diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-05-20 01:28:06 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-05-25 01:19:48 +0200 |
| commit | 468cacf6d6ec4f46bd4e60255105da3a585c4f6d (patch) | |
| tree | 7ce87f442369b08edd046bd6ea6f57637c3cb70b /base | |
| parent | 3ddc916954d712f6fe25497789925fecebef20fc (diff) | |
| download | pki-468cacf6d6ec4f46bd4e60255105da3a585c4f6d.tar.gz pki-468cacf6d6ec4f46bd4e60255105da3a585c4f6d.tar.xz pki-468cacf6d6ec4f46bd4e60255105da3a585c4f6d.zip | |
Replaced random number generator in SecurityDataProcessor.
The SecurityDataProcessor has been modified to use the random
number generator provided by JssSubsystem.
https://pagure.io/dogtagpki/issue/2695
Change-Id: Ibca684a2165266456c4b28cba5eae4136940d189
Diffstat (limited to 'base')
| -rw-r--r-- | base/kra/src/com/netscape/kra/SecurityDataProcessor.java | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java index 2899f3254..ec848be2d 100644 --- a/base/kra/src/com/netscape/kra/SecurityDataProcessor.java +++ b/base/kra/src/com/netscape/kra/SecurityDataProcessor.java @@ -48,6 +48,7 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; import com.netscape.cmscore.dbs.KeyRecord; +import com.netscape.cmscore.security.JssSubsystem; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.util.Utils; @@ -640,7 +641,7 @@ public class SecurityDataProcessor { * (ie. algorithm is unknown) */ private byte[] generate_iv(String oid, EncryptionAlgorithm defaultAlg) throws Exception { - int numBytes = 0; + EncryptionAlgorithm alg = oid != null? EncryptionAlgorithm.fromOID(new OBJECT_IDENTIFIER(oid)): defaultAlg; @@ -651,8 +652,14 @@ public class SecurityDataProcessor { if (alg.getParameterClasses() == null) return null; - numBytes = alg.getIVLength(); - return (new SecureRandom()).generateSeed(numBytes); + int numBytes = alg.getIVLength(); + byte[] bytes = new byte[numBytes]; + + JssSubsystem jssSubsystem = (JssSubsystem) CMS.getSubsystem(JssSubsystem.ID); + SecureRandom random = jssSubsystem.getRandomNumberGenerator(); + random.nextBytes(bytes); + + return bytes; } /*** @@ -668,7 +675,7 @@ public class SecurityDataProcessor { * (ie. algorithm is unknown) */ private byte[] generate_wrap_iv(String wrapName, KeyWrapAlgorithm defaultAlg) throws Exception { - int numBytes = 0; + KeyWrapAlgorithm alg = wrapName != null ? KeyWrapAlgorithm.fromString(wrapName) : defaultAlg; @@ -679,8 +686,14 @@ public class SecurityDataProcessor { if (alg.getParameterClasses() == null) return null; - numBytes = alg.getBlockSize(); - return (new SecureRandom()).generateSeed(numBytes); + int numBytes = alg.getBlockSize(); + byte[] bytes = new byte[numBytes]; + + JssSubsystem jssSubsystem = (JssSubsystem) CMS.getSubsystem(JssSubsystem.ID); + SecureRandom random = jssSubsystem.getRandomNumberGenerator(); + random.nextBytes(bytes); + + return bytes; } public SymmetricKey recoverSymKey(KeyRecord keyRecord) |