By using a static holder, we can leave method contracts
as-is and still maintain the performance benefit.
Issue gh-17824
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Creating a new SecureRandom instance on every call causes
unnecessary performance overhead. This change:
- Deprecates BCrypt.gensalt(String, int) method
- Modifies BCryptPasswordEncoder constructors to create
and reuse SecureRandom instances
- Maintains backward compatibility
All existing tests pass.
Closes gh-17824
Signed-off-by: Yerin Lee <rt8632@naver.com>
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.
This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
This commit reorders the originally changed boolean logic so that it returns
false early, as it did before. This allows the change to remain small and also
keeps the most complex logical statements outside of the if statement.
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Wrap bit-shift expressions in {@code ...} so that Javadoc does not parse
'<' as HTML and emit invalid input warnings.
Signed-off-by: Jeongwon Been <congcoding@gmail.com>
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
(see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
