[KEYCLOAK-6236] Use MessageDigest.isEquals in place of String.equals

2018-01-17 13:31:47 -08:00 · 2018-01-17 13:31:47 -08:00 · fc3c07f6de
commit fc3c07f6de
parent c7cba6d5ad
2 changed files with 4 additions and 2 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
@ -25,6 +25,7 @@ import org.keycloak.models.RoleContainerModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.cache.infinispan.entities.CachedClient;
 import java.security.MessageDigest;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@ -199,7 +200,7 @@ public class ClientAdapter implements ClientModel {
    }
    public boolean validateSecret(String secret) {
-        return secret.equals(getSecret());
+        return MessageDigest.isEqual(secret.getBytes(), getSecret().getBytes());
    }
    public String getSecret() {
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
@ -32,6 +32,7 @@ import org.keycloak.models.jpa.entities.RoleEntity;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import javax.persistence.EntityManager;
 import java.security.MessageDigest;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@ -208,7 +209,7 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
    @Override
    public boolean validateSecret(String secret) {
-        return secret.equals(entity.getSecret());
+        return MessageDigest.isEqual(secret.getBytes(), entity.getSecret().getBytes());
    }
    @Override