From: markt Date: Fri, 25 Mar 2011 12:20:39 +0000 (+0000) Subject: Securely seed the SecureRandom instance used for UUID generation and report excessive... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=d9511fde66eded100686899c0d26c81c92451f91;p=tomcat7.0 Securely seed the SecureRandom instance used for UUID generation and report excessive creation time (greater than 100ms) at INFO level. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1085346 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/tribes/util/LocalStrings.properties b/java/org/apache/catalina/tribes/util/LocalStrings.properties new file mode 100644 index 000000000..18a05669a --- /dev/null +++ b/java/org/apache/catalina/tribes/util/LocalStrings.properties @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +uuidGenerator.createRandom=Creation of SecureRandom instance for UUID generation using [{0}] took [{1}] milliseconds. diff --git a/java/org/apache/catalina/tribes/util/UUIDGenerator.java b/java/org/apache/catalina/tribes/util/UUIDGenerator.java index 2fc83a1c0..581e65c4b 100644 --- a/java/org/apache/catalina/tribes/util/UUIDGenerator.java +++ b/java/org/apache/catalina/tribes/util/UUIDGenerator.java @@ -19,12 +19,19 @@ package org.apache.catalina.tribes.util; import java.security.SecureRandom; import java.util.Random; +import org.apache.juli.logging.Log; +import org.apache.juli.logging.LogFactory; + /** * simple generation of a UUID * @author Filip Hanik * @version 1.0 */ public class UUIDGenerator { + private static final Log log = LogFactory.getLog(UUIDGenerator.class); + protected static final StringManager sm = + StringManager.getManager("org.apache.catalina.tribes.util"); + public static final int UUID_LENGTH = 16; public static final int UUID_VERSION = 4; public static final int BYTES_PER_INT = 4; @@ -32,9 +39,17 @@ public class UUIDGenerator { protected static SecureRandom secrand = null; protected static Random rand = new Random(); + static { + long start = System.currentTimeMillis(); secrand = new SecureRandom(); - secrand.setSeed(rand.nextLong()); + // seed the generator + secrand.nextInt(); + long time = System.currentTimeMillis() - start; + if (time > 100) { + log.info(sm.getString("uuidGenerator.createRandom", + secrand.getAlgorithm(), Long.valueOf(time))); + } } public static byte[] randomUUID(boolean secure) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b9be91e42..add699375 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -116,6 +116,15 @@ + + + + Securely seed the SecureRandom instance used for UUID generation and + report excessive creation time (greater than 100ms) at INFO level. + (markt) + + +