You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/07/01 21:24:30 UTC
shiro git commit: SHIRO-547 Use MessageDigest.isEqual when comparing
digests
Repository: shiro
Updated Branches:
refs/heads/master 3ca513f1f -> 7d6f53c5d
SHIRO-547 Use MessageDigest.isEqual when comparing digests
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/7d6f53c5
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/7d6f53c5
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/7d6f53c5
Branch: refs/heads/master
Commit: 7d6f53c5d73582660eac2e6f3194b5d1e910d5ce
Parents: 3ca513f
Author: Brian Demers <bd...@apache.org>
Authored: Fri Jul 1 17:09:42 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Fri Jul 1 17:09:42 2016 -0400
----------------------------------------------------------------------
.../apache/shiro/authc/credential/SimpleCredentialsMatcher.java | 3 ++-
.../src/main/java/org/apache/shiro/crypto/hash/AbstractHash.java | 2 +-
.../src/main/java/org/apache/shiro/crypto/hash/SimpleHash.java | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/7d6f53c5/core/src/main/java/org/apache/shiro/authc/credential/SimpleCredentialsMatcher.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/shiro/authc/credential/SimpleCredentialsMatcher.java b/core/src/main/java/org/apache/shiro/authc/credential/SimpleCredentialsMatcher.java
index 70972fd..55eb47e 100644
--- a/core/src/main/java/org/apache/shiro/authc/credential/SimpleCredentialsMatcher.java
+++ b/core/src/main/java/org/apache/shiro/authc/credential/SimpleCredentialsMatcher.java
@@ -24,6 +24,7 @@ import org.apache.shiro.codec.CodecSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.security.MessageDigest;
import java.util.Arrays;
@@ -103,7 +104,7 @@ public class SimpleCredentialsMatcher extends CodecSupport implements Credential
}
byte[] tokenBytes = toBytes(tokenCredentials);
byte[] accountBytes = toBytes(accountCredentials);
- return Arrays.equals(tokenBytes, accountBytes);
+ return MessageDigest.isEqual(tokenBytes, accountBytes);
} else {
return accountCredentials.equals(tokenCredentials);
}
http://git-wip-us.apache.org/repos/asf/shiro/blob/7d6f53c5/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/AbstractHash.java
----------------------------------------------------------------------
diff --git a/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/AbstractHash.java b/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/AbstractHash.java
index 5ec16da..27e13dc 100644
--- a/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/AbstractHash.java
+++ b/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/AbstractHash.java
@@ -277,7 +277,7 @@ public abstract class AbstractHash extends CodecSupport implements Hash, Seriali
public boolean equals(Object o) {
if (o instanceof Hash) {
Hash other = (Hash) o;
- return Arrays.equals(getBytes(), other.getBytes());
+ return MessageDigest.isEqual(getBytes(), other.getBytes());
}
return false;
}
http://git-wip-us.apache.org/repos/asf/shiro/blob/7d6f53c5/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHash.java
----------------------------------------------------------------------
diff --git a/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHash.java b/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHash.java
index b3c8a33..dab8b4c 100644
--- a/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHash.java
+++ b/crypto/hash/src/main/java/org/apache/shiro/crypto/hash/SimpleHash.java
@@ -412,7 +412,7 @@ public class SimpleHash extends AbstractHash {
public boolean equals(Object o) {
if (o instanceof Hash) {
Hash other = (Hash) o;
- return Arrays.equals(getBytes(), other.getBytes());
+ return MessageDigest.isEqual(getBytes(), other.getBytes());
}
return false;
}