You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/01/21 17:00:39 UTC
svn commit: r1560051 - in /santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security: encryption/ stax/ext/ stax/impl/processor/input/ stax/impl/processor/output/

Author: coheigea
Date: Tue Jan 21 16:00:38 2014
New Revision: 1560051

URL: http://svn.apache.org/r1560051
Log:
Refactor of SecureRandom calls

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Tue Jan 21 16:00:38 2014
@@ -1124,8 +1124,7 @@ public class XMLCipher {
 
         try {
             int ivLen = JCEMapper.getIVLengthFromURI(algorithm) / 8;
-            byte[] temp = new byte[ivLen];
-            XMLSecurityConstants.secureRandom.nextBytes(temp);
+            byte[] temp = XMLSecurityConstants.generateBytes(ivLen);
             IvParameterSpec paramSpec = new IvParameterSpec(temp);
             c.init(cipherMode, key, paramSpec);
         } catch (InvalidKeyException ike) {

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java Tue Jan 21 16:00:38 2014
@@ -18,6 +18,7 @@
  */
 package org.apache.xml.security.stax.ext;
 
+import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.impl.util.ConcreteLSInput;
 import org.w3c.dom.ls.LSInput;
 import org.w3c.dom.ls.LSResourceResolver;
@@ -35,6 +36,7 @@ import javax.xml.transform.Source;
 import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
+
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
@@ -45,18 +47,18 @@ import java.security.SecureRandom;
  * @version $Revision$ $Date$
  */
 public class XMLSecurityConstants {
-
-    public static final SecureRandom secureRandom;
-    private static JAXBContext jaxbContext;
-    private static Schema schema;
-
+    
     public static final DatatypeFactory datatypeFactory;
     public static final XMLOutputFactory xmlOutputFactory;
     public static final XMLOutputFactory xmlOutputFactoryNonRepairingNs;
 
+    private static final SecureRandom SECURE_RANDOM;
+    private static JAXBContext jaxbContext;
+    private static Schema schema;
+
     static {
         try {
-            secureRandom = SecureRandom.getInstance("SHA1PRNG");
+            SECURE_RANDOM = SecureRandom.getInstance("SHA1PRNG");
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);
         }
@@ -131,6 +133,23 @@ public class XMLSecurityConstants {
 
     protected XMLSecurityConstants() {
     }
+    
+    /**
+     * Generate bytes of the given length using the SHA1PRNG algorithm. The SecureRandom
+     * instance that backs this method is cached for efficiency.
+     * 
+     * @return a byte array of the given length
+     * @throws WSSecurityException
+     */
+    public static byte[] generateBytes(int length) throws XMLSecurityException {
+        try {
+            byte[] temp = new byte[length];
+            SECURE_RANDOM.nextBytes(temp);
+            return temp;
+        } catch (Exception ex) {
+            throw new XMLSecurityException("Error in generating nonce of length " + length, ex);
+        }
+    }
 
     protected static synchronized void setJaxbContext(JAXBContext jaxbContext) {
         XMLSecurityConstants.jaxbContext = jaxbContext;

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java Tue Jan 21 16:00:38 2014
@@ -248,8 +248,7 @@ public class XMLEncryptedKeyInputHandler
                                     "Generating a faked one to mitigate timing attacks.");
 
                             int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(symmetricAlgorithmURI);
-                            this.decryptedKey = new byte[keyLength / 8];
-                            XMLSecurityConstants.secureRandom.nextBytes(this.decryptedKey);
+                            this.decryptedKey = XMLSecurityConstants.generateBytes(keyLength / 8);
                             return this.decryptedKey;
                         }
                     }

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java Tue Jan 21 16:00:38 2014
@@ -155,8 +155,7 @@ public abstract class AbstractEncryptOut
                 Cipher symmetricCipher = Cipher.getInstance(jceAlgorithm);
 
                 int ivLen = JCEMapper.getIVLengthFromURI(encryptionSymAlgorithm) / 8;
-                byte[] iv = new byte[ivLen];
-                XMLSecurityConstants.secureRandom.nextBytes(iv);
+                byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
                 IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
                 symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), ivParameterSpec);