dev@glassfish.java.net

Re: SecureRandom

From: Bill Shannon <bill.shannon_at_sun.com>
Date: Fri, 11 Sep 2009 16:15:28 -0700

Can you be explicit about which of the uses below you changed and which
still need to be changed by others? Also, can you give an example of
how to change the code to use SharedSecureRandom?

Thanks.


Kumar Jayanti wrote on 09/11/09 01:23:
> Hi,
>
> After discussions with J2SE experts, i have finally added the class :
> org.glassfish.internal.api.SharedSecureRandom in the module
> common/internal-api. I have replaced all of security code to use this.
> Request others to do the same.
>
> Bill Shannon wrote:
>> I added code recently that uses SecureRandom. There's some cost to
>> creating a new SecureRandom. (Scott says ~35 us on Niagara.)
>>
>> Here's all the places that create a SecureRandom:
>>
>> admin/cli/src/main/java/com/sun/enterprise/admin/cli/util/HttpConnectorAddress.java:
>>
>> sc.init(null, tms, new SecureRandom());
>> admin/jmx-remote/client/src/main/java/com/sun/enterprise/admin/jmx/remote/https/HttpsUrlConnector.java:
>>
>> sslContext.init(kms, tms, new SecureRandom());
>> common/common-util/src/main/java/com/sun/enterprise/util/uuid/UuidUtil.java:
>>
>> private static SecureRandom _seeder = new SecureRandom();
>> common/container-common/src/main/java/com/sun/enterprise/container/common/LocalPassword.java:
>>
>> SecureRandom random = new SecureRandom();
>> ejb/ejb-container/src/main/java/com/sun/ejb/base/sfsb/util/ScrambledKeyGenerator.java:
>>
>> private SecureRandom random = new SecureRandom();
>> security/core/src/main/java/com/sun/enterprise/security/auth/realm/file/FileRealm.java:
>>
>> SecureRandom rng=new SecureRandom();
>> security/core/src/main/java/com/sun/enterprise/security/auth/realm/ldap/CustomSocketFactory.java:
>>
>> sc.init(sslUtils.getKeyManagers(),
>> sslUtils.getTrustManagers(), new
>> SecureRandom());
>> security/core/src/main/java/com/sun/enterprise/security/SecurityServicesUtil.java:
>>
>> public static final SecureRandom secureRandom = new SecureRandom();
>> security/core/src/main/java/com/sun/enterprise/security/util/SSHA.java:
>> SecureRandom rng=new SecureRandom();
>> security/core/src/main/java/com/sun/enterprise/security/util/SSHA.java:
>> SecureRandom rng=new SecureRandom();
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.