From a92967d890fa8e3f05e947e5053ae7332073e80f Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Thu, 26 Mar 2020 18:23:21 -0600 Subject: [PATCH] Remove useless max-random-operations feature from CryptoService --- doc/src/asciidoc/module_cryptoservice.adoc | 6 ++---- .../src/main/java/org/jpos/crypto/CryptoService.java | 11 ++++++----- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/doc/src/asciidoc/module_cryptoservice.adoc b/doc/src/asciidoc/module_cryptoservice.adoc index d12a13b4ca..bc652c5730 100644 --- a/doc/src/asciidoc/module_cryptoservice.adoc +++ b/doc/src/asciidoc/module_cryptoservice.adoc @@ -65,9 +65,8 @@ The crypto service can be configured using a QBean descriptor like this: <5> <6> <7> - <8> <9> + class="org.jpos.crypto.SysConfigCryptoServiceKeyStoreProvider" /> <8> ------------ <1> custodian PGP id, there can be many `custodian` entries. @@ -77,8 +76,7 @@ The crypto service can be configured using a QBean descriptor like this: <5> key length defaults to 256. Can be reduced if AES-256 is not supported by the JVM due to export restrictions. <6> key duration <7> internal key cache time-to-live (in millis). -<8> after max-random-operations (default to 100000), SecureRandom object gets discarded. -<9> CryptoServiceKeyStoreProvider class configuration. +<8> CryptoServiceKeyStoreProvider class configuration. [TIP] ===== diff --git a/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java b/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java index 7e532f0d94..143f6ee14a 100644 --- a/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java +++ b/modules/cryptoservice/src/main/java/org/jpos/crypto/CryptoService.java @@ -77,10 +77,13 @@ public final class CryptoService extends QBeanSupport implements Runnable, XmlCo private long ttl; private long duration; private Supplier unlock; - private Recyclable rnd; - private int maxRandomOperations = 100000; + private static SecureRandom rnd; private CryptoServiceKeyStoreProvider ksProvider; + static { + rnd = new SecureRandom(); + } + /** * Encrypts data using the current key * @param b data to encrypt @@ -201,7 +204,6 @@ public boolean isLocked () { @Override protected void initService() throws ConfigurationException { - rnd = new Recyclable<>(SecureRandom::new, maxRandomOperations); if (!lazy.get()) new Thread(this, getName()).start(); NameRegistrar.register(getName(), this); @@ -230,7 +232,6 @@ public void setConfiguration (Configuration cfg) throws ConfigurationException { waitTimeout = cfg.getLong("timeout", 30000L); ttl = cfg.getLong("ttl", 3600000L); duration = cfg.getLong("duration", 86400000L); - maxRandomOperations = cfg.getInt("max-random-operations", 100000); String unlockPassword = cfg.get("unlock-password", null); if (unlockPassword != null) { try { @@ -302,7 +303,7 @@ private byte[] decrypt (SecretKey sk, IvParameterSpec iv, byte[] cryptogram) private byte[] randomIV() { final byte[] b = new byte[16]; - rnd.get().nextBytes(b); + rnd.nextBytes(b); return b; }