From 1e0b9d4d9769b61cd9a44b954e4bf483a38a0b9e Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@intalio.com>
Date: Thu, 7 Mar 2013 08:34:42 +1100
Subject: [PATCH] 402485 reseed secure random

---
 .../session/AbstractSessionIdManager.java     | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java
index d1ea0af8ed7..9e43b6f616e 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/AbstractSessionIdManager.java
@@ -37,6 +37,7 @@ public abstract class AbstractSessionIdManager extends AbstractLifeCycle impleme
     protected Random _random;
     protected boolean _weakRandom;
     protected String _workerName;
+    protected long _reseed=100000L;
     
     /* ------------------------------------------------------------ */
     public AbstractSessionIdManager()
@@ -50,6 +51,24 @@ public abstract class AbstractSessionIdManager extends AbstractLifeCycle impleme
     }
 
 
+    /* ------------------------------------------------------------ */
+    /**
+     * @return the reseed probability
+     */
+    public long getReseed()
+    {
+        return _reseed;
+    }
+
+    /* ------------------------------------------------------------ */
+    /** Set the reseed probability.
+     * @param reseed  If non zero then when a random long modulo the reseed value == 1, the {@link SecureRandom} will be reseeded.
+     */
+    public void setReseed(long reseed)
+    {
+        _reseed = reseed;
+    }
+
     /* ------------------------------------------------------------ */
     /**
      * Get the workname. If set, the workername is dot appended to the session
@@ -125,6 +144,22 @@ public abstract class AbstractSessionIdManager extends AbstractLifeCycle impleme
                 :_random.nextLong();
                 if (r0<0)
                     r0=-r0;
+
+		// random chance to reseed
+		if (_reseed>0 && (r0%_reseed)== 1L)
+		{
+		    LOG.debug("Reseeding {}",this);
+		    if (_random instanceof SecureRandom)
+		    {
+			SecureRandom secure = (SecureRandom)_random;
+			secure.setSeed(secure.generateSeed(8));
+		    }
+		    else
+		    {
+			_random.setSeed(_random.nextLong()^System.currentTimeMillis()^request.hashCode()^Runtime.getRuntime().freeMemory());
+		    }
+		}
+
                 long r1=_weakRandom
                 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
                 :_random.nextLong();