You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by co...@apache.org on 2019/04/01 09:51:41 UTC

svn commit: r1856716 - /webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java

Author: coheigea
Date: Mon Apr  1 09:51:40 2019
New Revision: 1856716

URL: http://svn.apache.org/viewvc?rev=1856716&view=rev
Log:
Use MessageDigest.isEqual in a few places

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java?rev=1856716&r1=1856715&r2=1856716&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java Mon Apr  1 09:51:40 2019
@@ -19,12 +19,12 @@
 
 package org.apache.wss4j.dom.saml;
 
+import java.security.MessageDigest;
 import java.security.Principal;
 import java.security.PublicKey;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -188,14 +188,14 @@ public final class DOMSAMLUtil  {
         WSSecurityEngineResult signedResult
     ) {
         if (secretKey != null && subjectSecretKey != null) {
-            if (Arrays.equals(secretKey, subjectSecretKey)) {
+            if (MessageDigest.isEqual(secretKey, subjectSecretKey)) {
                 return true;
             } else {
                 Principal principal =
                     (Principal)signedResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                 if (principal instanceof WSDerivedKeyTokenPrincipal) {
                     secretKey = ((WSDerivedKeyTokenPrincipal)principal).getSecret();
-                    if (Arrays.equals(secretKey, subjectSecretKey)) {
+                    if (MessageDigest.isEqual(secretKey, subjectSecretKey)) {
                         return true;
                     }
                 }