From 21f406a2ee59725957caf834d3ccaa7fd76bb432 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 25 Feb 2025 19:32:41 +0100
Subject: fix(pkce): code verifier requires at least 43 characters

---
 .../src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java     | 2 +-
 .../src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'eaaf_core_utils')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java
index 70d8f3fc..2c09b270 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Rfc7636Utils.java
@@ -98,7 +98,7 @@ public class Rfc7636Utils {
   }
 
   private String generateNewRandomValue() {
-    byte[] values = new byte[20];
+    byte[] values = new byte[32];
     random.nextBytes(values);
     return encodeB64(values);
 
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java
index 3bedf3d0..64938d13 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/Rfc7636UtilsTest.java
@@ -27,6 +27,8 @@ public class Rfc7636UtilsTest {
     assertEquals(Method.S256, infos.getCodeMethod());
     assertNotNull(infos.getCodeChallenge());
     assertNotNull(infos.getCodeVerifier());
+    assertTrue("CodeVerifier to short", infos.getCodeVerifier().length() >= 43);
+    assertTrue("CodeVerifier to long", infos.getCodeVerifier().length() <= 128);
     assertTrue(Rfc7636Utils.getInstance().verify(infos));
   }
 
-- 
cgit v1.2.3