diff --git a/nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/Cluster.java b/nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/Cluster.java index a5e9688171a..5df22586071 100644 --- a/nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/Cluster.java +++ b/nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/Cluster.java @@ -37,7 +37,7 @@ * only if the new code is made subject to such option by the copyright * holder. */ -// Portions Copyright [2017-2021] [Payara Foundation and/or its affiliates] +// Portions Copyright [2017-2024] [Payara Foundation and/or its affiliates] package com.sun.enterprise.config.serverbeans; @@ -56,6 +56,7 @@ import org.glassfish.api.admin.config.PropertiesDesc; import org.glassfish.api.admin.config.PropertyDesc; import org.glassfish.api.admin.config.ReferenceContainer; +import org.glassfish.common.util.RandomUtils; import org.glassfish.config.support.CreationDecorator; import org.glassfish.config.support.DeletionDecorator; import org.glassfish.hk2.api.PerLookup; @@ -74,7 +75,6 @@ import jakarta.validation.constraints.Pattern; import java.beans.PropertyVetoException; import java.io.File; -import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; import java.util.logging.Level; @@ -723,7 +723,7 @@ public void decorate(AdminCommandContext context, final Cluster instance) throws // generate a random port since user did not provide one. // better fix in future would be to walk existing clusters and pick an unused port. - TCPPORT = Integer.toString(new SecureRandom().nextInt(9200 - 9090) + 9090); + TCPPORT = Integer.toString(RandomUtils.nextInt(9200 - 9090) + 9090); // hardcode all instances to use same default port. // generate mode does not support multiple instances on one machine. @@ -744,7 +744,7 @@ public void decorate(AdminCommandContext context, final Cluster instance) throws gmsListenerPortSysProp.setName(propName); if (TCPPORT == null || TCPPORT.trim().charAt(0) == '$') { String generateGmsListenerPort = Integer.toString( - new SecureRandom().nextInt(9200 - 9090) + 9090); + RandomUtils.nextInt(9200 - 9090) + 9090); gmsListenerPortSysProp.setValue(generateGmsListenerPort); } else { gmsListenerPortSysProp.setValue(TCPPORT); diff --git a/nucleus/cluster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/ImportSyncBundleCommand.java b/nucleus/cluster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/ImportSyncBundleCommand.java index 886609743a6..ccda26cadba 100644 --- a/nucleus/cluster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/ImportSyncBundleCommand.java +++ b/nucleus/cluster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/ImportSyncBundleCommand.java @@ -37,7 +37,7 @@ * only if the new code is made subject to such option by the copyright * holder. */ -// Portions Copyright [2017-2019] [Payara Foundation and/or its affiliates] +// Portions Copyright [2017-2024] [Payara Foundation and/or its affiliates] package com.sun.enterprise.admin.cli.cluster; @@ -55,14 +55,13 @@ import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamReader; - +import org.glassfish.common.util.RandomUtils; import org.jvnet.hk2.annotations.Service; import org.glassfish.api.Param; import org.glassfish.api.admin.*; import static com.sun.enterprise.admin.cli.CLIConstants.*; import com.sun.enterprise.util.io.FileUtils; import java.io.FileInputStream; -import java.security.SecureRandom; import org.glassfish.admin.payload.PayloadImpl; import org.glassfish.admin.payload.PayloadFilesManager.Perm; import org.glassfish.hk2.api.PerLookup; @@ -334,8 +333,7 @@ private void writeDasProperties() throws IOException { private void backupInstanceDir() { File f = getServerDirs().getServerDir(); if (f != null && f.isDirectory()) { - SecureRandom r = new SecureRandom(); - setBackupDir(r.nextInt()); + setBackupDir(RandomUtils.nextInt()); File backup = getBackupDir(); if (!f.renameTo(backup)) { logger.warning(Strings.get("import.sync.bundle.backupInstanceDirFailed", f.getAbsolutePath(), backup.getAbsolutePath())); diff --git a/nucleus/common/common-util/src/main/java/com/sun/enterprise/universal/security/SecurityUtils.java b/nucleus/common/common-util/src/main/java/com/sun/enterprise/universal/security/SecurityUtils.java index 3bae3d14541..6bd281486d8 100644 --- a/nucleus/common/common-util/src/main/java/com/sun/enterprise/universal/security/SecurityUtils.java +++ b/nucleus/common/common-util/src/main/java/com/sun/enterprise/universal/security/SecurityUtils.java @@ -48,9 +48,9 @@ * @author Byron Nevins */ public final class SecurityUtils { + private static SecureRandom random = new SecureRandom(); public static String getSecureRandomHexString(int numBytes) { - SecureRandom random = new SecureRandom(); byte[] bb = new byte[numBytes]; random.nextBytes(bb); return toHexString(bb); diff --git a/nucleus/common/common-util/src/main/java/org/glassfish/common/util/RandomUtils.java b/nucleus/common/common-util/src/main/java/org/glassfish/common/util/RandomUtils.java new file mode 100644 index 00000000000..3b20e9139d4 --- /dev/null +++ b/nucleus/common/common-util/src/main/java/org/glassfish/common/util/RandomUtils.java @@ -0,0 +1,59 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2024 Payara Foundation and/or its affiliates. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can + * obtain a copy of the License at + * https://github.com/payara/Payara/blob/main/LICENSE.txt + * See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/legal/LICENSE.txt. + * + * GPL Classpath Exception: + * The Payara Foundation designates this particular file as subject to the "Classpath" + * exception as provided by the Payara Foundation in the GPL Version 2 section of the License + * file that accompanied this code. + * + * Modifications: + * If applicable, add the following below the License Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyright [year] [name of copyright owner]" + * + * Contributor(s): + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package org.glassfish.common.util; + +import java.security.SecureRandom; + +/** + * Centralize usage of random number generator. + * + * @author: Petr Aubrecht + */ +public class RandomUtils { + private static final SecureRandom random = new SecureRandom(); + + public static int nextInt() { + return random.nextInt(); + } + + public static int nextInt(int bound) { + return random.nextInt(bound); + } +}