Use MessageDigest.isEqual() instead of Array.equals()

nbaars · Aug 6, 2021 · 0930414 · 0930414
1 parent 8038a1d
commit 0930414
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/version1/src/main/java/org/paseto4j/version1/PasetoLocal.java b/version1/src/main/java/org/paseto4j/version1/PasetoLocal.java
@@ -116,7 +116,7 @@ static String decrypt(SecretKey key, String token, String footer) {
 
         //1
         if (!isNullOrEmpty(footer)) {
-            verify(Arrays.equals(getUrlDecoder().decode(tokenParts[3]), footer.getBytes(UTF_8)), "footer does not match");
+            verify(MessageDigest.isEqual(getUrlDecoder().decode(tokenParts[3]), footer.getBytes(UTF_8)), "footer does not match");
         }
 
         //2