[GitHub] [pulsar] z-kovacs commented on a diff in pull request #20542: [improve][broker, client] Fixing BC FIPS based payload encryption

[via GitHub]

z-kovacs commented on code in PR #20542:
URL: https://github.com/apache/pulsar/pull/20542#discussion_r1229313987


##########
pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java:
##########
@@ -106,28 +80,64 @@ public class MessageCryptoBc implements 
MessageCrypto<MessageMetadata, MessageMe
 
 
     private static final SecureRandom secureRandom;
+
+    private static final String providerName;
+    private static BcVersionSpecificCryptoUtility 
bcVersionSpecificCryptoUtilityDelegate;
+
     static {
-        SecureRandom rand = null;
-        try {
-            rand = SecureRandom.getInstance("NativePRNGNonBlocking");
-        } catch (NoSuchAlgorithmException nsa) {
-            rand = new SecureRandom();
-        }
 
-        secureRandom = rand;
+        providerName = SecurityUtility.getProvider().getName();
+
+        switch (providerName) {
+            case SecurityUtility.BC:
+                SecureRandom rand = null;
+                try {
+                    rand = SecureRandom.getInstance("NativePRNGNonBlocking", 
providerName);
+                } catch (NoSuchAlgorithmException | NoSuchProviderException 
nsa) {
+                    rand = new SecureRandom();
+                }
+                secureRandom = rand;
+                break;
+            case SecurityUtility.BC_FIPS:
+                try {
+                    secureRandom = SecureRandom.getInstance("NONCEANDIV", 
providerName);
+                } catch (NoSuchAlgorithmException | NoSuchProviderException 
nsa) {
+                    throw new RuntimeException(
+                            "In BC FIPS mode, we expect the specific Random 
generators to be available!");
+                }
+                break;

Review Comment:
   do we have somebody BC expert we can ask to opine? Would be interesting to 
know if that is possible that `NONCEANDIV` is not available in BC FIPS, and if 
so is `DEFAULT` a good fallback (i.e. would not be a good chance that that 
would not be available either).
   
   btw I think your approach absolutely makes sense regarding the choice of 
securerandoms and I believe that is what I implemented in spirit: for IV 
generation we use `NONCEANDIV` - as in the doc and the name suggests it's for 
IV and Nonce generation, and DEFAULT for everything else (AES key generation)
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org