Skip to content

Commit

Permalink
Merge pull request #140 from Netflix/redact-tostring
Browse files Browse the repository at this point in the history
Do not include encrypted data in MSL token toString() methods.
  • Loading branch information
wmiaw authored Oct 26, 2016
2 parents 61e4a1c + 8f61767 commit 51095d7
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 28 deletions.
17 changes: 1 addition & 16 deletions core/src/main/java/com/netflix/msl/tokens/MasterToken.java
Original file line number Diff line number Diff line change
Expand Up @@ -571,27 +571,12 @@ public String toJSONString() {
@Override
public String toString() {
try {
final JSONObject sessiondataJO;
if (isDecrypted()) {
sessiondataJO = new JSONObject();
if (issuerData != null)
sessiondataJO.put(KEY_ISSUER_DATA, issuerData);
sessiondataJO.put(KEY_IDENTITY, identity);
sessiondataJO.put(KEY_ENCRYPTION_KEY, encryptionKey);
sessiondataJO.put(KEY_ENCRYPTION_ALGORITHM, encryptionKey.getAlgorithm());
sessiondataJO.put(KEY_HMAC_KEY, signatureKey);
sessiondataJO.put(KEY_SIGNATURE_KEY, signatureKey);
sessiondataJO.put(KEY_SIGNATURE_ALGORITHM, signatureKey.getAlgorithm());
} else {
sessiondataJO = null;
}

final JSONObject tokendataJO = new JSONObject();
tokendataJO.put(KEY_RENEWAL_WINDOW, renewalWindow);
tokendataJO.put(KEY_EXPIRATION, expiration);
tokendataJO.put(KEY_SEQUENCE_NUMBER, sequenceNumber);
tokendataJO.put(KEY_SERIAL_NUMBER, serialNumber);
tokendataJO.put(KEY_SESSIONDATA, sessiondataJO);
tokendataJO.put(KEY_SESSIONDATA, "(redacted)");

final JSONObject jsonObj = new JSONObject();
jsonObj.put(KEY_TOKENDATA, tokendataJO);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -550,7 +550,7 @@ public String toString() {
tokendataJO.put(KEY_NAME, name);
tokendataJO.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, mtSerialNumber);
tokendataJO.put(KEY_USER_ID_TOKEN_SERIAL_NUMBER, uitSerialNumber);
tokendataJO.put(KEY_SERVICEDATA, Base64.encode(servicedata));
tokendataJO.put(KEY_SERVICEDATA, "(redacted)");

final JSONObject jsonObj = new JSONObject();
jsonObj.put(KEY_TOKENDATA, tokendataJO);
Expand Down
12 changes: 1 addition & 11 deletions core/src/main/java/com/netflix/msl/tokens/UserIdToken.java
Original file line number Diff line number Diff line change
Expand Up @@ -453,22 +453,12 @@ public final String toJSONString() {
@Override
public String toString() {
try {
final JSONObject userdataJO;
if (isDecrypted()) {
userdataJO = new JSONObject();
if (issuerData != null)
userdataJO.put(KEY_ISSUER_DATA, issuerData);
userdataJO.put(KEY_IDENTITY, user);
} else {
userdataJO = null;
}

final JSONObject tokendataJO = new JSONObject();
tokendataJO.put(KEY_RENEWAL_WINDOW, renewalWindow);
tokendataJO.put(KEY_EXPIRATION, expiration);
tokendataJO.put(KEY_MASTER_TOKEN_SERIAL_NUMBER, mtSerialNumber);
tokendataJO.put(KEY_SERIAL_NUMBER, serialNumber);
tokendataJO.put(KEY_USERDATA, userdataJO);
tokendataJO.put(KEY_USERDATA, "(redacted)");

final JSONObject jsonObj = new JSONObject();
jsonObj.put(KEY_TOKENDATA, tokendataJO);
Expand Down

0 comments on commit 51095d7

Please sign in to comment.