libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-6236] Use MessageDigest.isEquals in place of String.equals

Browse source
This commit is contained in:
Douglas Palmer 2018-01-17 13:31:47 -08:00 committed by Stian Thorgersen
parent c7cba6d5ad
commit fc3c07f6de
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java vendored
View file

@ -25,6 +25,7 @@ import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.infinispan.entities.CachedClient;
import java.security.MessageDigest;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -199,7 +200,7 @@ public class ClientAdapter implements ClientModel {
}
public boolean validateSecret(String secret) {
return secret.equals(getSecret());
return MessageDigest.isEqual(secret.getBytes(), getSecret().getBytes());
}
public String getSecret() {

3
model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
View file

@ -32,6 +32,7 @@ import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import javax.persistence.EntityManager;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@ -208,7 +209,7 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
@Override
public boolean validateSecret(String secret) {
return secret.equals(entity.getSecret());
return MessageDigest.isEqual(secret.getBytes(), entity.getSecret().getBytes());
}
@Override