From 308f269cb3f893517ad8970bab9a9e6d52c27829 Mon Sep 17 00:00:00 2001
From: Ryan Liang <jiallian@amazon.com>
Date: Fri, 25 Aug 2023 11:02:04 -0700
Subject: [PATCH] Add the null or empty check for signingkey in keyUtils

Signed-off-by: Ryan Liang <jiallian@amazon.com>
---
 src/main/java/org/opensearch/security/util/KeyUtils.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/opensearch/security/util/KeyUtils.java b/src/main/java/org/opensearch/security/util/KeyUtils.java
index b8fa2ad48f..72d68119c7 100644
--- a/src/main/java/org/opensearch/security/util/KeyUtils.java
+++ b/src/main/java/org/opensearch/security/util/KeyUtils.java
@@ -15,6 +15,7 @@
 import io.jsonwebtoken.Jwts;
 import org.apache.logging.log4j.Logger;
 import org.opensearch.SpecialPermission;
+import org.opensearch.core.common.Strings;
 
 import java.security.*;
 import java.security.spec.InvalidKeySpecException;
@@ -36,7 +37,7 @@ public static JwtParserBuilder createJwtParserBuilderFromSigningKey(final String
         jwtParserBuilder = AccessController.doPrivileged(new PrivilegedAction<JwtParserBuilder>() {
             @Override
             public JwtParserBuilder run() {
-                if (signingKey == null || signingKey.length() == 0) {
+                if (Strings.isNullOrEmpty(signingKey)) {
                     log.error("Unable to find signing key");
                     return null;
                 } else {