685 lines
24 KiB
Java
685 lines
24 KiB
Java
/*
|
|
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package java.security;
|
|
|
|
import java.util.*;
|
|
import java.util.regex.*;
|
|
|
|
import java.security.Provider.Service;
|
|
|
|
import sun.security.jca.*;
|
|
import sun.security.jca.GetInstance.Instance;
|
|
|
|
/**
|
|
* This class provides a cryptographically strong random number
|
|
* generator (RNG).
|
|
*
|
|
* <p>A cryptographically strong random number
|
|
* minimally complies with the statistical random number generator tests
|
|
* specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
|
|
* <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>,
|
|
* section 4.9.1.
|
|
* Additionally, SecureRandom must produce non-deterministic output.
|
|
* Therefore any seed material passed to a SecureRandom object must be
|
|
* unpredictable, and all SecureRandom output sequences must be
|
|
* cryptographically strong, as described in
|
|
* <a href="http://www.ietf.org/rfc/rfc1750.txt">
|
|
* <i>RFC 1750: Randomness Recommendations for Security</i></a>.
|
|
*
|
|
* <p>A caller obtains a SecureRandom instance via the
|
|
* no-argument constructor or one of the <code>getInstance</code> methods:
|
|
*
|
|
* <pre>
|
|
* SecureRandom random = new SecureRandom();
|
|
* </pre>
|
|
*
|
|
* <p> Many SecureRandom implementations are in the form of a pseudo-random
|
|
* number generator (PRNG), which means they use a deterministic algorithm
|
|
* to produce a pseudo-random sequence from a true random seed.
|
|
* Other implementations may produce true random numbers,
|
|
* and yet others may use a combination of both techniques.
|
|
*
|
|
* <p> Typical callers of SecureRandom invoke the following methods
|
|
* to retrieve random bytes:
|
|
*
|
|
* <pre>
|
|
* SecureRandom random = new SecureRandom();
|
|
* byte bytes[] = new byte[20];
|
|
* random.nextBytes(bytes);
|
|
* </pre>
|
|
*
|
|
* <p> Callers may also invoke the <code>generateSeed</code> method
|
|
* to generate a given number of seed bytes (to seed other random number
|
|
* generators, for example):
|
|
* <pre>
|
|
* byte seed[] = random.generateSeed(20);
|
|
* </pre>
|
|
*
|
|
* Note: Depending on the implementation, the <code>generateSeed</code> and
|
|
* <code>nextBytes</code> methods may block as entropy is being gathered,
|
|
* for example, if they need to read from /dev/random on various Unix-like
|
|
* operating systems.
|
|
*
|
|
* @see java.security.SecureRandomSpi
|
|
* @see java.util.Random
|
|
*
|
|
* @author Benjamin Renaud
|
|
* @author Josh Bloch
|
|
*/
|
|
|
|
public class SecureRandom extends java.util.Random {
|
|
|
|
/**
|
|
* The provider.
|
|
*
|
|
* @serial
|
|
* @since 1.2
|
|
*/
|
|
private Provider provider = null;
|
|
|
|
/**
|
|
* The provider implementation.
|
|
*
|
|
* @serial
|
|
* @since 1.2
|
|
*/
|
|
private SecureRandomSpi secureRandomSpi = null;
|
|
|
|
/*
|
|
* The algorithm name of null if unknown.
|
|
*
|
|
* @serial
|
|
* @since 1.5
|
|
*/
|
|
private String algorithm;
|
|
|
|
// Seed Generator
|
|
private static volatile SecureRandom seedGenerator = null;
|
|
|
|
/**
|
|
* Constructs a secure random number generator (RNG) implementing the
|
|
* default random number algorithm.
|
|
*
|
|
* <p> This constructor traverses the list of registered security Providers,
|
|
* starting with the most preferred Provider.
|
|
* A new SecureRandom object encapsulating the
|
|
* SecureRandomSpi implementation from the first
|
|
* Provider that supports a SecureRandom (RNG) algorithm is returned.
|
|
* If none of the Providers support a RNG algorithm,
|
|
* then an implementation-specific default is returned.
|
|
*
|
|
* <p> Note that the list of registered providers may be retrieved via
|
|
* the {@link Security#getProviders() Security.getProviders()} method.
|
|
*
|
|
* <p> See the SecureRandom section in the <a href=
|
|
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
|
|
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
|
|
* for information about standard RNG algorithm names.
|
|
*
|
|
* <p> The returned SecureRandom object has not been seeded. To seed the
|
|
* returned object, call the <code>setSeed</code> method.
|
|
* If <code>setSeed</code> is not called, the first call to
|
|
* <code>nextBytes</code> will force the SecureRandom object to seed itself.
|
|
* This self-seeding will not occur if <code>setSeed</code> was
|
|
* previously called.
|
|
*/
|
|
public SecureRandom() {
|
|
/*
|
|
* This call to our superclass constructor will result in a call
|
|
* to our own <code>setSeed</code> method, which will return
|
|
* immediately when it is passed zero.
|
|
*/
|
|
super(0);
|
|
getDefaultPRNG(false, null);
|
|
}
|
|
|
|
/**
|
|
* Constructs a secure random number generator (RNG) implementing the
|
|
* default random number algorithm.
|
|
* The SecureRandom instance is seeded with the specified seed bytes.
|
|
*
|
|
* <p> This constructor traverses the list of registered security Providers,
|
|
* starting with the most preferred Provider.
|
|
* A new SecureRandom object encapsulating the
|
|
* SecureRandomSpi implementation from the first
|
|
* Provider that supports a SecureRandom (RNG) algorithm is returned.
|
|
* If none of the Providers support a RNG algorithm,
|
|
* then an implementation-specific default is returned.
|
|
*
|
|
* <p> Note that the list of registered providers may be retrieved via
|
|
* the {@link Security#getProviders() Security.getProviders()} method.
|
|
*
|
|
* <p> See the SecureRandom section in the <a href=
|
|
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
|
|
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
|
|
* for information about standard RNG algorithm names.
|
|
*
|
|
* @param seed the seed.
|
|
*/
|
|
public SecureRandom(byte seed[]) {
|
|
super(0);
|
|
getDefaultPRNG(true, seed);
|
|
}
|
|
|
|
private void getDefaultPRNG(boolean setSeed, byte[] seed) {
|
|
String prng = getPrngAlgorithm();
|
|
if (prng == null) {
|
|
// bummer, get the SUN implementation
|
|
prng = "SHA1PRNG";
|
|
this.secureRandomSpi = new sun.security.provider.SecureRandom();
|
|
this.provider = Providers.getSunProvider();
|
|
if (setSeed) {
|
|
this.secureRandomSpi.engineSetSeed(seed);
|
|
}
|
|
} else {
|
|
try {
|
|
SecureRandom random = SecureRandom.getInstance(prng);
|
|
this.secureRandomSpi = random.getSecureRandomSpi();
|
|
this.provider = random.getProvider();
|
|
if (setSeed) {
|
|
this.secureRandomSpi.engineSetSeed(seed);
|
|
}
|
|
} catch (NoSuchAlgorithmException nsae) {
|
|
// never happens, because we made sure the algorithm exists
|
|
throw new RuntimeException(nsae);
|
|
}
|
|
}
|
|
// JDK 1.1 based implementations subclass SecureRandom instead of
|
|
// SecureRandomSpi. They will also go through this code path because
|
|
// they must call a SecureRandom constructor as it is their superclass.
|
|
// If we are dealing with such an implementation, do not set the
|
|
// algorithm value as it would be inaccurate.
|
|
if (getClass() == SecureRandom.class) {
|
|
this.algorithm = prng;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Creates a SecureRandom object.
|
|
*
|
|
* @param secureRandomSpi the SecureRandom implementation.
|
|
* @param provider the provider.
|
|
*/
|
|
protected SecureRandom(SecureRandomSpi secureRandomSpi,
|
|
Provider provider) {
|
|
this(secureRandomSpi, provider, null);
|
|
}
|
|
|
|
private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider,
|
|
String algorithm) {
|
|
super(0);
|
|
this.secureRandomSpi = secureRandomSpi;
|
|
this.provider = provider;
|
|
this.algorithm = algorithm;
|
|
}
|
|
|
|
/**
|
|
* Returns a SecureRandom object that implements the specified
|
|
* Random Number Generator (RNG) algorithm.
|
|
*
|
|
* <p> This method traverses the list of registered security Providers,
|
|
* starting with the most preferred Provider.
|
|
* A new SecureRandom object encapsulating the
|
|
* SecureRandomSpi implementation from the first
|
|
* Provider that supports the specified algorithm is returned.
|
|
*
|
|
* <p> Note that the list of registered providers may be retrieved via
|
|
* the {@link Security#getProviders() Security.getProviders()} method.
|
|
*
|
|
* <p> The returned SecureRandom object has not been seeded. To seed the
|
|
* returned object, call the <code>setSeed</code> method.
|
|
* If <code>setSeed</code> is not called, the first call to
|
|
* <code>nextBytes</code> will force the SecureRandom object to seed itself.
|
|
* This self-seeding will not occur if <code>setSeed</code> was
|
|
* previously called.
|
|
*
|
|
* @param algorithm the name of the RNG algorithm.
|
|
* See the SecureRandom section in the <a href=
|
|
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
|
|
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
|
|
* for information about standard RNG algorithm names.
|
|
*
|
|
* @return the new SecureRandom object.
|
|
*
|
|
* @exception NoSuchAlgorithmException if no Provider supports a
|
|
* SecureRandomSpi implementation for the
|
|
* specified algorithm.
|
|
*
|
|
* @see Provider
|
|
*
|
|
* @since 1.2
|
|
*/
|
|
public static SecureRandom getInstance(String algorithm)
|
|
throws NoSuchAlgorithmException {
|
|
Instance instance = GetInstance.getInstance("SecureRandom",
|
|
SecureRandomSpi.class, algorithm);
|
|
return new SecureRandom((SecureRandomSpi)instance.impl,
|
|
instance.provider, algorithm);
|
|
}
|
|
|
|
/**
|
|
* Returns a SecureRandom object that implements the specified
|
|
* Random Number Generator (RNG) algorithm.
|
|
*
|
|
* <p> A new SecureRandom object encapsulating the
|
|
* SecureRandomSpi implementation from the specified provider
|
|
* is returned. The specified provider must be registered
|
|
* in the security provider list.
|
|
*
|
|
* <p> Note that the list of registered providers may be retrieved via
|
|
* the {@link Security#getProviders() Security.getProviders()} method.
|
|
*
|
|
* <p> The returned SecureRandom object has not been seeded. To seed the
|
|
* returned object, call the <code>setSeed</code> method.
|
|
* If <code>setSeed</code> is not called, the first call to
|
|
* <code>nextBytes</code> will force the SecureRandom object to seed itself.
|
|
* This self-seeding will not occur if <code>setSeed</code> was
|
|
* previously called.
|
|
*
|
|
* @param algorithm the name of the RNG algorithm.
|
|
* See the SecureRandom section in the <a href=
|
|
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
|
|
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
|
|
* for information about standard RNG algorithm names.
|
|
*
|
|
* @param provider the name of the provider.
|
|
*
|
|
* @return the new SecureRandom object.
|
|
*
|
|
* @exception NoSuchAlgorithmException if a SecureRandomSpi
|
|
* implementation for the specified algorithm is not
|
|
* available from the specified provider.
|
|
*
|
|
* @exception NoSuchProviderException if the specified provider is not
|
|
* registered in the security provider list.
|
|
*
|
|
* @exception IllegalArgumentException if the provider name is null
|
|
* or empty.
|
|
*
|
|
* @see Provider
|
|
*
|
|
* @since 1.2
|
|
*/
|
|
public static SecureRandom getInstance(String algorithm, String provider)
|
|
throws NoSuchAlgorithmException, NoSuchProviderException {
|
|
Instance instance = GetInstance.getInstance("SecureRandom",
|
|
SecureRandomSpi.class, algorithm, provider);
|
|
return new SecureRandom((SecureRandomSpi)instance.impl,
|
|
instance.provider, algorithm);
|
|
}
|
|
|
|
/**
|
|
* Returns a SecureRandom object that implements the specified
|
|
* Random Number Generator (RNG) algorithm.
|
|
*
|
|
* <p> A new SecureRandom object encapsulating the
|
|
* SecureRandomSpi implementation from the specified Provider
|
|
* object is returned. Note that the specified Provider object
|
|
* does not have to be registered in the provider list.
|
|
*
|
|
* <p> The returned SecureRandom object has not been seeded. To seed the
|
|
* returned object, call the <code>setSeed</code> method.
|
|
* If <code>setSeed</code> is not called, the first call to
|
|
* <code>nextBytes</code> will force the SecureRandom object to seed itself.
|
|
* This self-seeding will not occur if <code>setSeed</code> was
|
|
* previously called.
|
|
*
|
|
* @param algorithm the name of the RNG algorithm.
|
|
* See the SecureRandom section in the <a href=
|
|
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
|
|
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
|
|
* for information about standard RNG algorithm names.
|
|
*
|
|
* @param provider the provider.
|
|
*
|
|
* @return the new SecureRandom object.
|
|
*
|
|
* @exception NoSuchAlgorithmException if a SecureRandomSpi
|
|
* implementation for the specified algorithm is not available
|
|
* from the specified Provider object.
|
|
*
|
|
* @exception IllegalArgumentException if the specified provider is null.
|
|
*
|
|
* @see Provider
|
|
*
|
|
* @since 1.4
|
|
*/
|
|
public static SecureRandom getInstance(String algorithm,
|
|
Provider provider) throws NoSuchAlgorithmException {
|
|
Instance instance = GetInstance.getInstance("SecureRandom",
|
|
SecureRandomSpi.class, algorithm, provider);
|
|
return new SecureRandom((SecureRandomSpi)instance.impl,
|
|
instance.provider, algorithm);
|
|
}
|
|
|
|
/**
|
|
* Returns the SecureRandomSpi of this SecureRandom object.
|
|
*/
|
|
SecureRandomSpi getSecureRandomSpi() {
|
|
return secureRandomSpi;
|
|
}
|
|
|
|
/**
|
|
* Returns the provider of this SecureRandom object.
|
|
*
|
|
* @return the provider of this SecureRandom object.
|
|
*/
|
|
public final Provider getProvider() {
|
|
return provider;
|
|
}
|
|
|
|
/**
|
|
* Returns the name of the algorithm implemented by this SecureRandom
|
|
* object.
|
|
*
|
|
* @return the name of the algorithm or <code>unknown</code>
|
|
* if the algorithm name cannot be determined.
|
|
* @since 1.5
|
|
*/
|
|
public String getAlgorithm() {
|
|
return (algorithm != null) ? algorithm : "unknown";
|
|
}
|
|
|
|
/**
|
|
* Reseeds this random object. The given seed supplements, rather than
|
|
* replaces, the existing seed. Thus, repeated calls are guaranteed
|
|
* never to reduce randomness.
|
|
*
|
|
* @param seed the seed.
|
|
*
|
|
* @see #getSeed
|
|
*/
|
|
synchronized public void setSeed(byte[] seed) {
|
|
secureRandomSpi.engineSetSeed(seed);
|
|
}
|
|
|
|
/**
|
|
* Reseeds this random object, using the eight bytes contained
|
|
* in the given <code>long seed</code>. The given seed supplements,
|
|
* rather than replaces, the existing seed. Thus, repeated calls
|
|
* are guaranteed never to reduce randomness.
|
|
*
|
|
* <p>This method is defined for compatibility with
|
|
* <code>java.util.Random</code>.
|
|
*
|
|
* @param seed the seed.
|
|
*
|
|
* @see #getSeed
|
|
*/
|
|
@Override
|
|
public void setSeed(long seed) {
|
|
/*
|
|
* Ignore call from super constructor (as well as any other calls
|
|
* unfortunate enough to be passing 0). It's critical that we
|
|
* ignore call from superclass constructor, as digest has not
|
|
* yet been initialized at that point.
|
|
*/
|
|
if (seed != 0) {
|
|
secureRandomSpi.engineSetSeed(longToByteArray(seed));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generates a user-specified number of random bytes.
|
|
*
|
|
* <p> If a call to <code>setSeed</code> had not occurred previously,
|
|
* the first call to this method forces this SecureRandom object
|
|
* to seed itself. This self-seeding will not occur if
|
|
* <code>setSeed</code> was previously called.
|
|
*
|
|
* @param bytes the array to be filled in with random bytes.
|
|
*/
|
|
@Override
|
|
synchronized public void nextBytes(byte[] bytes) {
|
|
secureRandomSpi.engineNextBytes(bytes);
|
|
}
|
|
|
|
/**
|
|
* Generates an integer containing the user-specified number of
|
|
* pseudo-random bits (right justified, with leading zeros). This
|
|
* method overrides a <code>java.util.Random</code> method, and serves
|
|
* to provide a source of random bits to all of the methods inherited
|
|
* from that class (for example, <code>nextInt</code>,
|
|
* <code>nextLong</code>, and <code>nextFloat</code>).
|
|
*
|
|
* @param numBits number of pseudo-random bits to be generated, where
|
|
* {@code 0 <= numBits <= 32}.
|
|
*
|
|
* @return an <code>int</code> containing the user-specified number
|
|
* of pseudo-random bits (right justified, with leading zeros).
|
|
*/
|
|
@Override
|
|
final protected int next(int numBits) {
|
|
int numBytes = (numBits+7)/8;
|
|
byte b[] = new byte[numBytes];
|
|
int next = 0;
|
|
|
|
nextBytes(b);
|
|
for (int i = 0; i < numBytes; i++) {
|
|
next = (next << 8) + (b[i] & 0xFF);
|
|
}
|
|
|
|
return next >>> (numBytes*8 - numBits);
|
|
}
|
|
|
|
/**
|
|
* Returns the given number of seed bytes, computed using the seed
|
|
* generation algorithm that this class uses to seed itself. This
|
|
* call may be used to seed other random number generators.
|
|
*
|
|
* <p>This method is only included for backwards compatibility.
|
|
* The caller is encouraged to use one of the alternative
|
|
* <code>getInstance</code> methods to obtain a SecureRandom object, and
|
|
* then call the <code>generateSeed</code> method to obtain seed bytes
|
|
* from that object.
|
|
*
|
|
* @param numBytes the number of seed bytes to generate.
|
|
*
|
|
* @return the seed bytes.
|
|
*
|
|
* @see #setSeed
|
|
*/
|
|
public static byte[] getSeed(int numBytes) {
|
|
if (seedGenerator == null) {
|
|
seedGenerator = new SecureRandom();
|
|
}
|
|
return seedGenerator.generateSeed(numBytes);
|
|
}
|
|
|
|
/**
|
|
* Returns the given number of seed bytes, computed using the seed
|
|
* generation algorithm that this class uses to seed itself. This
|
|
* call may be used to seed other random number generators.
|
|
*
|
|
* @param numBytes the number of seed bytes to generate.
|
|
*
|
|
* @return the seed bytes.
|
|
*/
|
|
public byte[] generateSeed(int numBytes) {
|
|
return secureRandomSpi.engineGenerateSeed(numBytes);
|
|
}
|
|
|
|
/**
|
|
* Helper function to convert a long into a byte array (least significant
|
|
* byte first).
|
|
*/
|
|
private static byte[] longToByteArray(long l) {
|
|
byte[] retVal = new byte[8];
|
|
|
|
for (int i = 0; i < 8; i++) {
|
|
retVal[i] = (byte) l;
|
|
l >>= 8;
|
|
}
|
|
|
|
return retVal;
|
|
}
|
|
|
|
/**
|
|
* Gets a default PRNG algorithm by looking through all registered
|
|
* providers. Returns the first PRNG algorithm of the first provider that
|
|
* has registered a SecureRandom implementation, or null if none of the
|
|
* registered providers supplies a SecureRandom implementation.
|
|
*/
|
|
private static String getPrngAlgorithm() {
|
|
for (Provider p : Providers.getProviderList().providers()) {
|
|
for (Service s : p.getServices()) {
|
|
if (s.getType().equals("SecureRandom")) {
|
|
return s.getAlgorithm();
|
|
}
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
/*
|
|
* Lazily initialize since Pattern.compile() is heavy.
|
|
* Effective Java (2nd Edition), Item 71.
|
|
*/
|
|
private static final class StrongPatternHolder {
|
|
/*
|
|
* Entries are alg:prov separated by ,
|
|
* Allow for prepended/appended whitespace between entries.
|
|
*
|
|
* Capture groups:
|
|
* 1 - alg
|
|
* 2 - :prov (optional)
|
|
* 3 - prov (optional)
|
|
* 4 - ,nextEntry (optional)
|
|
* 5 - nextEntry (optional)
|
|
*/
|
|
private static Pattern pattern =
|
|
Pattern.compile(
|
|
"\\s*([\\S&&[^:,]]*)(\\:([\\S&&[^,]]*))?\\s*(\\,(.*))?");
|
|
}
|
|
|
|
/**
|
|
* Returns a {@code SecureRandom} object that was selected by using
|
|
* the algorithms/providers specified in the {@code
|
|
* securerandom.strongAlgorithms} Security property.
|
|
* <p>
|
|
* Some situations require strong random values, such as when
|
|
* creating high-value/long-lived secrets like RSA public/private
|
|
* keys. To help guide applications in selecting a suitable strong
|
|
* {@code SecureRandom} implementation, Java distributions should
|
|
* include a list of known strong {@code SecureRandom}
|
|
* implementations in the {@code securerandom.strongAlgorithms}
|
|
* Security property.
|
|
*
|
|
* <pre>
|
|
* SecureRandom sr = SecureRandom.getStrongSecureRandom();
|
|
*
|
|
* if (sr == null) {
|
|
* // Decide if this is a problem, and whether to recover.
|
|
* sr = new SecureRandom();
|
|
* if (!goodEnough(sr)) {
|
|
* return;
|
|
* }
|
|
* }
|
|
*
|
|
* keyPairGenerator.initialize(2048, sr);
|
|
* </pre>
|
|
*
|
|
* @return a strong {@code SecureRandom} implementation as indicated
|
|
* by the {@code securerandom.strongAlgorithms} Security property, or
|
|
* null if none are available.
|
|
*
|
|
* @see Security#getProperty(String)
|
|
*
|
|
* @since 1.8
|
|
*/
|
|
public static SecureRandom getStrongSecureRandom() {
|
|
|
|
String property = AccessController.doPrivileged(
|
|
new PrivilegedAction<String>() {
|
|
@Override
|
|
public String run() {
|
|
return Security.getProperty(
|
|
"securerandom.strongAlgorithms");
|
|
}
|
|
});
|
|
|
|
if ((property == null) || (property.length() == 0)) {
|
|
return null;
|
|
}
|
|
|
|
String remainder = property;
|
|
while (remainder != null) {
|
|
Matcher m;
|
|
if ((m = StrongPatternHolder.pattern.matcher(
|
|
remainder)).matches()) {
|
|
|
|
String alg = m.group(1);
|
|
String prov = m.group(3);
|
|
|
|
try {
|
|
if (prov == null) {
|
|
return SecureRandom.getInstance(alg);
|
|
} else {
|
|
return SecureRandom.getInstance(alg, prov);
|
|
}
|
|
} catch (NoSuchAlgorithmException |
|
|
NoSuchProviderException e) {
|
|
}
|
|
remainder = m.group(5);
|
|
} else {
|
|
remainder = null;
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
// Declare serialVersionUID to be compatible with JDK1.1
|
|
static final long serialVersionUID = 4940670005562187L;
|
|
|
|
// Retain unused values serialized from JDK1.1
|
|
/**
|
|
* @serial
|
|
*/
|
|
private byte[] state;
|
|
/**
|
|
* @serial
|
|
*/
|
|
private MessageDigest digest = null;
|
|
/**
|
|
* @serial
|
|
*
|
|
* We know that the MessageDigest class does not implement
|
|
* java.io.Serializable. However, since this field is no longer
|
|
* used, it will always be NULL and won't affect the serialization
|
|
* of the SecureRandom class itself.
|
|
*/
|
|
private byte[] randomBytes;
|
|
/**
|
|
* @serial
|
|
*/
|
|
private int randomBytesUsed;
|
|
/**
|
|
* @serial
|
|
*/
|
|
private long counter;
|
|
}
|