root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

MINOR: Use MessageDigest equals when comparing signature (#10898)

This commit is contained in:
Randall Hauch 2021-06-18 09:53:23 -05:00
parent 2cdac40d33
commit 0faa9e6793
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java
View File

@ -24,6 +24,7 @@ import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.ws.rs.core.HttpHeaders;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
@ -108,7 +109,7 @@ public class InternalRequestSignature {
}
public boolean isValid(SecretKey key) {
return Arrays.equals(sign(mac, key, requestBody), requestSignature);
return MessageDigest.isEqual(sign(mac, key, requestBody), requestSignature);
}
private static Mac mac(String signatureAlgorithm) throws NoSuchAlgorithmException {