[prev in list] [next in list] [prev in thread] [next in thread]
List: jakarta-commons-dev
Subject: [commons-jcs] 02/03: Use new SecureRandom() instead of SecureRandom.getStrongInstance() to
From: tv () apache ! org
Date: 2021-12-31 9:44:26
Message-ID: 20211231094424.B9A5081FF9 () gitbox ! apache ! org
[Download RAW message or body]
This is an automated email from the ASF dual-hosted git repository.
tv pushed a commit to branch release-3.1
in repository https://gitbox.apache.org/repos/asf/commons-jcs.git
commit ab5ac9a5f1f752731e503e33072874319eb6eb35
Author: Thomas Vandahl <tv@apache.org>
AuthorDate: Fri Dec 31 10:40:38 2021 +0100
Use new SecureRandom() instead of SecureRandom.getStrongInstance() to
avoid performance problems on Linux
---
.../utils/serialization/EncryptingSerializer.java | 27 ++++++++++++++++------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java \
b/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
index 3137bb5..bbe9b8d 100644
--- a/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
+++ b/commons-jcs-core/src/main/java/org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.java
@@ -21,11 +21,16 @@ package org.apache.commons.jcs3.utils.serialization;
import java.io.IOException;
import java.nio.ByteBuffer;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
+import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
@@ -42,7 +47,10 @@ import org.apache.commons.jcs3.engine.behavior.IElementSerializer;
*/
public class EncryptingSerializer extends StandardSerializer
{
+ private static final String DEFAULT_SECRET_KEY_ALGORITHM = \
"PBKDF2WithHmacSHA256"; private static final String DEFAULT_CIPHER = \
"AES/ECB/PKCS5Padding"; + private static final int KEYHASH_ITERATION_COUNT = 1000;
+ private static final int KEY_LENGTH = 256;
private static final int TAG_LENGTH = 128;
private static final int IV_LENGTH = 12;
private static final int SALT_LENGTH = 16;
@@ -82,8 +90,8 @@ public class EncryptingSerializer extends StandardSerializer
try
{
- this.secureRandom = SecureRandom.getInstanceStrong();
- this.secretKeyFactory = \
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + this.secureRandom \
= new SecureRandom(); + this.secretKeyFactory = \
SecretKeyFactory.getInstance(DEFAULT_SECRET_KEY_ALGORITHM); }
catch (NoSuchAlgorithmException e)
{
@@ -112,7 +120,7 @@ public class EncryptingSerializer extends StandardSerializer
this.cipherTransformation = transformation;
}
- private byte[] getRandomBytes(int length) throws NoSuchAlgorithmException
+ private byte[] getRandomBytes(int length)
{
byte[] bytes = new byte[length];
secureRandom.nextBytes(bytes);
@@ -120,10 +128,11 @@ public class EncryptingSerializer extends StandardSerializer
return bytes;
}
- private SecretKey createSecretKey(String password, byte[] salt) throws \
NoSuchAlgorithmException, InvalidKeySpecException + private SecretKey \
createSecretKey(String password, byte[] salt) throws InvalidKeySpecException {
/* Derive the key, given password and salt. */
- PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1000, 256);
+ PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt,
+ KEYHASH_ITERATION_COUNT, KEY_LENGTH);
SecretKey tmp = secretKeyFactory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), "AES");
}
@@ -155,7 +164,9 @@ public class EncryptingSerializer extends StandardSerializer
.put(encrypted)
.array();
}
- catch (Exception e)
+ catch (NoSuchAlgorithmException | NoSuchPaddingException | \
BadPaddingException | + IllegalBlockSizeException | \
InvalidKeyException | InvalidKeySpecException | + \
InvalidAlgorithmParameterException e) {
throw new IOException("Error while encrypting", e);
}
@@ -191,7 +202,9 @@ public class EncryptingSerializer extends StandardSerializer
return cipher.doFinal(encrypted);
}
- catch (Exception e)
+ catch (NoSuchAlgorithmException | NoSuchPaddingException | \
BadPaddingException | + IllegalBlockSizeException | \
InvalidKeyException | InvalidKeySpecException | + \
InvalidAlgorithmParameterException e) {
throw new IOException("Error while decrypting", e);
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic