Update SignatureValidator to use MessageDigest (#548)

This commit is contained in:
Brian Demers 2020-01-27 14:20:21 -05:00 committed by GitHub
parent eadf0ce4fc
commit 2fd3f06b7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions

View File

@ -21,6 +21,7 @@ import io.jsonwebtoken.security.SignatureException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.Key; import java.security.Key;
import java.security.MessageDigest;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.Signature; import java.security.Signature;
import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPrivateKey;
@ -52,7 +53,7 @@ public class RsaSignatureValidator extends RsaProvider implements SignatureValid
} else { } else {
Assert.notNull(this.SIGNER, "RSA Signer instance cannot be null. This is a bug. Please report it."); Assert.notNull(this.SIGNER, "RSA Signer instance cannot be null. This is a bug. Please report it.");
byte[] computed = this.SIGNER.sign(data); byte[] computed = this.SIGNER.sign(data);
return Arrays.equals(computed, signature); return MessageDigest.isEqual(computed, signature);
} }
} }