Skip to content
Permalink
Browse files

Updated call to function deprecated since commons-codec version 1.11

  • Loading branch information...
luccioman committed Apr 23, 2018
1 parent a9e054a commit e914d17aca5a4031a509e25f1adda242d844a9b3
Showing with 5 additions and 2 deletions.
  1. +5 −2 source/net/yacy/data/TransactionManager.java
@@ -25,6 +25,7 @@
import java.security.MessageDigest;
import java.util.UUID;

import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.codec.digest.HmacUtils;

import net.yacy.cora.order.Base64Order;
@@ -133,7 +134,8 @@ public static String getTransactionToken(final RequestHeader header, final Strin
* (no need to store tokens until they are consumed).
* On the other hand, it is supposed to remain hard enough to forge because the secret key and token seed
* are initialized with a random value at each server startup */
final String token = HmacUtils.hmacSha1Hex(SIGNING_KEY, TOKEN_SEED + userName + path);
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + path);


return token;
@@ -168,7 +170,8 @@ public static void checkPostTransaction(final RequestHeader header, final server
throw new TemplateMissingParameterException("Missing transaction token.");
}

final String token = HmacUtils.hmacSha1Hex(SIGNING_KEY, TOKEN_SEED + userName + header.getPathInfo());
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + header.getPathInfo());

/* Compare the server generated token with the one received in the post parameters,
* using a time constant function */

0 comments on commit e914d17

Please sign in to comment.
You can’t perform that action at this time.