2362N/A * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * files are present. Otherwise, SHA1PRNG is used instead of this class. 0N/A * /dev/random is only writable by root in many configurations. Because 0N/A * we cannot just ignore bytes specified via setSeed(), we keep a 0N/A * SHA1PRNG around in parallel. 0N/A * nextBytes() reads the bytes directly from /dev/urandom (and then 0N/A * mixes them with bytes from the SHA1PRNG for the reasons explained 0N/A * above). Reading bytes from /dev/urandom means that constantly get 0N/A * new entropy the operating system has collected. This is a notable 0N/A * advantage over the SHA1PRNG model, which acquires entropy only 0N/A * initially during startup although the VM may be running for months. 0N/A * Also note that we do not need any initial pure random seed from 0N/A * /dev/random. This is an advantage because on some versions of Linux 0N/A * it can be exhausted very quickly and could thus impact startup time. 0N/A * Finally, note that we use a singleton for the actual work (RandomIO) 0N/A * to avoid having to open and close /dev/[u]random constantly. However, 0N/A * there may me many NativePRNG instances created by the JCA framework. 0N/A * @author Andreas Sterbenz 0N/A // name of the pure random file (also used for setSeed()) 0N/A // name of the pseudo random file 0N/A // singleton instance or null if not available 0N/A // return whether the NativePRNG is available 0N/A // constructor, called by the JCA framework 0N/A // get pseudo random bytes 0N/A // get true random bytes 0N/A * Nested class doing the actual work. Singleton, see INSTANCE above. 0N/A // but we limit the lifetime to avoid using stale bits 0N/A // lifetime in ms, currently 100 ms (0.1 s) 0N/A // flag indicating if we have tried to open randomOut yet 0N/A // SHA1PRNG instance for mixing 0N/A // initialized lazily on demand to avoid problems during startup 0N/A // number of bytes left in urandomBuffer 0N/A // time we read the data into the urandomBuffer 0N/A // mutex lock for nextBytes() 0N/A // mutex lock for getSeed() 0N/A // mutex lock for setSeed() 0N/A // constructor, called only once from initIO() 0N/A // get the SHA1PRNG for mixing 0N/A // initialize if not yet created 0N/A byte[] b =
new byte[
20];
0N/A // read data.length bytes from in 0N/A // /dev/[u]random are not normal files, so we need to loop the read. 0N/A // just keep trying as long as we are making progress 0N/A // supply random bytes to the OS 0N/A // always add the seed to our mixing random 0N/A // ensure that there is at least one valid byte in the buffer 0N/A // if not, read new bytes 0N/A // get pseudo random bytes