diff --git a/src/IdentityServer/Configuration/CryptoHelper.cs b/src/IdentityServer/Configuration/CryptoHelper.cs
index 6e67a85a0..2abe3bdb3 100644
--- a/src/IdentityServer/Configuration/CryptoHelper.cs
+++ b/src/IdentityServer/Configuration/CryptoHelper.cs
@@ -69,16 +69,23 @@ public static RsaSecurityKey CreateRsaSecurityKey(RSAParameters parameters, stri
///
public static string CreateHashClaimValue(string value, string tokenSigningAlgorithm)
{
- using (var sha = GetHashAlgorithmForSigningAlgorithm(tokenSigningAlgorithm))
+ var signingAlgorithmBits = int.Parse(tokenSigningAlgorithm.Substring(tokenSigningAlgorithm.Length - 3));
+ var toHash = Encoding.ASCII.GetBytes(value);
+
+ var hash = signingAlgorithmBits switch
{
- var hash = sha.ComputeHash(Encoding.ASCII.GetBytes(value));
- var size = (sha.HashSize / 8) / 2;
+ 256 => SHA256.HashData(toHash),
+ 384 => SHA384.HashData(toHash),
+ 512 => SHA512.HashData(toHash),
+ _ => throw new InvalidOperationException($"Invalid signing algorithm: {tokenSigningAlgorithm}"),
+ };
- var leftPart = new byte[size];
- Array.Copy(hash, leftPart, size);
+ var size = (signingAlgorithmBits / 8) / 2;
- return Base64Url.Encode(leftPart);
- }
+ var leftPart = new byte[size];
+ Array.Copy(hash, leftPart, size);
+
+ return Base64Url.Encode(leftPart);
}
///
diff --git a/src/IdentityServer/Extensions/HashExtensions.cs b/src/IdentityServer/Extensions/HashExtensions.cs
index 34db32617..3979e7690 100644
--- a/src/IdentityServer/Extensions/HashExtensions.cs
+++ b/src/IdentityServer/Extensions/HashExtensions.cs
@@ -23,13 +23,10 @@ public static string Sha256(this string input)
{
if (input.IsMissing()) return string.Empty;
- using (var sha = SHA256.Create())
- {
- var bytes = Encoding.UTF8.GetBytes(input);
- var hash = sha.ComputeHash(bytes);
+ var bytes = Encoding.UTF8.GetBytes(input);
+ var hash = SHA256.HashData(bytes);
- return Convert.ToBase64String(hash);
- }
+ return Convert.ToBase64String(hash);
}
///
@@ -44,10 +41,7 @@ public static byte[] Sha256(this byte[] input)
return null;
}
- using (var sha = SHA256.Create())
- {
- return sha.ComputeHash(input);
- }
+ return SHA256.HashData(input);
}
///
@@ -59,12 +53,9 @@ public static string Sha512(this string input)
{
if (input.IsMissing()) return string.Empty;
- using (var sha = SHA512.Create())
- {
- var bytes = Encoding.UTF8.GetBytes(input);
- var hash = sha.ComputeHash(bytes);
+ var bytes = Encoding.UTF8.GetBytes(input);
+ var hash = SHA512.HashData(bytes);
- return Convert.ToBase64String(hash);
- }
+ return Convert.ToBase64String(hash);
}
}
\ No newline at end of file
diff --git a/src/IdentityServer/Extensions/ValidatedAuthorizeRequestExtensions.cs b/src/IdentityServer/Extensions/ValidatedAuthorizeRequestExtensions.cs
index b228c0f7f..5b07d033d 100644
--- a/src/IdentityServer/Extensions/ValidatedAuthorizeRequestExtensions.cs
+++ b/src/IdentityServer/Extensions/ValidatedAuthorizeRequestExtensions.cs
@@ -155,12 +155,7 @@ public static string GenerateSessionStateValue(this ValidatedAuthorizeRequest re
}
var bytes = Encoding.UTF8.GetBytes(clientId + origin + sessionId + salt);
- byte[] hash;
-
- using (var sha = SHA256.Create())
- {
- hash = sha.ComputeHash(bytes);
- }
+ var hash = SHA256.HashData(bytes);
return Base64Url.Encode(hash) + "." + salt;
}
diff --git a/src/IdentityServer/Models/Messages/ConsentRequest.cs b/src/IdentityServer/Models/Messages/ConsentRequest.cs
index e33bce6f9..a3ea43764 100644
--- a/src/IdentityServer/Models/Messages/ConsentRequest.cs
+++ b/src/IdentityServer/Models/Messages/ConsentRequest.cs
@@ -88,13 +88,10 @@ public string Id
var normalizedScopes = ScopesRequested?.OrderBy(x => x).Distinct().Aggregate((x, y) => x + "," + y);
var value = $"{ClientId}:{Subject}:{Nonce}:{normalizedScopes}";
- using (var sha = SHA256.Create())
- {
- var bytes = Encoding.UTF8.GetBytes(value);
- var hash = sha.ComputeHash(bytes);
+ var bytes = Encoding.UTF8.GetBytes(value);
+ var hash = SHA256.HashData(bytes);
- return Base64Url.Encode(hash);
- }
+ return Base64Url.Encode(hash);
}
}
}
\ No newline at end of file
diff --git a/src/IdentityServer/Stores/Default/DefaultGrantStore.cs b/src/IdentityServer/Stores/Default/DefaultGrantStore.cs
index 127282e0a..107cd653e 100644
--- a/src/IdentityServer/Stores/Default/DefaultGrantStore.cs
+++ b/src/IdentityServer/Stores/Default/DefaultGrantStore.cs
@@ -98,12 +98,9 @@ protected virtual string GetHashedKey(string value)
if (value.EndsWith(HexEncodingFormatSuffix))
{
// newer format >= v6; uses hex encoding to avoid collation issues
- using (var sha = SHA256.Create())
- {
- var bytes = Encoding.UTF8.GetBytes(key);
- var hash = sha.ComputeHash(bytes);
- return BitConverter.ToString(hash).Replace("-", "");
- }
+ var bytes = Encoding.UTF8.GetBytes(key);
+ var hash = SHA256.HashData(bytes);
+ return BitConverter.ToString(hash).Replace("-", "");
}
// old format <= v5
diff --git a/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs b/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs
index 526deb012..316e9c3e8 100644
--- a/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs
+++ b/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs
@@ -300,9 +300,8 @@ protected virtual async Task ValidatePayloadAsync(DPoPProofValidatonContext cont
return;
}
- using var sha = SHA256.Create();
var bytes = Encoding.UTF8.GetBytes(context.AccessToken);
- var hash = sha.ComputeHash(bytes);
+ var hash = SHA256.HashData(bytes);
var accessTokenHash = Base64Url.Encode(hash);
if (accessTokenHash != result.AccessTokenHash)