Merge branch 'feature/someSmallUpdates' into 'nightlyBuild'

Feature/some small updates

See merge request egiz/eaaf_components!6

1 files changed, 3 insertions, 2 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
index 8ec5f3a8..cfb4ed88 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
@@ -2,8 +2,8 @@ package at.gv.egiz.eaaf.core.impl.utils;
 
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
 import java.util.Base64;
 
 import javax.annotation.PostConstruct;
@@ -109,7 +109,8 @@ public class SecurePendingRequestIdGenerationStrategy
       log.trace("Checking HMAC from externalPendingReqId ... ");
       final byte[] tokenDigest = Base64.getDecoder().decode(tokenElements[2]);
       final byte[] refDigist = calculateHmac(buildInternalToken(internalPendingReqId, timeStamp));
-      if (!Arrays.equals(tokenDigest, refDigist)) {
+            
+      if (!MessageDigest.isEqual(refDigist,tokenDigest)) {
         log.warn("Digest of Token does NOT match");
         log.debug("Token: {} | Ref: {}", tokenDigest, refDigist);
         throw new PendingReqIdValidationException(null, "internal.pendingreqid.04");