Package org.mockserver.authentication
Class ConstantTimeEquals
java.lang.Object
org.mockserver.authentication.ConstantTimeEquals
Shared constant-time equality checks for authentication credentials.
Comparisons delegate to MessageDigest.isEqual(byte[], byte[]), which is documented to
be constant-time and to not short-circuit on content, so an attacker cannot recover a secret one
byte at a time by measuring how long a comparison takes. isEqual does return false
fast when the two arrays differ in length, which leaks only the length of the supplied
credential — never any byte of the configured secret.
Both the control-plane CONNECT/SOCKS5 proxy authentication and the data-plane
authenticator route their credential comparisons through here so there is a single, audited
constant-time implementation rather than duplicated String.equals / isEqual calls.
-
Method Summary
Modifier and TypeMethodDescriptionstatic booleanequals(byte[] a, byte[] b) Constant-time comparison of two byte arrays viaMessageDigest.isEqual(byte[], byte[]).static booleanConstant-time comparison of two strings by their UTF-8 bytes.
-
Method Details
-
equals
Constant-time comparison of two strings by their UTF-8 bytes. Anullis only ever equal to anothernull; anulland a non-nullare never equal. -
equals
public static boolean equals(byte[] a, byte[] b) Constant-time comparison of two byte arrays viaMessageDigest.isEqual(byte[], byte[]).
-