Initializing SECURE_RANDOM at the runtime

[javaduke]

I don't really know if this is a right thing to do but it resolves the problem described here #485 and apache/camel-quarkus#3966

[shumonsharif]

Hi @javaduke Thanks for the PR! This looks perfectly acceptable to me. The intent with the original code was to switch the SECURE_RANDOM initialization by moving it from the static initializer block into the XMLSecurityConstants constructor. Your PR moves it down to the generateBytes method, which should also be fine.

When do you need this to be released?

[javaduke]

Awesome, thank you very much!!! It would be nice to release it soon, but I guess we can wait a few days, let me ask when is the next Camel Quarkus release is planned and I'll let you know.

[ppalaga]

Thanks @javaduke! It's 7 days to 2.12.0.CR1 https://github.com/quarkusio/quarkus/wiki/Release-Planning#212-proposal

[ppalaga]

I'd like to check whether we could avoid the substitutions in quarkus-cxf somehow. Substitutions tend to be fragile and hard to maintain in the long term.

[shumonsharif]

I'd like to check whether we could avoid the substitutions in quarkus-cxf somehow. Substitutions tend to be fragile and hard to maintain in the long term.

I completely agree that we should avoid substitutions if at all possible, but this was the only solution I could come up with, given XMLSecurityConstants initializes SECURE_RANDOM in it's static initializer block.
https://github.com/apache/santuario-xml-security-java/blob/2.3.x-fixes/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityConstants.java#L51

Open to suggestions though, in case there may be a better way to handle this. I will drop a release tomorrow, but let me know in case I should hold off.

[ppalaga]

Hold off please. I am working on some changes.