-
Notifications
You must be signed in to change notification settings - Fork 1.6k
use SecureRandom for digest auth cnonce #2220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,9 +24,9 @@ | |
|
|
||
| import java.nio.charset.Charset; | ||
| import java.security.MessageDigest; | ||
| import java.security.SecureRandom; | ||
| import java.util.Arrays; | ||
| import java.util.Map; | ||
| import java.util.concurrent.ThreadLocalRandom; | ||
|
|
||
| import static java.nio.charset.StandardCharsets.ISO_8859_1; | ||
| import static java.nio.charset.StandardCharsets.UTF_8; | ||
|
|
@@ -283,6 +283,9 @@ public enum AuthScheme { | |
| */ | ||
| public static class Builder { | ||
|
|
||
| // cnonce must be unpredictable (RFC 7616 section 3.3), like the NTLM and SCRAM nonces | ||
| private static final SecureRandom CNONCE_RANDOM = new SecureRandom(); | ||
|
|
||
| private final @Nullable String principal; | ||
| private final @Nullable String password; | ||
| private @Nullable AuthScheme scheme; | ||
|
|
@@ -610,7 +613,7 @@ public Builder parseProxyAuthenticateHeader(String headerLine) { | |
|
|
||
| private void newCnonce(MessageDigest md) { | ||
| byte[] b = new byte[8]; | ||
| ThreadLocalRandom.current().nextBytes(b); | ||
| CNONCE_RANDOM.nextBytes(b); | ||
| byte[] full = md.digest(b); | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the private void newCnonce() {
byte[] b = new byte[8];
CNONCE_RANDOM.get().nextBytes(b);
cnonce = toHexString(b);
}Same 16-hex-char cnonce. This is safe because |
||
| // trim to first 8 bytes → 16 hex chars | ||
| byte[] small = Arrays.copyOf(full, Math.min(8, full.length)); | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't share one static SecureRandom; use a ThreadLocal. newCnonce runs on Netty event-loop threads (digest header build + 401/407 interceptors), and
SecureRandom#nextByteslocks internally, so a single shared instance makes all event loops queue on one lock. ThreadLocalRandom had no such lock. ScramEngine already handles this the right way:and in newCnonce: