From b31cd21b7bae33e5585294900936fa51d2c5105b Mon Sep 17 00:00:00 2001 From: Mridul Muralidharan Date: Mon, 27 Mar 2023 14:22:55 -0400 Subject: [PATCH] SPARK-42922: Move from Random to SecureRandom --- .../java/org/apache/hive/service/auth/HttpAuthUtils.java | 5 +++-- .../apache/hive/service/cli/thrift/ThriftHttpServlet.java | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HttpAuthUtils.java b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HttpAuthUtils.java index 4183cba0c685a..08a8258db06f2 100644 --- a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HttpAuthUtils.java +++ b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/HttpAuthUtils.java @@ -20,11 +20,11 @@ import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedExceptionAction; +import java.security.SecureRandom; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Map; -import java.util.Random; import java.util.Set; import java.util.StringTokenizer; @@ -57,6 +57,7 @@ public final class HttpAuthUtils { private static final String COOKIE_KEY_VALUE_SEPARATOR = "="; private static final Set COOKIE_ATTRIBUTES = new HashSet(Arrays.asList(COOKIE_CLIENT_USER_NAME, COOKIE_CLIENT_RAND_NUMBER)); + private static final SecureRandom random = new SecureRandom(); /** * @return Stringified Base64 encoded kerberosAuthHeader on success @@ -95,7 +96,7 @@ public static String createCookieToken(String clientUserName) { sb.append(COOKIE_CLIENT_USER_NAME).append(COOKIE_KEY_VALUE_SEPARATOR).append(clientUserName) .append(COOKIE_ATTR_SEPARATOR); sb.append(COOKIE_CLIENT_RAND_NUMBER).append(COOKIE_KEY_VALUE_SEPARATOR) - .append((new Random(System.currentTimeMillis())).nextLong()); + .append(random.nextLong()); return sb.toString(); } diff --git a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java index f0f5cdcd38fbc..712b1d49eacbf 100644 --- a/sql/hive-thriftserver/src/main/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java +++ b/sql/hive-thriftserver/src/main/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java @@ -20,8 +20,8 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.PrivilegedExceptionAction; +import java.security.SecureRandom; import java.util.Map; -import java.util.Random; import java.util.Set; import java.util.concurrent.TimeUnit; @@ -76,7 +76,7 @@ public class ThriftHttpServlet extends TServlet { // Class members for cookie based authentication. private CookieSigner signer; public static final String AUTH_COOKIE = "hive.server2.auth"; - private static final Random RAN = new Random(); + private static final SecureRandom RAN = new SecureRandom(); private boolean isCookieAuthEnabled; private String cookieDomain; private String cookiePath;