Design review: JEP 273: DRBG-Based SecureRandom Implementations
Wang Weijun
weijun.wang at oracle.com
Sat Nov 21 14:40:13 UTC 2015
> On Nov 20, 2015, at 8:23 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
>
>>> 2. For each of these, if you have getInstance(alg, params), there is no getInstance(alg). Obviously, for SecureRandom we need to have both.
>>
>> Right, this is the first case where we have both variants of getInstance.
>>
>> Just looking through the code, it looks like you can change Provider.Service.newInstance() to call the appropriate constructor depending on whether the constructorParameter is null or not. Can you try that?
>
> Good. I'll try.
I first made this change
- addEngine("SecureRandom", false, null);
+ addEngine("SecureRandom", false,
+ "java.security.SecureRandomParameters");
and then update this method
private static Object newInstanceUtil(final Class<?> clazz,
final Class<?> ctrParamClz, final Object ctorParamObj)
throws Exception {
if (ctrParamClz == null) {
Constructor<?> con = clazz.getConstructor();
return con.newInstance();
} else {
- Constructor<?> con = clazz.getConstructor(ctrParamClz);
- return con.newInstance(ctorParamObj);
+ try {
+ Constructor<?> con = clazz.getConstructor(ctrParamClz);
+ return con.newInstance(ctorParamObj);
+ } catch (NoSuchMethodException nsme) {
+ if (ctorParamObj == null) {
+ Constructor<?> con = clazz.getConstructor();
+ return con.newInstance();
+ } else {
+ throw nsme;
+ }
+ }
}
}
For an existing implementation without <init>(SecureRandomParameters), <init>() will be called instead.
Thanks
Max
More information about the security-dev
mailing list