From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Tue, 27 Nov 2012 15:32:10 +0100
Subject: [PATCH] Improve randomness of PBECipher salt

See: https://bugzilla.redhat.com/show_bug.cgi?id=880279
---
 .../plexus/components/cipher/PBECipher.java        | 43 +++-------------------
 1 file changed, 5 insertions(+), 38 deletions(-)

diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
index ce6b173..c69e753 100644
--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
+++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
@@ -63,9 +63,8 @@ public class PBECipher
 
     protected MessageDigest _digester;
     
-    protected SecureRandom _secureRandom;
-    
-    protected boolean _onLinux = false;
+    private static final SecureRandom _secureRandom = new SecureRandom();
+
     //---------------------------------------------------------------
     public PBECipher()
     throws PlexusCipherException
@@ -73,21 +72,6 @@ public class PBECipher
         try
         {
             _digester = MessageDigest.getInstance( DIGEST_ALG );
-            
-            if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 )
-            {
-                _onLinux = true;
-            }
-            
-            if( _onLinux )
-            {
-                System.setProperty( "securerandom.source", "file:/dev/./urandom");
-            }
-            else
-            {
-                _secureRandom = new SecureRandom();
-            }
-            
         }
         catch ( NoSuchAlgorithmException e )
         {
@@ -96,21 +80,10 @@ public class PBECipher
     }
     //---------------------------------------------------------------
     private byte[] getSalt( final int sz )
-    throws NoSuchAlgorithmException, NoSuchProviderException
     {
-        byte [] res = null;
-        
-        if( _secureRandom != null )
-        {
-            _secureRandom.setSeed( System.currentTimeMillis() );
-            res = _secureRandom.generateSeed( sz );
-        }
-        else
-        {
-            res = new byte[ sz ];
-            Random r = new Random( System.currentTimeMillis() );
-            r.nextBytes( res );
-        }
+        byte[] res = new byte[ sz ];
+
+        _secureRandom.nextBytes( res );
 
         return res;
     }
@@ -124,12 +97,6 @@ public class PBECipher
     
             byte[] salt = getSalt( SALT_SIZE );
             
-            // spin it :)
-            if( _secureRandom != null )
-            {
-                new SecureRandom().nextBytes( salt );
-            }
-    
             Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE  );
     
             byte [] encryptedBytes = cipher.doFinal( clearBytes );
-- 
1.7.11.7