z-kovacs commented on code in PR #20542:
URL: https://github.com/apache/pulsar/pull/20542#discussion_r1254139528
##########
pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java:
##########
@@ -106,28 +80,64 @@ public class MessageCryptoBc implements
MessageCrypto<MessageMetadata, MessageMe
private static final SecureRandom secureRandom;
+
+ private static final String providerName;
+ private static BcVersionSpecificCryptoUtility
bcVersionSpecificCryptoUtilityDelegate;
+
static {
- SecureRandom rand = null;
- try {
- rand = SecureRandom.getInstance("NativePRNGNonBlocking");
- } catch (NoSuchAlgorithmException nsa) {
- rand = new SecureRandom();
- }
- secureRandom = rand;
+ providerName = SecurityUtility.getProvider().getName();
+
+ switch (providerName) {
+ case SecurityUtility.BC:
+ SecureRandom rand = null;
+ try {
+ rand = SecureRandom.getInstance("NativePRNGNonBlocking",
providerName);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException
nsa) {
+ rand = new SecureRandom();
+ }
+ secureRandom = rand;
+ break;
+ case SecurityUtility.BC_FIPS:
+ try {
+ secureRandom = SecureRandom.getInstance("NONCEANDIV",
providerName);
+ } catch (NoSuchAlgorithmException | NoSuchProviderException
nsa) {
+ throw new RuntimeException(
+ "In BC FIPS mode, we expect the specific Random
generators to be available!");
+ }
+ break;
Review Comment:
@nodece - I was thinking and this PR is more about fixing a feature what
should be there, not sure if it warrants a PIP, and I can just move the new
module`bouncy-castle-common` 's content into `pulsar-common` and thus no new
module will be required
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
