Skip to content

Commit 4f88e6b

Browse files
gnodetclaude
authored andcommitted
Inline SecureRandomHelper calls in SelfSignedCertificateGenerator
Remove the private static field and parameter threading — just call SecureRandomHelper.getSecureRandom() directly at each usage site. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 67bb235 commit 4f88e6b

1 file changed

Lines changed: 9 additions & 14 deletions

File tree

core/camel-main/src/main/java/org/apache/camel/main/SelfSignedCertificateGenerator.java

Lines changed: 9 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,6 @@
2323
import java.security.KeyStore;
2424
import java.security.PrivateKey;
2525
import java.security.PublicKey;
26-
import java.security.SecureRandom;
2726
import java.security.Signature;
2827
import java.security.cert.CertificateFactory;
2928
import java.security.cert.X509Certificate;
@@ -42,8 +41,6 @@
4241
*/
4342
final class SelfSignedCertificateGenerator {
4443

45-
private static final SecureRandom RANDOM = SecureRandomHelper.getSecureRandom();
46-
4744
private SelfSignedCertificateGenerator() {
4845
}
4946

@@ -80,17 +77,17 @@ static KeyStore generateKeyStore(String password, String keyType) throws Excepti
8077
KeyPairGenerator keyGen;
8178
if ("EC".equals(type)) {
8279
keyGen = KeyPairGenerator.getInstance("EC");
83-
keyGen.initialize(new ECGenParameterSpec("secp256r1"), RANDOM);
80+
keyGen.initialize(new ECGenParameterSpec("secp256r1"), SecureRandomHelper.getSecureRandom());
8481
} else if ("RSA".equals(type)) {
8582
keyGen = KeyPairGenerator.getInstance("RSA");
86-
keyGen.initialize(2048, RANDOM);
83+
keyGen.initialize(2048, SecureRandomHelper.getSecureRandom());
8784
} else {
8885
throw new IllegalArgumentException(
8986
"Unsupported self-signed certificate key type: " + keyType + " (supported: EC, RSA)");
9087
}
9188
KeyPair keyPair = keyGen.generateKeyPair();
9289

93-
X509Certificate cert = generateCertificate(keyPair, type, RANDOM);
90+
X509Certificate cert = generateCertificate(keyPair, type);
9491

9592
KeyStore ks = KeyStore.getInstance("PKCS12");
9693
ks.load(null, password.toCharArray());
@@ -100,7 +97,7 @@ static KeyStore generateKeyStore(String password, String keyType) throws Excepti
10097
return ks;
10198
}
10299

103-
private static X509Certificate generateCertificate(KeyPair keyPair, String keyType, SecureRandom random)
100+
private static X509Certificate generateCertificate(KeyPair keyPair, String keyType)
104101
throws Exception {
105102
PublicKey publicKey = keyPair.getPublic();
106103
PrivateKey privateKey = keyPair.getPrivate();
@@ -109,16 +106,15 @@ private static X509Certificate generateCertificate(KeyPair keyPair, String keyTy
109106
ZonedDateTime expiry = now.plusDays(365);
110107

111108
// Build self-signed X.509 certificate using DER encoding
112-
byte[] encoded = buildSelfSignedCertificateDer(publicKey, privateKey, keyType, now, expiry, random);
109+
byte[] encoded = buildSelfSignedCertificateDer(publicKey, privateKey, keyType, now, expiry);
113110

114111
CertificateFactory cf = CertificateFactory.getInstance("X.509");
115112
return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(encoded));
116113
}
117114

118115
private static byte[] buildSelfSignedCertificateDer(
119116
PublicKey publicKey, PrivateKey privateKey, String keyType,
120-
ZonedDateTime notBefore, ZonedDateTime notAfter,
121-
SecureRandom random)
117+
ZonedDateTime notBefore, ZonedDateTime notAfter)
122118
throws Exception {
123119

124120
boolean ec = "EC".equals(keyType);
@@ -130,7 +126,7 @@ private static byte[] buildSelfSignedCertificateDer(
130126

131127
// TBS Certificate
132128
byte[] tbsCertificate
133-
= buildTbsCertificate(publicKey, issuerDn, signatureAlgorithm, notBefore, notAfter, random);
129+
= buildTbsCertificate(publicKey, issuerDn, signatureAlgorithm, notBefore, notAfter);
134130

135131
// Sign the TBS certificate
136132
Signature sig = Signature.getInstance(signatureAlgorithmName);
@@ -146,15 +142,14 @@ private static byte[] buildSelfSignedCertificateDer(
146142

147143
private static byte[] buildTbsCertificate(
148144
PublicKey publicKey, byte[] dn, byte[] signatureAlgorithm,
149-
ZonedDateTime notBefore, ZonedDateTime notAfter,
150-
SecureRandom random) {
145+
ZonedDateTime notBefore, ZonedDateTime notAfter) {
151146

152147
// Version: v3 (2)
153148
byte[] version = wrapExplicitTag(0, wrapInteger(new byte[] { 2 }));
154149

155150
// Serial number
156151
byte[] serialBytes = new byte[16];
157-
random.nextBytes(serialBytes);
152+
SecureRandomHelper.getSecureRandom().nextBytes(serialBytes);
158153
serialBytes[0] &= 0x7F; // ensure positive
159154
byte[] serial = wrapInteger(serialBytes);
160155

0 commit comments

Comments
 (0)