summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core_utils/src')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
index 8ec5f3a8..cfb4ed88 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
@@ -2,8 +2,8 @@ package at.gv.egiz.eaaf.core.impl.utils;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
+import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
import java.util.Base64;
import javax.annotation.PostConstruct;
@@ -109,7 +109,8 @@ public class SecurePendingRequestIdGenerationStrategy
log.trace("Checking HMAC from externalPendingReqId ... ");
final byte[] tokenDigest = Base64.getDecoder().decode(tokenElements[2]);
final byte[] refDigist = calculateHmac(buildInternalToken(internalPendingReqId, timeStamp));
- if (!Arrays.equals(tokenDigest, refDigist)) {
+
+ if (!MessageDigest.isEqual(refDigist,tokenDigest)) {
log.warn("Digest of Token does NOT match");
log.debug("Token: {} | Ref: {}", tokenDigest, refDigist);
throw new PendingReqIdValidationException(null, "internal.pendingreqid.04");