[refactor] SecureRandom retrieval (from JRuby)

kares · kares · commit 478aee9c939b · 2022-02-03T19:02:55.000+01:00
diff --git a/src/main/java/org/jruby/ext/openssl/OpenSSL.java b/src/main/java/org/jruby/ext/openssl/OpenSSL.java
@@ -315,7 +315,6 @@ static SecureRandom getSecureRandom(final Ruby runtime) {
         return getSecureRandom(runtime, false);
     }
 
-
     static SecureRandom getSecureRandom(final Ruby runtime, final boolean nullByDefault) {
         if ( tryContextSecureRandom ) {
             SecureRandom random = getSecureRandomFrom(runtime.getCurrentContext());
@@ -324,19 +323,21 @@ static SecureRandom getSecureRandom(final Ruby runtime, final boolean nullByDefa
         return nullByDefault ? null : new SecureRandom();
     }
 
-    static SecureRandom getSecureRandomFrom(final ThreadContext context) {
+    static SecureRandom getSecureRandom(final ThreadContext context) {
         if ( tryContextSecureRandom ) {
-            try {
-                SecureRandom random = context.secureRandom;
-                if (random == null) { // public SecureRandom getSecureRandom() on 9K
-                    random = (SecureRandom) context.getClass().getMethod("getSecureRandom").invoke(context);
-                }
-                return random;
-            }
-            catch (Throwable ex) {
-                tryContextSecureRandom = false;
-                debug(context.runtime, "JRuby-OpenSSL failed to retrieve secure random from thread-context", ex);
-            }
+            SecureRandom random = getSecureRandomFrom(context);
+            if ( random != null ) return random;
+        }
+        return new SecureRandom();
+    }
+
+    private static SecureRandom getSecureRandomFrom(final ThreadContext context) {
+        try {
+            return context.getSecureRandom();
+        }
+        catch (Throwable ex) {
+            tryContextSecureRandom = false;
+            debug(context.runtime, "JRuby-OpenSSL failed to retrieve secure random from thread-context", ex);
         }
         return null;
     }
diff --git a/src/main/java/org/jruby/ext/openssl/SSLContext.java b/src/main/java/org/jruby/ext/openssl/SSLContext.java
@@ -534,7 +534,7 @@ private RubyArray matchedCiphersWithCache(final ThreadContext context) {
     private RubyArray matchedCiphers(final ThreadContext context) {
         final Ruby runtime = context.runtime;
         try {
-            final String[] supported = getSupportedCipherSuites(runtime, protocol);
+            final String[] supported = getSupportedCipherSuites(context, protocol);
             final Collection<CipherStrings.Def> cipherDefs =
                     CipherStrings.matchingCiphers(this.ciphers, supported, false);
 
@@ -751,14 +751,14 @@ private void setApplicationProtocols(final SSLEngine engine) {
         }
     }
 
-    private static String[] getSupportedCipherSuites(Ruby runtime, final String protocol)
+    private static String[] getSupportedCipherSuites(ThreadContext context, final String protocol)
         throws GeneralSecurityException {
-        return dummySSLEngine(runtime, protocol).getSupportedCipherSuites();
+        return dummySSLEngine(context, protocol).getSupportedCipherSuites();
     }
 
-    private static SSLEngine dummySSLEngine(Ruby runtime, final String protocol) throws GeneralSecurityException {
+    private static SSLEngine dummySSLEngine(ThreadContext context, final String protocol) throws GeneralSecurityException {
         javax.net.ssl.SSLContext sslContext = SecurityHelper.getSSLContext(protocol);
-        sslContext.init(null, null, OpenSSL.getSecureRandom(runtime));
+        sslContext.init(null, null, OpenSSL.getSecureRandom(context));
         return sslContext.createSSLEngine();
     }
 
@@ -1017,7 +1017,7 @@ void initSSLContext(final ThreadContext context) throws KeyManagementException {
             // SSLContext (internals) on Sun JDK :
             // private final java.security.Provider provider; "SunJSSE"
             // private final javax.net.ssl.SSLContextSpi; sun.security.ssl.SSLContextImpl
-            sslContext.init(keyManager, trustManager, OpenSSL.getSecureRandomFrom(context));
+            sslContext.init(keyManager, trustManager, OpenSSL.getSecureRandom(context));
             // if secureRandom == null JSSE will try :
             // - new SecureRandom();
             // - SecureRandom.getInstance("PKCS11", cryptoProvider);
diff --git a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
@@ -334,7 +334,7 @@ public static SecureRandom getSecureRandom() {
             }
         }
         catch (NoSuchAlgorithmException e) { }
-        return new SecureRandom(); // likely "SHA1PRNG" from SPI sun.security.provider.SecureRandom
+        return new SecureRandom();
     }
 
     private static SecureRandom getSecureRandom(final String algorithm, final Provider provider)

Original file line number	Diff line number	Diff line change
`@@ -334,7 +334,7 @@ public static SecureRandom getSecureRandom() {`
`334`	`334`	`}`
`335`	`335`	`}`
`336`	`336`	`catch (NoSuchAlgorithmException e) { }`
`337`		`- return new SecureRandom(); // likely "SHA1PRNG" from SPI sun.security.provider.SecureRandom`
	`337`	`+ return new SecureRandom();`
`338`	`338`	`}`
`339`	`339`
`340`	`340`	`private static SecureRandom getSecureRandom(final String algorithm, final Provider provider)`