You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2019/04/01 09:51:41 UTC
svn commit: r1856716 -
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
Author: coheigea
Date: Mon Apr 1 09:51:40 2019
New Revision: 1856716
URL: http://svn.apache.org/viewvc?rev=1856716&view=rev
Log:
Use MessageDigest.isEqual in a few places
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java?rev=1856716&r1=1856715&r2=1856716&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java Mon Apr 1 09:51:40 2019
@@ -19,12 +19,12 @@
package org.apache.wss4j.dom.saml;
+import java.security.MessageDigest;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -188,14 +188,14 @@ public final class DOMSAMLUtil {
WSSecurityEngineResult signedResult
) {
if (secretKey != null && subjectSecretKey != null) {
- if (Arrays.equals(secretKey, subjectSecretKey)) {
+ if (MessageDigest.isEqual(secretKey, subjectSecretKey)) {
return true;
} else {
Principal principal =
(Principal)signedResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principal instanceof WSDerivedKeyTokenPrincipal) {
secretKey = ((WSDerivedKeyTokenPrincipal)principal).getSecret();
- if (Arrays.equals(secretKey, subjectSecretKey)) {
+ if (MessageDigest.isEqual(secretKey, subjectSecretKey)) {
return true;
}
}