You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by rh...@apache.org on 2021/06/18 23:05:28 UTC
[kafka] branch 2.6 updated: MINOR: Use MessageDigest equals when
comparing signature (#10898)
This is an automated email from the ASF dual-hosted git repository.
rhauch pushed a commit to branch 2.6
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.6 by this push:
new 03bc8aa MINOR: Use MessageDigest equals when comparing signature (#10898)
03bc8aa is described below
commit 03bc8aa3e65676a4e9604a5471ef8cd54825ea3c
Author: Randall Hauch <rh...@gmail.com>
AuthorDate: Fri Jun 18 09:53:23 2021 -0500
MINOR: Use MessageDigest equals when comparing signature (#10898)
---
.../apache/kafka/connect/runtime/rest/InternalRequestSignature.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java
index d59425b..3cee577 100644
--- a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java
+++ b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java
@@ -24,6 +24,7 @@ import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.ws.rs.core.HttpHeaders;
import java.security.InvalidKeyException;
+import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
@@ -108,7 +109,7 @@ public class InternalRequestSignature {
}
public boolean isValid(SecretKey key) {
- return Arrays.equals(sign(mac, key, requestBody), requestSignature);
+ return MessageDigest.isEqual(sign(mac, key, requestBody), requestSignature);
}
private static Mac mac(String signatureAlgorithm) throws NoSuchAlgorithmException {