8025694: Rename getStrongSecureRandom based on feedback

8014838: getStrongSecureRandom() should require at least one implementation

Reviewed-by: mullan, darcy
This commit is contained in:
Bradford Wetmore 2013-10-02 09:38:57 -07:00
parent 65580cea43
commit 47f46da3fa
3 changed files with 23 additions and 23 deletions

View File

@ -578,39 +578,30 @@ public class SecureRandom extends java.util.Random {
/** /**
* Returns a {@code SecureRandom} object that was selected by using * Returns a {@code SecureRandom} object that was selected by using
* the algorithms/providers specified in the {@code * the algorithms/providers specified in the {@code
* securerandom.strongAlgorithms} Security property. * securerandom.strongAlgorithms} {@link Security} property.
* <p> * <p>
* Some situations require strong random values, such as when * Some situations require strong random values, such as when
* creating high-value/long-lived secrets like RSA public/private * creating high-value/long-lived secrets like RSA public/private
* keys. To help guide applications in selecting a suitable strong * keys. To help guide applications in selecting a suitable strong
* {@code SecureRandom} implementation, Java distributions should * {@code SecureRandom} implementation, Java distributions
* include a list of known strong {@code SecureRandom} * include a list of known strong {@code SecureRandom}
* implementations in the {@code securerandom.strongAlgorithms} * implementations in the {@code securerandom.strongAlgorithms}
* Security property. * Security property.
* * <p>
* <pre> * Every implementation of the Java platform is required to
* SecureRandom sr = SecureRandom.getStrongSecureRandom(); * support at least one strong {@code SecureRandom} implementation.
*
* if (sr == null) {
* // Decide if this is a problem, and whether to recover.
* sr = new SecureRandom();
* if (!goodEnough(sr)) {
* return;
* }
* }
*
* keyPairGenerator.initialize(2048, sr);
* </pre>
* *
* @return a strong {@code SecureRandom} implementation as indicated * @return a strong {@code SecureRandom} implementation as indicated
* by the {@code securerandom.strongAlgorithms} Security property, or * by the {@code securerandom.strongAlgorithms} Security property
* null if none are available. *
* @throws NoSuchAlgorithmException if no algorithm is available
* *
* @see Security#getProperty(String) * @see Security#getProperty(String)
* *
* @since 1.8 * @since 1.8
*/ */
public static SecureRandom getStrongSecureRandom() { public static SecureRandom getInstanceStrong()
throws NoSuchAlgorithmException {
String property = AccessController.doPrivileged( String property = AccessController.doPrivileged(
new PrivilegedAction<String>() { new PrivilegedAction<String>() {
@ -622,7 +613,8 @@ public class SecureRandom extends java.util.Random {
}); });
if ((property == null) || (property.length() == 0)) { if ((property == null) || (property.length() == 0)) {
return null; throw new NoSuchAlgorithmException(
"Null/empty securerandom.strongAlgorithms Security Property");
} }
String remainder = property; String remainder = property;
@ -649,7 +641,8 @@ public class SecureRandom extends java.util.Random {
} }
} }
return null; throw new NoSuchAlgorithmException(
"No strong SecureRandom impls available: " + property);
} }
// Declare serialVersionUID to be compatible with JDK1.1 // Declare serialVersionUID to be compatible with JDK1.1

View File

@ -127,7 +127,7 @@ securerandom.source=file:/dev/random
# This is a comma-separated list of algorithm and/or algorithm:provider # This is a comma-separated list of algorithm and/or algorithm:provider
# entries. # entries.
# #
securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
# #
# Class to instantiate as the javax.security.auth.login.Configuration # Class to instantiate as the javax.security.auth.login.Configuration

View File

@ -120,7 +120,14 @@ public class StrongSecureRandom {
private static void testStrongInstance(boolean expected) throws Exception { private static void testStrongInstance(boolean expected) throws Exception {
boolean result = (SecureRandom.getStrongSecureRandom() != null); boolean result;
try {
SecureRandom.getInstanceStrong();
result = true;
} catch (NoSuchAlgorithmException e) {
result = false;
}
if (expected != result) { if (expected != result) {
throw new Exception("Received: " + result); throw new Exception("Received: " + result);