You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/10 14:52:36 UTC

svn commit: r1466456 - /webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java

Author: coheigea
Date: Wed Apr 10 12:52:35 2013
New Revision: 1466456

URL: http://svn.apache.org/r1466456
Log:
Use the SecureRandom from Santuario instead

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1466456&r1=1466455&r2=1466456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Wed Apr 10 12:52:35 2013
@@ -32,6 +32,7 @@ import org.apache.wss4j.common.util.XMLU
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.message.CallbackLookup;
 import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.utils.Base64;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
@@ -49,7 +50,6 @@ import javax.xml.namespace.QName;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -65,14 +65,6 @@ public final class WSSecurityUtil {
         org.slf4j.LoggerFactory.getLogger(WSSecurityUtil.class);
 
     /**
-     * A cached pseudo-random number generator
-     * NB. On some JVMs, caching this random number
-     * generator is required to overcome punitive
-     * overhead.
-     */
-    private static SecureRandom random;
-    
-    /**
      * A cached MessageDigest object
      */
     private static MessageDigest digest;
@@ -1103,13 +1095,10 @@ public final class WSSecurityUtil {
      * @return a nonce of the given length
      * @throws WSSecurityException
      */
-    public static synchronized byte[] generateNonce(int length) throws WSSecurityException {
+    public static byte[] generateNonce(int length) throws WSSecurityException {
         try {
-            if (random == null) {
-                random = SecureRandom.getInstance("SHA1PRNG");
-            }
             byte[] temp = new byte[length];
-            random.nextBytes(temp);
+            XMLSecurityConstants.secureRandom.nextBytes(temp);
             return temp;
         } catch (Exception ex) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,