(String expectedAlg, byte[] secret)
| 228 | } |
| 229 | |
| 230 | private boolean verifyHmac(String expectedAlg, byte[] secret) { |
| 231 | if (!expectedAlg.equals(getAlgorithm())) { |
| 232 | return false; |
| 233 | } |
| 234 | byte[] expected = computeHmac(expectedAlg, secret, signingInput); |
| 235 | return Hmac.constantTimeEquals(expected, signature); |
| 236 | } |
| 237 | |
| 238 | /// Verifies an RSA or ECDSA signature using the given public key. The |
| 239 | /// algorithm must match the token's `alg` header (RS256/384/512 or |
no test coverage detected