You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/04/10 14:52:36 UTC
svn commit: r1466456 -
/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Author: coheigea
Date: Wed Apr 10 12:52:35 2013
New Revision: 1466456
URL: http://svn.apache.org/r1466456
Log:
Use the SecureRandom from Santuario instead
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1466456&r1=1466455&r2=1466456&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java Wed Apr 10 12:52:35 2013
@@ -32,6 +32,7 @@ import org.apache.wss4j.common.util.XMLU
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.CallbackLookup;
import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -49,7 +50,6 @@ import javax.xml.namespace.QName;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
@@ -65,14 +65,6 @@ public final class WSSecurityUtil {
org.slf4j.LoggerFactory.getLogger(WSSecurityUtil.class);
/**
- * A cached pseudo-random number generator
- * NB. On some JVMs, caching this random number
- * generator is required to overcome punitive
- * overhead.
- */
- private static SecureRandom random;
-
- /**
* A cached MessageDigest object
*/
private static MessageDigest digest;
@@ -1103,13 +1095,10 @@ public final class WSSecurityUtil {
* @return a nonce of the given length
* @throws WSSecurityException
*/
- public static synchronized byte[] generateNonce(int length) throws WSSecurityException {
+ public static byte[] generateNonce(int length) throws WSSecurityException {
try {
- if (random == null) {
- random = SecureRandom.getInstance("SHA1PRNG");
- }
byte[] temp = new byte[length];
- random.nextBytes(temp);
+ XMLSecurityConstants.secureRandom.nextBytes(temp);
return temp;
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,