DATAKV-136 - Choose SecureRandom algorithm based on operating system and availability.

christophstrobl · mp911de · commit 66534d2ae0b3 · 2016-06-13T13:19:50.000+02:00
We now distinguish between operating systems when choosing a SecureRandom algorithm. Additionally we check the availability of the implementations and choose the first one available. Original pull request: #21.
diff --git a/src/main/java/org/springframework/data/keyvalue/core/DefaultIdentifierGenerator.java b/src/main/java/org/springframework/data/keyvalue/core/DefaultIdentifierGenerator.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014 the original author or authors.
+ * Copyright 2014-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,11 +17,15 @@
 
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.List;
 import java.util.UUID;
+import java.util.concurrent.atomic.AtomicReference;
 
 import org.springframework.dao.InvalidDataAccessApiUsageException;
 import org.springframework.data.util.TypeInformation;
 import org.springframework.util.ClassUtils;
+import org.springframework.util.StringUtils;
 
 /**
  * Default implementation of {@link IdentifierGenerator} to generate identifiers of types {@link UUID}, String,
@@ -33,7 +37,7 @@ enum DefaultIdentifierGenerator implements IdentifierGenerator {
 
 	INSTANCE;
 
-	private static final String ALGORITHM = "NativePRNGBlocking";
+	private final AtomicReference<SecureRandom> secureRandom = new AtomicReference<SecureRandom>(null);
 
 	/*
 	 * (non-Javadoc)
@@ -50,22 +54,55 @@ public <T> T generateIdentifierOfType(TypeInformation<T> identifierType) {
 		} else if (ClassUtils.isAssignable(String.class, type)) {
 			return (T) UUID.randomUUID().toString();
 		} else if (ClassUtils.isAssignable(Integer.class, type)) {
+			return (T) Integer.valueOf(getSecureRandom().nextInt());
+		} else if (ClassUtils.isAssignable(Long.class, type)) {
+			return (T) Long.valueOf(getSecureRandom().nextLong());
+		}
 
-			try {
-				return (T) SecureRandom.getInstance(ALGORITHM);
-			} catch (NoSuchAlgorithmException e) {
-				throw new InvalidDataAccessApiUsageException("Could not create SecureRandom instance.", e);
-			}
+		throw new InvalidDataAccessApiUsageException("Non gereratable id type....");
+	}
 
-		} else if (ClassUtils.isAssignable(Long.class, type)) {
+	private SecureRandom getSecureRandom() {
 
+		SecureRandom secureRandom = this.secureRandom.get();
+		if (secureRandom != null) {
+			return secureRandom;
+		}
+
+		for (String algorithm : OsTools.secureRandomAlgorithmNames()) {
 			try {
-				return (T) Long.valueOf(SecureRandom.getInstance(ALGORITHM).nextLong());
+				secureRandom = SecureRandom.getInstance(algorithm);
 			} catch (NoSuchAlgorithmException e) {
-				throw new InvalidDataAccessApiUsageException("Could not create SecureRandom instance.", e);
+				// ignore and try next.
 			}
 		}
 
-		throw new InvalidDataAccessApiUsageException("Non gereratable id type....");
+		if (secureRandom == null) {
+			throw new InvalidDataAccessApiUsageException(
+					String.format("Could not create SecureRandom instance for one of the algorithms '%s'.",
+							StringUtils.collectionToCommaDelimitedString(OsTools.secureRandomAlgorithmNames())));
+		}
+
+		this.secureRandom.compareAndSet(null, secureRandom);
+
+		return secureRandom;
+	}
+
+	/**
+	 * @author Christoph Strobl
+	 * @since 1.1.2
+	 */
+	private static class OsTools {
+
+		private static final String OPERATING_SYSTEM_NAME = System.getProperty("os.name").toLowerCase();
+
+		private static final List<String> SECURE_RANDOM_ALGORITHMS_LINUX_OSX_SOLARIS = Arrays.asList("NativePRNGBlocking",
+				"NativePRNGNonBlocking", "NativePRNG", "SHA1PRNG");
+		private static final List<String> SECURE_RANDOM_ALGORITHMS_WINDOWS = Arrays.asList("SHA1PRNG", "Windows-PRNG");
+
+		static List<String> secureRandomAlgorithmNames() {
+			return OPERATING_SYSTEM_NAME.indexOf("win") >= 0 ? SECURE_RANDOM_ALGORITHMS_WINDOWS
+					: SECURE_RANDOM_ALGORITHMS_LINUX_OSX_SOLARIS;
+		}
 	}
 }
diff --git a/src/test/java/org/springframework/data/keyvalue/core/DefaultIdentifierGeneratorUnitTests.java b/src/test/java/org/springframework/data/keyvalue/core/DefaultIdentifierGeneratorUnitTests.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.data.keyvalue.core;
+
+import static org.hamcrest.core.Is.*;
+import static org.hamcrest.core.IsInstanceOf.*;
+import static org.hamcrest.core.IsNull.*;
+import static org.junit.Assert.*;
+
+import java.util.Date;
+import java.util.UUID;
+
+import org.junit.Test;
+import org.springframework.dao.InvalidDataAccessApiUsageException;
+import org.springframework.data.util.ClassTypeInformation;
+
+/**
+ * @author Christoph Strobl
+ */
+public class DefaultIdentifierGeneratorUnitTests {
+
+	DefaultIdentifierGenerator generator = DefaultIdentifierGenerator.INSTANCE;
+
+	/**
+	 * @DATAKV-136
+	 */
+	@Test(expected = InvalidDataAccessApiUsageException.class)
+	public void shouldThrowExceptionForUnsupportedType() {
+		generator.generateIdentifierOfType(ClassTypeInformation.from(Date.class));
+	}
+
+	/**
+	 * @DATAKV-136
+	 */
+	@Test
+	public void shouldGenerateUUIDValueCorrectly() {
+
+		Object value = generator.generateIdentifierOfType(ClassTypeInformation.from(UUID.class));
+
+		assertThat(value, is(notNullValue()));
+		assertThat(value, instanceOf(UUID.class));
+	}
+
+	/**
+	 * @DATAKV-136
+	 */
+	@Test
+	public void shouldGenerateStringValueCorrectly() {
+
+		Object value = generator.generateIdentifierOfType(ClassTypeInformation.from(String.class));
+
+		assertThat(value, is(notNullValue()));
+		assertThat(value, instanceOf(String.class));
+	}
+
+	/**
+	 * @DATAKV-136
+	 */
+	@Test
+	public void shouldGenerateLongValueCorrectly() {
+
+		Object value = generator.generateIdentifierOfType(ClassTypeInformation.from(Long.class));
+
+		assertThat(value, is(notNullValue()));
+		assertThat(value, instanceOf(Long.class));
+	}
+
+	/**
+	 * @DATAKV-136
+	 */
+	@Test
+	public void shouldGenerateIntValueCorrectly() {
+
+		Object value = generator.generateIdentifierOfType(ClassTypeInformation.from(Integer.class));
+
+		assertThat(value, is(notNullValue()));
+		assertThat(value, instanceOf(Integer.class));
+	}
+}
