From 4adaa20be695dc09a9545e167c5a62a0a478d13e Mon Sep 17 00:00:00 2001
From: Andrea Cosentino <ancosen@gmail.com>
Date: Thu, 25 Jan 2024 13:56:20 +0100
Subject: [PATCH] Use MessageDigest.isEquals method when comparing signatures
 in NTLMEngineImpl

Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
---
 .../org/apache/hc/client5/http/impl/auth/NTLMEngineImpl.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/NTLMEngineImpl.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/NTLMEngineImpl.java
index d508ef6af..4810fc61a 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/NTLMEngineImpl.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/NTLMEngineImpl.java
@@ -926,7 +926,7 @@ private boolean validateSignature( final byte[] signature, final byte[] message
             //            log.info( "SSSSS validateSignature("+seqNumber+")\n"
             //                + "  received: " + DebugUtil.dump( signature ) + "\n"
             //                + "  computed: " + DebugUtil.dump( computedSignature ) );
-            return Arrays.equals( signature, computedSignature );
+            return MessageDigest.isEqual( signature, computedSignature );
         }
 
         public byte[] signAndEncryptMessage( final byte[] cleartextMessage ) throws NTLMEngineException