Skip to content

Commit

Permalink
Add the null or empty check for signingkey in keyUtils
Browse files Browse the repository at this point in the history
Signed-off-by: Ryan Liang <[email protected]>
  • Loading branch information
RyanL1997 committed Aug 25, 2023
1 parent 40eed32 commit 308f269
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/main/java/org/opensearch/security/util/KeyUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
import io.jsonwebtoken.Jwts;
import org.apache.logging.log4j.Logger;
import org.opensearch.SpecialPermission;
import org.opensearch.core.common.Strings;

import java.security.*;
import java.security.spec.InvalidKeySpecException;
Expand All @@ -36,7 +37,7 @@ public static JwtParserBuilder createJwtParserBuilderFromSigningKey(final String
jwtParserBuilder = AccessController.doPrivileged(new PrivilegedAction<JwtParserBuilder>() {
@Override
public JwtParserBuilder run() {
if (signingKey == null || signingKey.length() == 0) {
if (Strings.isNullOrEmpty(signingKey)) {
log.error("Unable to find signing key");
return null;
} else {
Expand Down

0 comments on commit 308f269

Please sign in to comment.