Skip to content

Commit

Permalink
Use constant-time string comparison for sigs
Browse files Browse the repository at this point in the history 
Fixed #12
  • Loading branch information
@anfedorov
anfedorov committed Nov 5, 2017
1 parent 69b631f commit 2d2fa0d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/main/scala/authentikat/jwt/JsonWebToken.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ object JsonWebToken extends JsonMethods {
val signature = encodeBase64URLSafeString(
JsonWebSignature(header.algorithm.getOrElse("none"), providedHeader + "." + providedClaims, key))

providedSignature.contentEquals(signature)
java.security.MessageDigest.isEqual(providedSignature.getBytes(), signature.getBytes())
case _
false
}
Expand Down

0 comments on commit 2d2fa0d

Please # to comment.