Skip to content

Commit

Permalink
[fix][broker] Use MessageDigest.isEqual when comparing digests (#21061)
Browse files Browse the repository at this point in the history 
(cherry picked from commit c05954e)
  • Loading branch information
@Crispy-fried-chicken @michaeljmarshall
Crispy-fried-chicken authored and michaeljmarshall committed Aug 24, 2023
1 parent c644849 commit 6274fa0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ...-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/SaslRoleTokenSigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ public String verifyAndExtract(String signedStr) throws AuthenticationException
String originalSignature = signedStr.substring(index + SIGNATURE.length());
String rawValue = signedStr.substring(0, index);
String currentSignature = computeSignature(rawValue);
if (!originalSignature.equals(currentSignature)) {
if (!MessageDigest.isEqual(originalSignature.getBytes(), currentSignature.getBytes())){
throw new AuthenticationException("Invalid signature");
}
return rawValue;
Expand Down

0 comments on commit 6274fa0

Please sign in to comment.