You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2019/12/15 14:17:07 UTC
[directory-server] branch master updated: Switch to using
MessageDigest.isEqual
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
The following commit(s) were added to refs/heads/master by this push:
new e70bbb2 Switch to using MessageDigest.isEqual
new ba8edb2 Merge pull request #26 from coheigea/messagedigest
e70bbb2 is described below
commit e70bbb2450ef0c8f1ab14dee9c043568e1c32772
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Nov 21 15:13:07 2019 +0000
Switch to using MessageDigest.isEqual
---
.../org/apache/directory/server/core/DefaultDirectoryService.java | 6 +++---
.../directory/server/core/authn/AuthenticationInterceptor.java | 4 ++--
.../kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java | 4 ++--
.../kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java | 4 ++--
.../kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java | 4 ++--
.../kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java | 3 +--
.../shared/kerberos/components/AuthorizationDataEntry.java | 4 ++--
.../org/apache/directory/shared/kerberos/components/Checksum.java | 3 ++-
.../apache/directory/shared/kerberos/components/EncryptedData.java | 3 ++-
.../apache/directory/shared/kerberos/components/EncryptionKey.java | 3 ++-
10 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java b/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
index b77ec0b..f42c3c5 100644
--- a/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
+++ b/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
@@ -29,8 +29,8 @@ import java.io.StringReader;
import java.lang.reflect.Method;
import java.nio.channels.FileLock;
import java.nio.channels.OverlappingFileLockException;
+import java.security.MessageDigest;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -1816,7 +1816,7 @@ public class DefaultDirectoryService implements DirectoryService
}
Value userPassword = adminEntry.get( SchemaConstants.USER_PASSWORD_AT ).get();
- needToChangeAdminPassword = Arrays.equals( PartitionNexus.ADMIN_PASSWORD_BYTES, userPassword.getBytes() );
+ needToChangeAdminPassword = MessageDigest.isEqual( PartitionNexus.ADMIN_PASSWORD_BYTES, userPassword.getBytes() );
if ( needToChangeAdminPassword )
{
@@ -2494,4 +2494,4 @@ public class DefaultDirectoryService implements DirectoryService
{
this.timeProvider = timeProvider;
}
-}
\ No newline at end of file
+}
diff --git a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
index cb42301..c286552 100644
--- a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
+++ b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
@@ -37,8 +37,8 @@ import static org.apache.directory.api.ldap.model.entry.ModificationOperation.RE
import static org.apache.directory.api.ldap.model.entry.ModificationOperation.REPLACE_ATTRIBUTE;
import java.io.IOException;
+import java.security.MessageDigest;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
@@ -1159,7 +1159,7 @@ public class AuthenticationInterceptor extends BaseInterceptor
// https://issues.apache.org/jira/browse/DIRSERVER-2084
if ( !modifyContext.getSession().isAnAdministrator() )
{
- boolean matched = Arrays.equals( newPassword, pwdh.getPassword() );
+ boolean matched = MessageDigest.isEqual( newPassword, pwdh.getPassword() );
if ( matched )
{
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
index 53df843..938e302 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
@@ -21,8 +21,8 @@ package org.apache.directory.server.kerberos.shared.crypto.encryption;
import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
@@ -105,7 +105,7 @@ abstract class AesCtsSha1Encryption extends EncryptionEngine implements Checksum
byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
- if ( !Arrays.equals( oldChecksum, newChecksum ) )
+ if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
index 0891499..52ad725 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
@@ -21,8 +21,8 @@ package org.apache.directory.server.kerberos.shared.crypto.encryption;
import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
@@ -114,7 +114,7 @@ public class Des3CbcSha1KdEncryption extends EncryptionEngine implements Checksu
byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
- if ( !Arrays.equals( oldChecksum, newChecksum ) )
+ if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
index 29b7f90..e1e8ce6 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
@@ -22,8 +22,8 @@ package org.apache.directory.server.kerberos.shared.crypto.encryption;
import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
import java.util.zip.CRC32;
import javax.crypto.Cipher;
@@ -108,7 +108,7 @@ public class DesCbcCrcEncryption extends EncryptionEngine
byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
- if ( !Arrays.equals( oldChecksum, newChecksum ) )
+ if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
index b8693be..a6f85db 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
@@ -24,7 +24,6 @@ import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
@@ -108,7 +107,7 @@ class DesCbcMd5Encryption extends EncryptionEngine
byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
- if ( !Arrays.equals( oldChecksum, newChecksum ) )
+ if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/AuthorizationDataEntry.java b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/AuthorizationDataEntry.java
index 79294b8..db0356d 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/AuthorizationDataEntry.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/AuthorizationDataEntry.java
@@ -19,7 +19,7 @@
*/
package org.apache.directory.shared.kerberos.components;
-
+import java.security.MessageDigest;
import java.util.Arrays;
import org.apache.directory.api.util.Strings;
@@ -163,7 +163,7 @@ public class AuthorizationDataEntry
AuthorizationDataEntry other = ( AuthorizationDataEntry ) obj;
- if ( !Arrays.equals( adData, other.adData ) )
+ if ( !MessageDigest.isEqual( adData, other.adData ) )
{
return false;
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/Checksum.java b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/Checksum.java
index 93f543a..d56a4e8 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/Checksum.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/Checksum.java
@@ -22,6 +22,7 @@ package org.apache.directory.shared.kerberos.components;
import java.nio.BufferOverflowException;
import java.nio.ByteBuffer;
+import java.security.MessageDigest;
import java.util.Arrays;
import org.apache.directory.api.asn1.Asn1Object;
@@ -122,7 +123,7 @@ public class Checksum implements Asn1Object
Checksum that = ( Checksum ) o;
- return ( cksumtype == that.cksumtype ) && ( Arrays.equals( checksum, that.checksum ) );
+ return ( cksumtype == that.cksumtype ) && ( MessageDigest.isEqual( checksum, that.checksum ) );
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptedData.java b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptedData.java
index 68ef733..dfa64da 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptedData.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptedData.java
@@ -22,6 +22,7 @@ package org.apache.directory.shared.kerberos.components;
import java.nio.BufferOverflowException;
import java.nio.ByteBuffer;
+import java.security.MessageDigest;
import java.util.Arrays;
import org.apache.directory.api.asn1.Asn1Object;
@@ -350,7 +351,7 @@ public class EncryptedData implements Asn1Object
EncryptedData other = ( EncryptedData ) obj;
- if ( !Arrays.equals( cipher, other.cipher ) )
+ if ( !MessageDigest.isEqual( cipher, other.cipher ) )
{
return false;
}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptionKey.java b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptionKey.java
index fa72511..91c6ed3 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptionKey.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptionKey.java
@@ -22,6 +22,7 @@ package org.apache.directory.shared.kerberos.components;
import java.nio.BufferOverflowException;
import java.nio.ByteBuffer;
+import java.security.MessageDigest;
import java.util.Arrays;
import org.apache.directory.api.asn1.Asn1Object;
@@ -215,7 +216,7 @@ public class EncryptionKey implements Asn1Object
}
EncryptionKey that = ( EncryptionKey ) o;
- return ( this.keyType == that.keyType ) && ( Arrays.equals( this.keyValue, that.keyValue ) );
+ return ( this.keyType == that.keyType ) && ( MessageDigest.isEqual( this.keyValue, that.keyValue ) );
}