Replaced SHA1-based random number generators.

The SHA1-based random number generators in some classes have been replaced with the random number generator provided by JssSubsystem. https://pagure.io/dogtagpki/issue/2695 Change-Id: Id0285dbc8c940fa7afb8feccab3086030d949514
author: Endi S. Dewata <edewata@redhat.com> 2017-05-20 01:49:36 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-05-25 16:55:05 +0200
commit: 8aa94e1ca017e54454f6f6f6ebb4ee254062e822 (patch)
tree: 08775f536846369e3ac98d62968724bb43e1f23d /base/tks/src/org
parent: 2a947446b81d21758ffadbae905a49e8c4e900ef (diff)
download: pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.gz
pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.xz
pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/base/tks/src/org/dogtagpki/server/tks/servlet/TokenServlet.java b/base/tks/src/org/dogtagpki/server/tks/servlet/TokenServlet.java
index c8150a923..5b8b1ddf9 100644
--- a/base/tks/src/org/dogtagpki/server/tks/servlet/TokenServlet.java
+++ b/base/tks/src/org/dogtagpki/server/tks/servlet/TokenServlet.java
@@ -54,6 +54,7 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.tks.GPParams;
 import com.netscape.cms.servlet.tks.NistSP800_108KDF;
 import com.netscape.cms.servlet.tks.SecureChannelProtocol;
+import com.netscape.cmscore.security.JssSubsystem;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.symkey.SessionKey;
 
@@ -1996,7 +1997,8 @@ public class TokenServlet extends CMSServlet {
                 CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
             }
             try {
-                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+                JssSubsystem jssSubsystem = (JssSubsystem) CMS.getSubsystem(JssSubsystem.ID);
+                SecureRandom random = jssSubsystem.getRandomNumberGenerator();
                 data = new byte[16];
                 random.nextBytes(data);
             } catch (Exception e) {
@@ -2320,7 +2322,8 @@ public class TokenServlet extends CMSServlet {
 
         if (!missingParam) {
             try {
-                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+                JssSubsystem jssSubsystem = (JssSubsystem) CMS.getSubsystem(JssSubsystem.ID);
+                SecureRandom random = jssSubsystem.getRandomNumberGenerator();
                 randomData = new byte[dataSize];
                 random.nextBytes(randomData);
             } catch (Exception e) {
author	Endi S. Dewata <edewata@redhat.com>	2017-05-20 01:49:36 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-05-25 16:55:05 +0200
commit	8aa94e1ca017e54454f6f6f6ebb4ee254062e822 (patch)
tree	08775f536846369e3ac98d62968724bb43e1f23d /base/tks/src/org
parent	2a947446b81d21758ffadbae905a49e8c4e900ef (diff)
download	pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.gz pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.tar.xz pki-8aa94e1ca017e54454f6f6f6ebb4ee254062e822.zip