diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java index 87c9ed738c..910b2d5606 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java +++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java @@ -716,12 +716,7 @@ public class BCrypt { * factor therefore increases as 2**log_rounds. * @return an encoded salt value * @exception IllegalArgumentException if prefix or log_rounds is invalid - * @deprecated since 6.4 in favor of {@link #gensalt(String, int, SecureRandom)}. - * Creating a new {@code SecureRandom} instance on every invocation incurs significant - * performance overhead. Use {@link #gensalt(String, int, SecureRandom)} with a reusable - * {@code SecureRandom} instance instead. */ - @Deprecated(since = "6.4", forRemoval = false) public static String gensalt(String prefix, int log_rounds) throws IllegalArgumentException { return gensalt(prefix, log_rounds, new SecureRandom()); } @@ -744,12 +739,7 @@ public class BCrypt { * factor therefore increases as 2**log_rounds. * @return an encoded salt value * @exception IllegalArgumentException if log_rounds is invalid - * @deprecated since 6.4 in favor of {@link #gensalt(int, SecureRandom)}. - * Creating a new {@code SecureRandom} instance on every invocation incurs significant - * performance overhead. Use {@link #gensalt(int, SecureRandom)} with a reusable - * {@code SecureRandom} instance instead. */ - @Deprecated(since = "6.4", forRemoval = false) public static String gensalt(int log_rounds) throws IllegalArgumentException { return gensalt(log_rounds, new SecureRandom()); } diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java index 3c0eaa3595..10e8322be8 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java @@ -44,24 +44,24 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder { private final BCryptVersion version; - private final @Nullable SecureRandom random; + private final SecureRandom random; public BCryptPasswordEncoder() { - this(-1, new SecureRandom()); + this(-1); } /** * @param strength the log rounds to use, between 4 and 31 */ public BCryptPasswordEncoder(int strength) { - this(strength, new SecureRandom()); + this(strength, null); } /** * @param version the version of bcrypt, can be 2a,2b,2y */ public BCryptPasswordEncoder(BCryptVersion version) { - this(version, new SecureRandom()); + this(version, null); } /** @@ -85,7 +85,7 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder { * @param strength the log rounds to use, between 4 and 31 */ public BCryptPasswordEncoder(BCryptVersion version, int strength) { - this(version, strength, new SecureRandom()); + this(version, strength, null); } /** @@ -99,7 +99,7 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder { } this.version = version; this.strength = (strength == -1) ? 10 : strength; - this.random = random; + this.random = (random != null) ? random : SecureRandomHolder.INSTANCE; } @Override @@ -109,10 +109,7 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder { } private String getSalt() { - if (this.random != null) { - return BCrypt.gensalt(this.version.getVersion(), this.strength, this.random); - } - return BCrypt.gensalt(this.version.getVersion(), this.strength); + return BCrypt.gensalt(this.version.getVersion(), this.strength, this.random); } @Override @@ -159,4 +156,10 @@ public class BCryptPasswordEncoder extends AbstractValidatingPasswordEncoder { } + private static final class SecureRandomHolder { + + private static final SecureRandom INSTANCE = new SecureRandom(); + + } + }