From cdc89b65f98bc2b4bf02f702c7ea24a5eee4fec7 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Wed, 2 Oct 2024 18:30:39 +0900
Subject: [PATCH] Replace deprecated constant_time_compare

The method is being deprecated now[1].

[1] https://review.opendev.org/c/openstack/oslo.utils/+/930198

Closes-Bug: #2081732
Change-Id: Ia46b03588cfa659edcae626f0bf8d65520354059
---
 keystonemiddleware/auth_token/_memcache_crypt.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/keystonemiddleware/auth_token/_memcache_crypt.py b/keystonemiddleware/auth_token/_memcache_crypt.py
index 8645004c..98b1e5e7 100644
--- a/keystonemiddleware/auth_token/_memcache_crypt.py
+++ b/keystonemiddleware/auth_token/_memcache_crypt.py
@@ -35,7 +35,6 @@ import math
 import os
 
 from keystonemiddleware.i18n import _
-from oslo_utils import secretutils
 
 try:
     from cryptography.hazmat import backends as crypto_backends
@@ -203,7 +202,7 @@ def unprotect_data(keys, signed_data):
         signed_data[DIGEST_LENGTH_B64:])
 
     # Then verify that it matches the provided value
-    if not secretutils.constant_time_compare(provided_mac, calculated_mac):
+    if not hmac.compare_digest(provided_mac, calculated_mac):
         raise InvalidMacError(_('Invalid MAC; data appears to be corrupted.'))
 
     data = base64.b64decode(signed_data[DIGEST_LENGTH_B64:])