ARTEMIS-3899 improve salt calculation
Update the salt calculation to more closely align with the
"Randomness Recommendations for Security" at
https://www.ietf.org/rfc/rfc1750.txt.
This was inadvertently changed in
5965a45894
.
This commit is contained in:
parent
a2262612ca
commit
a49066e6b7
|
@ -23,6 +23,7 @@ import javax.crypto.spec.SecretKeySpec;
|
|||
|
||||
import java.math.BigInteger;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
|
@ -111,7 +112,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
|||
return algorithm.verify(inputValue, storedValue);
|
||||
}
|
||||
|
||||
private abstract class CodecAlgorithm {
|
||||
private abstract static class CodecAlgorithm {
|
||||
|
||||
protected Map<String, String> params;
|
||||
|
||||
|
@ -202,7 +203,7 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
|||
}
|
||||
}
|
||||
|
||||
private class PBKDF2Algorithm extends CodecAlgorithm {
|
||||
private static class PBKDF2Algorithm extends CodecAlgorithm {
|
||||
private static final String SEPARATOR = ":";
|
||||
private String sceretKeyAlgorithm = "PBKDF2WithHmacSHA1";
|
||||
private String randomScheme = "SHA1PRNG";
|
||||
|
@ -210,10 +211,14 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
|||
private int saltLength = 32;
|
||||
private int iterations = 1024;
|
||||
private SecretKeyFactory skf;
|
||||
private static SecureRandom sr;
|
||||
|
||||
PBKDF2Algorithm(Map<String, String> params) throws NoSuchAlgorithmException {
|
||||
super(params);
|
||||
skf = SecretKeyFactory.getInstance(sceretKeyAlgorithm);
|
||||
if (sr == null) {
|
||||
sr = SecureRandom.getInstance(randomScheme);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -221,8 +226,9 @@ public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
|
|||
throw new IllegalArgumentException("Algorithm doesn't support decoding");
|
||||
}
|
||||
|
||||
public byte[] getSalt() throws NoSuchAlgorithmException {
|
||||
byte[] salt = RandomUtil.randomBytes(this.saltLength);
|
||||
public byte[] getSalt() {
|
||||
byte[] salt = new byte[this.saltLength];
|
||||
sr.nextBytes(salt);
|
||||
return salt;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue