You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by fa...@apache.org on 2008/04/14 21:14:56 UTC
svn commit: r647938 - in /webservices/wss4j/trunk:
src/org/apache/ws/security/message/WSSecEncryptedKey.java
src/org/apache/ws/security/util/WSSecurityUtil.java
test/components/PackageTests.java test/components/TestWSSecurityUtil.java
Author: fadushin
Date: Mon Apr 14 12:14:49 2008
New Revision: 647938
URL: http://svn.apache.org/viewvc?rev=647938&view=rev
Log:
WSS-88 Cached SecureRandom
* Works around a problem in IBM's JVM, where the cost of initializing a
SHA1 PSRNG is prohibitive.
Also added a test of this behavior
Added:
webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java (with props)
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/trunk/test/components/PackageTests.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java?rev=647938&r1=647937&r2=647938&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecEncryptedKey.java Mon Apr 14 12:14:49 2008
@@ -307,10 +307,13 @@
* @throws WSSecurityException
*/
protected byte[] generateEphemeralKey() throws WSSecurityException {
- try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ try {
+ final SecureRandom r = WSSecurityUtil.resolveSecureRandom();
+ if (r == null) {
+ throw new WSSecurityException("Random generator is not initialzed.");
+ }
byte[] temp = new byte[this.keySize / 8];
- random.nextBytes(temp);
+ r.nextBytes(temp);
return temp;
} catch (Exception e) {
throw new WSSecurityException(
@@ -506,7 +509,7 @@
}
public boolean isCertSet() {
- return (useThisCert == null ? true : false) ;
+ return (useThisCert == null ? true : false) ;
}
public byte[] getEncryptedEphemeralKey() {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=647938&r1=647937&r2=647938&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Mon Apr 14 12:14:49 2008
@@ -66,7 +66,15 @@
static {
doDebug = log.isDebugEnabled();
}
-
+
+ /**
+ * A cached pseuo-random number generator
+ * NB. On some JVMs, caching this random number
+ * generator is required to overcome punitive
+ * overhead.
+ */
+ private static SecureRandom random = null;
+
/**
* Returns the first WS-Security header element for a given actor. Only one
* WS-Security header is allowed for an actor.
@@ -823,10 +831,13 @@
* @throws Exception
*/
public static byte[] generateNonce(int length) throws WSSecurityException {
- try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- byte[] temp = new byte[length];
- random.nextBytes(temp);
+ try {
+ final SecureRandom r = resolveSecureRandom();
+ if (r == null) {
+ throw new WSSecurityException("Random generator is not initialzed.");
+ }
+ byte[] temp = new byte[length];
+ r.nextBytes(temp);
return temp;
} catch (Exception e) {
throw new WSSecurityException(
@@ -958,5 +969,32 @@
+ " was correctly signed");
}
log.debug("All required elements are signed");
+ }
+
+ /**
+ * @return a SecureRandom instance initialized with the "SHA1PRNG"
+ * algorithm identifier
+ */
+ public static SecureRandom
+ resolveSecureRandom() throws NoSuchAlgorithmException {
+ return resolveSecureRandom("SHA1PRNG");
+ }
+
+ /**
+ * @param algorithm
+ *
+ *
+ * @return a SecureRandom instance initialize with the identifier
+ * specified in algorithm
+ */
+ public synchronized static SecureRandom
+ resolveSecureRandom(
+ final String algorithm
+ ) throws NoSuchAlgorithmException {
+ if (random == null) {
+ random = SecureRandom.getInstance(algorithm);
+ random.setSeed(System.currentTimeMillis());
+ }
+ return random;
}
}
Modified: webservices/wss4j/trunk/test/components/PackageTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/components/PackageTests.java?rev=647938&r1=647937&r2=647938&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/components/PackageTests.java (original)
+++ webservices/wss4j/trunk/test/components/PackageTests.java Mon Apr 14 12:14:49 2008
@@ -52,6 +52,7 @@
suite.addTestSuite(TestMerlin.class);
suite.addTestSuite(TestX509NameTokenizer.class);
suite.addTestSuite(TestReference.class);
+ suite.addTestSuite(TestWSSecurityUtil.class);
return suite;
}
Added: webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java?rev=647938&view=auto
==============================================================================
--- webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java (added)
+++ webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java Mon Apr 14 12:14:49 2008
@@ -0,0 +1,60 @@
+/*
+ * Copyright The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package components;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import junit.framework.TestCase;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+/**
+ *
+ */
+public class TestWSSecurityUtil extends TestCase {
+
+ public TestWSSecurityUtil(String name) {
+ super(name);
+ }
+
+ public static Test suite() {
+ return new TestSuite(TestWSSecurityUtil.class);
+ }
+
+
+ public void
+ testResolveSecureRandom() throws java.lang.Exception {
+ //
+ // Expect failure on bogus algorithm id
+ //
+ try {
+ WSSecurityUtil.resolveSecureRandom("no-such-algorithm");
+ fail("Expected failure on resolveSecureRandom");
+ } catch (final NoSuchAlgorithmException e) {
+ // complete
+ }
+ //
+ // Test
+ //
+ final SecureRandom r1 = WSSecurityUtil.resolveSecureRandom();
+ assertNotNull(r1);
+ final SecureRandom r2 = WSSecurityUtil.resolveSecureRandom();
+ assertSame(r1, r2);
+ }
+}
Propchange: webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/trunk/test/components/TestWSSecurityUtil.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org