fix: Fix compare message webhook message signature

congminh1254 · congminh1254 · commit ea35a7c73b2d · 2025-06-24T11:08:24.000+02:00
diff --git a/src/main/java/com/box/sdk/BoxWebHookSignatureVerifier.java b/src/main/java/com/box/sdk/BoxWebHookSignatureVerifier.java
@@ -3,6 +3,7 @@
 import com.box.sdk.internal.pool.MacPool;
 import java.nio.charset.Charset;
 import java.security.InvalidKeyException;
+import java.security.MessageDigest;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.EnumSet;
@@ -127,7 +128,7 @@ private boolean verify(String key, BoxSignatureAlgorithm actualAlgorithm, String
         byte[] actual = Base64.decode(actualSignature);
         byte[] expected = this.signRaw(actualAlgorithm, key, webHookPayload, deliveryTimestamp);
 
-        return Arrays.equals(expected, actual);
+        return MessageDigest.isEqual(expected, actual);
     }
 
     /**
