RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations
Xuelei Fan
xuelei.fan at oracle.com
Fri Apr 22 05:15:58 UTC 2016
On 4/21/2016 11:10 PM, Wang Weijun wrote:
>
>> On Apr 21, 2016, at 9:44 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>>>> public MyCertStore extends CertStoreSpi {
>>>>
>>>> public MyCertStore() {
>>>> // whatever
>>>> // ;-) Don't ask me why this construct is necessary.
>>>> }
>>>>
>>>> public MyCertStore(XXX params) {
>>>> // throws NoSuchMethodException
>>>> // ;-) Don't ask me why throw this exception.
>>>> }
>>>> }
>>>>
>>>> newInstanceUtil(MyCertStore, ...)
>>>>
>>>> The MyCertStore() would get called, unexpectly. Am I missing something?
>>>
>>> Probably not, unless you call getInstance(arg, null). I am not sure this null will trigger some other exception along the way.
>>>
>>> OK, I admit there is a side effect here: If you design getInstance(alg,params) but params is always null, then you can only implement a constructor with no params.
>>>
>>> This is stupid and useless, but not really harmful.
>>>
>> Can you explain more here?
>
> The code change looks like this
>
> private static Object newInstanceUtil(final Class<?> clazz,
> final Class<?> ctrParamClz, final Object ctorParamObj)
> throws Exception {
> if (ctrParamClz == null) {
> Constructor<?> con = clazz.getConstructor();
> return con.newInstance();
> } else {
> - Constructor<?> con = clazz.getConstructor(ctrParamClz);
> - return con.newInstance(ctorParamObj);
> + try {
> + Constructor<?> con = clazz.getConstructor(ctrParamClz);
> + return con.newInstance(ctorParamObj);
> + } catch (NoSuchMethodException nsme) {
> + if (ctorParamObj == null) {
> + try {
> + Constructor<?> con = clazz.getConstructor();
> + return con.newInstance();
> + } catch (NoSuchMethodException nsme2) {
> + nsme.addSuppressed(nsme2);
> + throw nsme;
> + }
> + } else {
> + throw nsme;
> + }
> + }
> }
> }
>
> So in order for the arg-less constructor to be called, you will need
>
> 1. ctrParamClz != null, i.e. there is a getInstance(arg,params) API.
>
> 2. ctorParamObj == null, i.e. someone calls it with getInstance(arg) or getInstance(arg,null).
>
> 3. nsme caught, i.e. the implementation has not provided a constructor with args
>
> This matches the "otherwise" part of what I described in the @implSpec of SecureRandomSpi, which I don't suggest new implementation doing it, and is not what all non-SecureRandom implementations are doing now (they always have a constructor with args).
>
Got it.
Constructor-Fall-back is not common in general. I think this is only
apply to SecureRandom. No problem for known engines.
In the new update, there are a few description about SecureRandom, but
no control code related to SecureRandom explicitly. A reader like me
would have to ask a lot questions before I can understand the logic.
For safe, what do you think about adding a check to make sure it is for
SecureRandom only (instanceof, etc), or a note so that we don't forgot
to revise if thing get changed in the future?
A simple update may be:
- // For other primitives using params, ctorParamObj should not
+ // For other known primitives using params, ctorParamObj should not
// be null and nsme is thrown, just like before.
Thanks,
Xuelei
More information about the security-dev
mailing list