ppalaga commented on code in PR #218:
URL:
https://github.com/apache/santuario-xml-security-java/pull/218#discussion_r1348940859
##########
src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java:
##########
@@ -73,17 +74,34 @@ protected XMLSecurityConstants() {
}
/**
- * Generate bytes of the given length using the supplied algorithm in
RANDOM_ALGORITHM_KEY or,
- * if not specified, use SecureRandom instance from default constructor.
The SecureRandom
+ * Generate bytes of the given length using the algorithm supplied in
{@value #RANDOM_ALGORITHM_KEY} or,
+ * if not specified, use a {@code SecureRandom} instance from default
constructor. The {@code SecureRandom}
* instance that backs this method is cached for efficiency.
*
- * @return a byte array of the given length
+ * @return a new byte array of the given length
* @throws XMLSecurityException
*/
public static byte[] generateBytes(int length) throws XMLSecurityException
{
+
+ SecureRandom rnd = SECURE_RANDOM;
+ if (rnd == null) {
+ synchronized (SECURE_RANDOM_LOCK) {
+ rnd = SECURE_RANDOM;
+ if (rnd == null) {
+ try {
+ String prngAlgorithm =
System.getProperty("org.apache.xml.security.securerandom.algorithm");
Review Comment:
> Couldn't we keep the System.getProperty as a static variable read at
initialization?
If we do it, then users of Quarkus native mode would only be able to choose
the algorithm at build time. Any change would require a rebuild of the
application. I am not sure that would be a good idea.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
