONObject; | ||
| import org.wso2.carbon.identity.core.migrate.MigrationClientException; | ||
| import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration; | ||
| import org.wso2.carbon.is.migration.service.Migrator; | ||
| import org.wso2.carbon.is.migration.service.v550.bean.AuthzCodeInfo; | ||
| import org.wso2.carbon.is.migration.service.v550.bean.OauthTokenInfo; | ||
| import org.wso2.carbon.is.migration.service.v570.dao.OAuthDAO; | ||
| import org.wso2.carbon.is.migration.util.Constant; | ||
|
|
||
| import java.sql.Connection; | ||
| import java.sql.SQLException; | ||
| import java.util.List; | ||
|
|
||
| public class OAuthDataMigrator extends Migrator { | ||
|
|
||
| private static final Log log = LogFactory.getLog(OAuthDataMigrator.class); | ||
| private static String hashingAlgo = OAuthServerConfiguration.getInstance().getHashAlgorithm(); | ||
| private static final String ALGORITHM = "algorithm"; | ||
| private static final String HASH = "hash"; | ||
|
|
||
| @Override | ||
| public void migrate() throws MigrationClientException { | ||
|
|
||
| migrateTokenHash(); | ||
| migrateAuthzCodeHash(); | ||
| } | ||
|
|
||
| public void migrateTokenHash() throws MigrationClientException { | ||
|
|
||
| log.info(Constant.MIGRATION_LOG + "Migration starting on OAuth2 access token table."); | ||
|
|
||
| List<OauthTokenInfo> tokenInfoList = getTokenList(); | ||
| updateHashColumnValues(tokenInfoList, hashingAlgo); | ||
|
|
||
| try (Connection connection = getDataSource().getConnection()) { | ||
| //persists modified hash values | ||
| OAuthDAO.getInstance().updateNewTokenHash(tokenInfoList, connection); | ||
| connection.commit(); | ||
| } catch (SQLException e) { | ||
| String error = "SQL error while updating token hash"; | ||
| throw new MigrationClientException(error, e); | ||
| } | ||
|
|
||
| } | ||
|
|
||
| public void migrateAuthzCodeHash() throws MigrationClientException { | ||
|
|
||
| log.info(Constant.MIGRATION_LOG + "Migration starting on Authorization code table"); | ||
|
|
||
| List<AuthzCodeInfo> authzCodeInfos = getAuthzCoedList(); | ||
| updateAuthzCodeHashColumnValues(authzCodeInfos, hashingAlgo); | ||
|
|
||
| try (Connection connection = getDataSource().getConnection()) { | ||
| //persists modified hash values | ||
| OAuthDAO.getInstance().updateNewAuthzCodeHash(authzCodeInfos, connection); | ||
| connection.commit(); | ||
| } catch (SQLException e) { | ||
| String error = "SQL error while updating authorization code hash"; | ||
| throw new MigrationClientException(error, e); | ||
| } | ||
| } | ||
|
|
||
| private List<OauthTokenInfo> getTokenList() throws MigrationClientException { | ||
|
|
||
| List<OauthTokenInfo> oauthTokenList; | ||
| try (Connection connection = getDataSource().getConnection()) { | ||
| oauthTokenList = OAuthDAO.getInstance().getAllAccessTokens(connection); | ||
| connection.commit(); | ||
| } catch (SQLException e) { | ||
| String error = "SQL error while retrieving token hash"; | ||
| throw new MigrationClientException(error, e); | ||
| } | ||
|
|
||
| return oauthTokenList; | ||
| } | ||
|
|
||
| private List<AuthzCodeInfo> getAuthzCoedList() throws MigrationClientException { | ||
|
|
||
| List<AuthzCodeInfo> authzCodeInfoList; | ||
| try (Connection connection = getDataSource().getConnection()) { | ||
| authzCodeInfoList = OAuthDAO.getInstance().getAllAuthzCodes(connection); | ||
| connection.commit(); | ||
| } catch (SQLException e) { | ||
| String error = "SQL error while retrieving authorization code hash"; | ||
| throw new MigrationClientException(error, e); | ||
| } | ||
|
|
||
| return authzCodeInfoList; | ||
| } | ||
|
|
||
| private void updateHashColumnValues(List<OauthTokenInfo> oauthTokenList, String hashAlgorithm) { | ||
|
|
||
| if (oauthTokenList != null) { | ||
| JSONObject accessTokenHashObject; | ||
| JSONObject refreshTokenHashObject; | ||
|
|
||
| for (OauthTokenInfo tokenInfo : oauthTokenList) { | ||
| accessTokenHashObject = new JSONObject(); | ||
| String oldAccessTokenHash = tokenInfo.getAccessTokenHash(); | ||
| accessTokenHashObject.put(ALGORITHM, hashAlgorithm); | ||
| accessTokenHashObject.put(HASH, oldAccessTokenHash); | ||
| tokenInfo.setAccessTokenHash(accessTokenHashObject.toString()); | ||
|
|
||
| refreshTokenHashObject = new JSONObject(); | ||
| String oldRefreshTokenHash = tokenInfo.getRefreshTokenhash(); | ||
| refreshTokenHashObject.put(ALGORITHM, hashAlgorithm); | ||
| refreshTokenHashObject.put(HASH,oldRefreshTokenHash); | ||
| tokenInfo.setRefreshTokenhash(refreshTokenHashObject.toString()); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| private void updateAuthzCodeHashColumnValues(List<AuthzCodeInfo> authzCodeInfos, String hashAlgorithm) { | ||
|
|
||
| if (authzCodeInfos != null) { | ||
| JSONObject authzCodeHashObject; | ||
|
|
||
| for (AuthzCodeInfo authzCodeInfo : authzCodeInfos) { | ||
| authzCodeHashObject = new JSONObject(); | ||
| String oldAuthzCodeHash = authzCodeInfo.getAuthorizationCodeHash(); | ||
| authzCodeHashObject.put(ALGORITHM, hashAlgorithm); | ||
| authzCodeHashObject.put(HASH, oldAuthzCodeHash); | ||
| authzCodeInfo.setAuthorizationCodeHash(authzCodeHashObject.toString()); | ||
| } | ||
| } | ||
| } | ||
| } |