Use non-blocking Secure Random. (#16564)

Use the version of secure random that does not block if there is not enough entropy. See https://tersesystems.com/blog/2015/12/17/the-right-way-to-use-securerandom/. Instead of using .getInstanceStrong(), use the default constructor.
airbytehq · Sep 10, 2022 · 315ecae · 315ecae
1 parent 2686899
commit 315ecae
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/airbyte-db/db-lib/src/main/java/io/airbyte/db/util/SSLCertificateUtils.java b/airbyte-db/db-lib/src/main/java/io/airbyte/db/util/SSLCertificateUtils.java
@@ -26,6 +26,7 @@
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Objects;
+import java.util.Random;
 import java.util.concurrent.TimeUnit;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,6 +40,7 @@ public class SSLCertificateUtils {
   private static final Logger LOGGER = LoggerFactory.getLogger(SSLCertificateUtils.class);
   private static final String PKCS_12 = "PKCS12";
   private static final String X509 = "X.509";
+  private static final Random RANDOM = new SecureRandom();
   public static final String KEYSTORE_ENTRY_PREFIX = "ab_";
   public static final String KEYSTORE_FILE_NAME = KEYSTORE_ENTRY_PREFIX + "keystore_";
   public static final String KEYSTORE_FILE_TYPE = ".p12";
@@ -47,7 +49,7 @@ private static URI saveKeyStoreToFile(final KeyStore keyStore, final String keyS
       throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
     final FileSystem fs = Objects.requireNonNullElse(filesystem, FileSystems.getDefault());
     final Path pathToStore = fs.getPath(Objects.toString(directory, ""));
-    final Path pathToFile = pathToStore.resolve(KEYSTORE_FILE_NAME + SecureRandom.getInstanceStrong().nextInt() + KEYSTORE_FILE_TYPE);
+    final Path pathToFile = pathToStore.resolve(KEYSTORE_FILE_NAME + RANDOM.nextInt() + KEYSTORE_FILE_TYPE);
     final OutputStream os = Files.newOutputStream(pathToFile);
     keyStore.store(os, keyStorePassword.toCharArray());
     assert (Files.exists(pathToFile) == true);

diff --git a/...rations/bases/base-java/src/test/java/io/airbyte/integrations/base/ssh/SshTunnelTest.java b/...rations/bases/base-java/src/test/java/io/airbyte/integrations/base/ssh/SshTunnelTest.java
@@ -24,6 +24,7 @@
 import org.junit.jupiter.params.provider.ValueSource;
 
 class SshTunnelTest {
+
   private static final String SSH_ED25519_PRIVATE_KEY = "-----BEGIN OPENSSH PRIVATE KEY-----\\n"
       + "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\\n"
       + "QyNTUxOQAAACDbBP+5jmEtjh1JvhzVQsvvTC2IQrX6P68XzrV7ZbnGsQAAAKBgtw9/YLcP\\n"