You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2014/01/21 17:00:39 UTC
svn commit: r1560051 - in
/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security:
encryption/ stax/ext/ stax/impl/processor/input/ stax/impl/processor/output/
Author: coheigea
Date: Tue Jan 21 16:00:38 2014
New Revision: 1560051
URL: http://svn.apache.org/r1560051
Log:
Refactor of SecureRandom calls
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Tue Jan 21 16:00:38 2014
@@ -1124,8 +1124,7 @@ public class XMLCipher {
try {
int ivLen = JCEMapper.getIVLengthFromURI(algorithm) / 8;
- byte[] temp = new byte[ivLen];
- XMLSecurityConstants.secureRandom.nextBytes(temp);
+ byte[] temp = XMLSecurityConstants.generateBytes(ivLen);
IvParameterSpec paramSpec = new IvParameterSpec(temp);
c.init(cipherMode, key, paramSpec);
} catch (InvalidKeyException ike) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java Tue Jan 21 16:00:38 2014
@@ -18,6 +18,7 @@
*/
package org.apache.xml.security.stax.ext;
+import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.impl.util.ConcreteLSInput;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
@@ -35,6 +36,7 @@ import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
+
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
@@ -45,18 +47,18 @@ import java.security.SecureRandom;
* @version $Revision$ $Date$
*/
public class XMLSecurityConstants {
-
- public static final SecureRandom secureRandom;
- private static JAXBContext jaxbContext;
- private static Schema schema;
-
+
public static final DatatypeFactory datatypeFactory;
public static final XMLOutputFactory xmlOutputFactory;
public static final XMLOutputFactory xmlOutputFactoryNonRepairingNs;
+ private static final SecureRandom SECURE_RANDOM;
+ private static JAXBContext jaxbContext;
+ private static Schema schema;
+
static {
try {
- secureRandom = SecureRandom.getInstance("SHA1PRNG");
+ SECURE_RANDOM = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
@@ -131,6 +133,23 @@ public class XMLSecurityConstants {
protected XMLSecurityConstants() {
}
+
+ /**
+ * Generate bytes of the given length using the SHA1PRNG algorithm. The SecureRandom
+ * instance that backs this method is cached for efficiency.
+ *
+ * @return a byte array of the given length
+ * @throws WSSecurityException
+ */
+ public static byte[] generateBytes(int length) throws XMLSecurityException {
+ try {
+ byte[] temp = new byte[length];
+ SECURE_RANDOM.nextBytes(temp);
+ return temp;
+ } catch (Exception ex) {
+ throw new XMLSecurityException("Error in generating nonce of length " + length, ex);
+ }
+ }
protected static synchronized void setJaxbContext(JAXBContext jaxbContext) {
XMLSecurityConstants.jaxbContext = jaxbContext;
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java Tue Jan 21 16:00:38 2014
@@ -248,8 +248,7 @@ public class XMLEncryptedKeyInputHandler
"Generating a faked one to mitigate timing attacks.");
int keyLength = JCEAlgorithmMapper.getKeyLengthFromURI(symmetricAlgorithmURI);
- this.decryptedKey = new byte[keyLength / 8];
- XMLSecurityConstants.secureRandom.nextBytes(this.decryptedKey);
+ this.decryptedKey = XMLSecurityConstants.generateBytes(keyLength / 8);
return this.decryptedKey;
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java?rev=1560051&r1=1560050&r2=1560051&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java Tue Jan 21 16:00:38 2014
@@ -155,8 +155,7 @@ public abstract class AbstractEncryptOut
Cipher symmetricCipher = Cipher.getInstance(jceAlgorithm);
int ivLen = JCEMapper.getIVLengthFromURI(encryptionSymAlgorithm) / 8;
- byte[] iv = new byte[ivLen];
- XMLSecurityConstants.secureRandom.nextBytes(iv);
+ byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), ivParameterSpec);