Design review: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Sat Nov 21 14:40:13 UTC 2015


> On Nov 20, 2015, at 8:23 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
> 
>>> 2. For each of these, if you have getInstance(alg, params), there is no getInstance(alg). Obviously, for SecureRandom we need to have both.
>> 
>> Right, this is the first case where we have both variants of getInstance.
>> 
>> Just looking through the code, it looks like you can change Provider.Service.newInstance() to call the appropriate constructor depending on whether the constructorParameter is null or not. Can you try that?
> 
> Good. I'll try.

I first made this change

-        addEngine("SecureRandom",                       false, null);
+        addEngine("SecureRandom",                       false,
+                            "java.security.SecureRandomParameters");

and then update this method

     private static Object newInstanceUtil(final Class<?> clazz,
         final Class<?> ctrParamClz, final Object ctorParamObj)
         throws Exception {
         if (ctrParamClz == null) {
             Constructor<?> con = clazz.getConstructor();
             return con.newInstance();
         } else {
-            Constructor<?> con = clazz.getConstructor(ctrParamClz);
-            return con.newInstance(ctorParamObj);
+            try {
+                Constructor<?> con = clazz.getConstructor(ctrParamClz);
+                return con.newInstance(ctorParamObj);
+            } catch (NoSuchMethodException nsme) {
+                if (ctorParamObj == null) {
+                    Constructor<?> con = clazz.getConstructor();
+                    return con.newInstance();
+                } else {
+                    throw nsme;
+                }
+            }
         }
     }

For an existing implementation without <init>(SecureRandomParameters), <init>() will be called instead.

Thanks
Max




More information about the security-dev mailing list