From 4ef35171a40eb0db9fde4eaf0c444c9a0baa331f Mon Sep 17 00:00:00 2001 From: Takahiro Nagao <32282211+tnagao7@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:14:03 +0900 Subject: [PATCH] Fix #2075 Slow startup because of low entropy for PRNG (#2318) * Fix hang-up due to blocking PRNG returned by SecureRandom.getInstanceStrong() Fixes #2075 Signed-off-by: Takahiro Nagao --- .../persistence/config/SystemProperties.java | 13 +++++++++++++ .../internal/security/JCEEncryptor.java | 17 +++++++++++++---- .../security/PrivilegedAccessHelper.java | 2 ++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java index 3db1f43a980..b6c5f2f3db1 100644 --- a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java +++ b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1998, 2024 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2024 Contributors to the Eclipse Foundation. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0 which is available at @@ -271,6 +272,18 @@ public final class SystemProperties { */ public static final String ASM_SERVICE = "eclipselink.asm.service"; + /** + *

+ * This property control the random number generator (RNG) used for password encryption. + *

+ * Allowed Values (case sensitive String): + *

+ */ + public static final String SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR = "eclipselink.security.encryptor.use.strong.random.number.generator"; + private SystemProperties() { // no instance please } diff --git a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java index a9aaac65a2c..81466cd6f3c 100644 --- a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java +++ b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1998, 2024 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2024 Contributors to the Eclipse Foundation. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0 which is available at @@ -14,6 +15,7 @@ // Oracle - initial API and implementation from Oracle TopLink package org.eclipse.persistence.internal.security; +import org.eclipse.persistence.config.SystemProperties; import org.eclipse.persistence.exceptions.ConversionException; import org.eclipse.persistence.exceptions.ValidationException; import org.eclipse.persistence.internal.helper.Helper; @@ -125,10 +127,17 @@ private static SecretKey getAESGCMMultitasker() throws Exception { private static byte[] getIvGCM() { byte[] ivGCM = new byte[IV_GCM_LENGTH]; SecureRandom random = null; - try { - random = SecureRandom.getInstanceStrong(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); + String useStrongRNG = PrivilegedAccessHelper.getSystemProperty(SystemProperties.SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR); + if (useStrongRNG == null || useStrongRNG.equalsIgnoreCase("false")) { + random = new SecureRandom(); + } else if (useStrongRNG.equalsIgnoreCase("true")) { + try { + random = SecureRandom.getInstanceStrong(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } else { + throw ValidationException.invalidBooleanValueForProperty(useStrongRNG, SystemProperties.SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR); } random.nextBytes(ivGCM); return ivGCM; diff --git a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java index bfa0213eebb..59edd0d08ac 100644 --- a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java +++ b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1998, 2024 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2024 Contributors to the Eclipse Foundation. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0 which is available at @@ -73,6 +74,7 @@ public class PrivilegedAccessHelper { SystemProperties.CONCURRENCY_MANAGER_ACQUIRE_WAIT_TIME, SystemProperties.CONCURRENCY_MANAGER_BUILD_OBJECT_COMPLETE_WAIT_TIME, SystemProperties.CONCURRENCY_MANAGER_MAX_SLEEP_TIME, SystemProperties.CONCURRENCY_MANAGER_MAX_FREQUENCY_DUMP_TINY_MESSAGE, SystemProperties.CONCURRENCY_MANAGER_MAX_FREQUENCY_DUMP_MASSIVE_MESSAGE, SystemProperties.CONCURRENCY_MANAGER_ALLOW_INTERRUPTED_EXCEPTION, SystemProperties.CONCURRENCY_MANAGER_ALLOW_CONCURRENCY_EXCEPTION, SystemProperties.CONCURRENCY_MANAGER_ALLOW_STACK_TRACE_READ_LOCK, + SystemProperties.SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR, ServerPlatformBase.JMX_REGISTER_RUN_MBEAN_PROPERTY, ServerPlatformBase.JMX_REGISTER_DEV_MBEAN_PROPERTY, XMLPlatformFactory.XML_PLATFORM_PROPERTY}; private final static Set legalPropertiesSet = Set.of(legalProperties);