Permalink
Browse files

Merge pull request #5 from appharbor/refactor-hmac-validation

Refactor hmac validation
  • Loading branch information...
2 parents 0256255 + 93c119a commit f20ed117ddfebff3377431b9715fe1814d8aeb38 @mehrdada mehrdada committed Aug 14, 2012
Showing with 3 additions and 4 deletions.
  1. +3 −4 AppHarbor.Web.Security/KeyedHashValidation.cs
@@ -1,5 +1,4 @@
using System;
-using System.Linq;
using System.Security.Cryptography;
namespace AppHarbor.Web.Security
@@ -58,18 +57,18 @@ public override bool Validate(byte[] signedMessage)
private bool Validate(byte[] signedMessage, int dataLength)
{
bool isValid = true;
- if (signedMessage.Length == 0)
+ var validSignature = ComputeSignature(signedMessage, 0, dataLength);
+ if (signedMessage.Length != dataLength + validSignature.Length)
{
return false;
}
- var validSignature = ComputeSignature(signedMessage, 0, dataLength);
for (int i = 0; i < validSignature.Length; i++)
{
if (i + dataLength >= signedMessage.Length)
{
isValid = false;
}
- if (signedMessage[(i + dataLength) % signedMessage.Length] != validSignature[i])
+ if (signedMessage[i + dataLength] != validSignature[i])
{
isValid = false;
}

0 comments on commit f20ed11

Please sign in to comment.