instantiate SecureRandom only once

stefanseifert · stefanseifert · commit e002e72ee5ca · 2021-06-21T21:54:01.000+02:00
diff --git a/conga-aem-plugin/src/main/java/io/wcm/devops/conga/plugins/aem/crypto/impl/AesCryptoSupport.java b/conga-aem-plugin/src/main/java/io/wcm/devops/conga/plugins/aem/crypto/impl/AesCryptoSupport.java
@@ -22,6 +22,7 @@
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.Key;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Random;
 
@@ -30,6 +31,7 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import io.wcm.devops.conga.plugins.aem.crypto.CryptoSupport;
 
 /**
@@ -45,13 +47,15 @@ public class AesCryptoSupport extends CryptoSupport {
 
   private static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
 
-  private final Random random;
+  private static final Random RANDOM = initRandom();
 
-  /**
-   * @throws GeneralSecurityException Security exception
-   */
-  public AesCryptoSupport() throws GeneralSecurityException {
-    this.random = SecureRandom.getInstance(SECURE_RANDOM_ALGORITHM);
+  private static Random initRandom() {
+    try {
+      return SecureRandom.getInstance(SECURE_RANDOM_ALGORITHM);
+    }
+    catch (NoSuchAlgorithmException ex) {
+      throw new RuntimeException(ex);
+    }
   }
 
   @Override
@@ -91,9 +95,10 @@ private Cipher getCipher(int cipherMode, byte[] iv, Key key) throws GeneralSecur
     return cipher;
   }
 
+  @SuppressFBWarnings("DMI_RANDOM_USED_ONLY_ONCE")
   private byte[] generateIV() {
     byte[] iv = new byte[IV_SIZE];
-    random.nextBytes(iv);
+    RANDOM.nextBytes(iv);
     return iv;
   }
 
