This is an automated email from the ASF dual-hosted git repository. rhauch pushed a commit to branch 2.5 in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.5 by this push: new 221a6d3 MINOR: Use MessageDigest equals when comparing signature (#10898) 221a6d3 is described below commit 221a6d35957b24004b9b48433b2ab2f2d2fe035c Author: Randall Hauch <rha...@gmail.com> AuthorDate: Fri Jun 18 09:53:23 2021 -0500 MINOR: Use MessageDigest equals when comparing signature (#10898) --- .../apache/kafka/connect/runtime/rest/InternalRequestSignature.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java index d59425b..3cee577 100644 --- a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java +++ b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/InternalRequestSignature.java @@ -24,6 +24,7 @@ import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.ws.rs.core.HttpHeaders; import java.security.InvalidKeyException; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Base64; @@ -108,7 +109,7 @@ public class InternalRequestSignature { } public boolean isValid(SecretKey key) { - return Arrays.equals(sign(mac, key, requestBody), requestSignature); + return MessageDigest.isEqual(sign(mac, key, requestBody), requestSignature); } private static Mac mac(String signatureAlgorithm) throws NoSuchAlgorithmException {