You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2022/07/20 20:41:03 UTC
[activemq-artemis] branch main updated: ARTEMIS-3899 improve salt calculation
This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new a49066e6b7 ARTEMIS-3899 improve salt calculation
a49066e6b7 is described below
commit a49066e6b75a0a996c5c4b7678fe5dc474ae0b97
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Wed Jul 20 15:15:37 2022 -0500
ARTEMIS-3899 improve salt calculation
Update the salt calculation to more closely align with the
"Randomness Recommendations for Security" at
https://www.ietf.org/rfc/rfc1750.txt.
This was inadvertently changed in
5965a458945c98f61f1e1e3db418082b68e9df62.
---
.../artemis/utils/DefaultSensitiveStringCodec.java | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java
index 6f07a7b80b..59e0ad820b 100644
--- a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java
+++ b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java
@@ -23,6 +23,7 @@ import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
@@ -111,7 +112,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
return algorithm.verify(inputValue, storedValue);
}
- private abstract class CodecAlgorithm {
+ private abstract static class CodecAlgorithm {
protected Map<String, String> params;
@@ -202,7 +203,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
}
}
- private class PBKDF2Algorithm extends CodecAlgorithm {
+ private static class PBKDF2Algorithm extends CodecAlgorithm {
private static final String SEPARATOR = ":";
private String sceretKeyAlgorithm = "PBKDF2WithHmacSHA1";
private String randomScheme = "SHA1PRNG";
@@ -210,10 +211,14 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
private int saltLength = 32;
private int iterations = 1024;
private SecretKeyFactory skf;
+ private static SecureRandom sr;
PBKDF2Algorithm(Map<String, String> params) throws NoSuchAlgorithmException {
super(params);
skf = SecretKeyFactory.getInstance(sceretKeyAlgorithm);
+ if (sr == null) {
+ sr = SecureRandom.getInstance(randomScheme);
+ }
}
@Override
@@ -221,8 +226,9 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
throw new IllegalArgumentException("Algorithm doesn't support decoding");
}
- public byte[] getSalt() throws NoSuchAlgorithmException {
- byte[] salt = RandomUtil.randomBytes(this.saltLength);
+ public byte[] getSalt() {
+ byte[] salt = new byte[this.saltLength];
+ sr.nextBytes(salt);
return salt;
}