use only one SecureRandom instance

uwemaurer · uwemaurer · commit 50f0ef75fde5 · 2022-04-08T14:19:04.000+02:00
diff --git a/src/main/java/org/kopi/ebics/certificate/KeyUtil.java b/src/main/java/org/kopi/ebics/certificate/KeyUtil.java
@@ -31,6 +31,7 @@
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.binary.Hex;
 import org.kopi.ebics.exception.EbicsException;
+import org.kopi.ebics.utils.Utils;
 
 /**
  * Some key utilities
@@ -50,15 +51,13 @@ private KeyUtil() {
    * @return KeyPair the key pair
    * @throws NoSuchAlgorithmException
    */
-  public static KeyPair makeKeyPair(int keyLen) throws NoSuchAlgorithmException{
+  public static KeyPair makeKeyPair(int keyLen) throws NoSuchAlgorithmException {
     KeyPairGenerator 		keyGen;
 
     keyGen = KeyPairGenerator.getInstance("RSA");
-    keyGen.initialize(keyLen, new SecureRandom());
+    keyGen.initialize(keyLen, Utils.secureRandom);
 
-    KeyPair keypair = keyGen.generateKeyPair();
-
-    return keypair;
+    return keyGen.generateKeyPair();
 
   }
 
@@ -68,16 +67,8 @@ public static KeyPair makeKeyPair(int keyLen) throws NoSuchAlgorithmException{
    * @return the password
    */
   public static String generatePassword() {
-    SecureRandom 		random;
-
-    try {
-      random = SecureRandom.getInstance("SHA1PRNG");
-      String pwd = Base64.encodeBase64String(random.generateSeed(5));
-
+      String pwd = Base64.encodeBase64String(Utils.secureRandom.generateSeed(5));
       return pwd.substring(0, pwd.length() - 2);
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    }
   }
 
   /**
diff --git a/src/main/java/org/kopi/ebics/certificate/X509Generator.java b/src/main/java/org/kopi/ebics/certificate/X509Generator.java
@@ -26,7 +26,6 @@
 import java.security.GeneralSecurityException;
 import java.security.KeyPair;
 import java.security.PublicKey;
-import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -49,6 +48,7 @@
 import org.bouncycastle.asn1.x509.X509Name;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.x509.X509V3CertificateGenerator;
+import org.kopi.ebics.utils.Utils;
 
 /**
  * An X509 certificate generator for EBICS protocol.
@@ -194,7 +194,7 @@ public X509Certificate generate(KeyPair keypair,
       break;
     }
 
-    certificate = generator.generate(keypair.getPrivate(), "BC", new SecureRandom());
+    certificate = generator.generate(keypair.getPrivate(), "BC", Utils.secureRandom);
     certificate.checkValidity(new Date());
     certificate.verify(keypair.getPublic());
 
diff --git a/src/main/java/org/kopi/ebics/security/EbicsSocketFactory.java b/src/main/java/org/kopi/ebics/security/EbicsSocketFactory.java
@@ -26,13 +26,14 @@
 import java.net.UnknownHostException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
-import java.security.SecureRandom;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
 
+import org.kopi.ebics.utils.Utils;
+
 /**
  * A simple SSL socket factory for EBICS client.
  *
@@ -81,7 +82,7 @@ public EbicsSocketFactory(byte[] keystore,
    * Returns the <code>SSLContext</code> from key store information.
    * @param keystore the key store
    * @param keystoreType the key store type
-   * @param keystrorePass the key store password
+   * @param keystorePass the key store password
    * @param truststore the trust store
    * @param truststoreType the trust store type
    * @param truststorePass the trust store password
@@ -91,7 +92,7 @@ public EbicsSocketFactory(byte[] keystore,
    */
   public SSLContext getSSLContext(byte[] keystore,
                                   String keystoreType,
-                                  char[] keystrorePass,
+                                  char[] keystorePass,
                                   byte[] truststore,
                                   String truststoreType,
                                   char[] truststorePass)
@@ -103,15 +104,15 @@ public SSLContext getSSLContext(byte[] keystore,
     TrustManagerFactory 	tmf;
     SSLContext			context;
 
-    kstore = initKeyStore(keystore, keystrorePass, keystoreType);
+    kstore = initKeyStore(keystore, keystorePass, keystoreType);
     kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-    kmf.init(kstore, keystrorePass);
+    kmf.init(kstore, keystorePass);
 
     tstore = initKeyStore(truststore, truststorePass, truststoreType);
     tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
     tmf.init(tstore);
     context = SSLContext.getInstance("TLS");
-    context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
+    context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), Utils.secureRandom);
 
     return context;
   }
diff --git a/src/main/java/org/kopi/ebics/utils/Utils.java b/src/main/java/org/kopi/ebics/utils/Utils.java
@@ -60,6 +60,8 @@ public final class Utils {
     org.apache.xml.security.Init.init();
   }
 
+  public static final SecureRandom secureRandom = new SecureRandom();
+
   private Utils() {
   }
 
@@ -119,24 +121,13 @@ public static byte[] zip(byte[] toZip) throws EbicsException {
    * be at least 100 bits.
    * 
    * @return a random nonce.
-   * @throws EbicsException nonce generation fails.
    */
-  public static byte[] generateNonce() throws EbicsException {
-    try {
-      SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
-      return secureRandom.generateSeed(16);
-    } catch (NoSuchAlgorithmException e) {
-      throw new EbicsException(e.getMessage());
-    }
+  public static byte[] generateNonce() {
+    return secureRandom.generateSeed(16);
   }
 
-  public static byte[] generateKey() throws EbicsException {
-    try {
-      SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
-      return secureRandom.generateSeed(16);
-    } catch (NoSuchAlgorithmException e) {
-      throw new EbicsException(e.getMessage());
-    }
+  public static byte[] generateKey() {
+    return secureRandom.generateSeed(16);
   }
 
   /**
diff --git a/src/main/java/org/kopi/ebics/xml/DefaultEbicsRootElement.java b/src/main/java/org/kopi/ebics/xml/DefaultEbicsRootElement.java
@@ -26,7 +26,6 @@
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.math.BigInteger;
-import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -47,6 +46,7 @@
 import org.kopi.ebics.interfaces.EbicsOrderType;
 import org.kopi.ebics.interfaces.EbicsRootElement;
 import org.kopi.ebics.session.EbicsSession;
+import org.kopi.ebics.utils.Utils;
 
 public abstract class DefaultEbicsRootElement implements EbicsRootElement {
 
@@ -134,7 +134,7 @@ public void insertSchemaLocation(String namespaceURI,
    * @return the generated file name.
    */
   public static String generateName(EbicsOrderType type) {
-    return type.getCode() + new BigInteger(130, new SecureRandom()).toString(32);
+    return type.getCode() + new BigInteger(130, Utils.secureRandom).toString(32);
   }
   
   /**
@@ -143,7 +143,7 @@ public static String generateName(EbicsOrderType type) {
    * @return the generated file name.
    */
   public static String generateName(String prefix) {
-    return prefix + new BigInteger(130, new SecureRandom()).toString(32);
+    return prefix + new BigInteger(130, Utils.secureRandom).toString(32);
   }
 
   @Override
