You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/12/30 16:27:19 UTC
cxf git commit: Doing a better bytes comparison in some of JAXRS
OAuth2/Jose code
Repository: cxf
Updated Branches:
refs/heads/master 23cc548db -> e66ce235e
Doing a better bytes comparison in some of JAXRS OAuth2/Jose code
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e66ce235
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e66ce235
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e66ce235
Branch: refs/heads/master
Commit: e66ce235ee5f8dbde467c8c23eeb622b072d0bf3
Parents: 23cc548
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Dec 30 16:27:03 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Dec 30 16:27:03 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java | 4 ++--
.../cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java | 4 ++--
.../oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e66ce235/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
index ee7a91f..bd51ce8 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
@@ -18,8 +18,8 @@
*/
package org.apache.cxf.rs.security.jose.jwe;
+import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
import javax.crypto.spec.IvParameterSpec;
@@ -56,7 +56,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
jweDecryptionInput.getDecodedJsonHeaders());
macState.mac.update(jweDecryptionInput.getEncryptedContent());
byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
- if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
+ if (!MessageDigest.isEqual(actualAuthTag, expectedAuthTag)) {
LOG.warning("Invalid authentication tag");
throw new JweException(JweException.Error.CONTENT_DECRYPTION_FAILURE);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e66ce235/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 7910659..66b5d5c 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -18,8 +18,8 @@
*/
package org.apache.cxf.rs.security.jose.jws;
+import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
@@ -53,7 +53,7 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
@Override
public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) {
byte[] expected = computeMac(headers, unsignedText);
- return Arrays.equals(expected, signature);
+ return MessageDigest.isEqual(expected, signature);
}
private byte[] computeMac(JwsHeaders headers, String text) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e66ce235/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
index d9d70a5..aa17a4e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
@@ -19,7 +19,7 @@
package org.apache.cxf.rs.security.oauth2.tokens.hawk;
import java.net.URI;
-import java.util.Arrays;
+import java.security.MessageDigest;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -78,7 +78,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
byte[] clientMacData = Base64Utility.decode(clientMacString);
- boolean validMac = Arrays.equals(serverMacData, clientMacData);
+ boolean validMac = MessageDigest.isEqual(serverMacData, clientMacData);
if (!validMac) {
AuthorizationUtils.throwAuthorizationFailure(Collections
.singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));