Use custom SecureRandom instance

[signal-cli] / src / main / java / org / asamk / signal / util / SecurityProvider.java

diff --git a/src/main/java/org/asamk/signal/util/SecurityProvider.java b/src/main/java/org/asamk/signal/util/SecurityProvider.java
new file mode 100644 (file)
index 0000000..9177a78
--- /dev/null
+++ b/src/main/java/org/asamk/signal/util/SecurityProvider.java
@@ -0,0 +1,44 @@
+package org.asamk.signal.util;
+
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.SecureRandomSpi;
+
+public class SecurityProvider extends Provider {
+
+    private static final String PROVIDER_NAME = "SSP";
+
+    private static final String info = "Security Provider v1.0";
+
+    public SecurityProvider() {
+        super(PROVIDER_NAME, 1.0, info);
+        put("SecureRandom.DEFAULT", DefaultRandom.class.getName());
+
+        // Workaround for BKS truststore
+        put("KeyStore.BKS", "org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi$Std");
+        put("KeyStore.BKS-V1", "org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi$Version1");
+        put("KeyStore.BouncyCastle", "org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi$BouncyCastleStore");
+        put("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
+        put("CertificateFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory");
+    }
+
+    public static class DefaultRandom extends SecureRandomSpi {
+
+        private static final SecureRandom random = RandomUtils.getSecureRandom();
+
+        public DefaultRandom() {
+        }
+
+        protected void engineSetSeed(byte[] bytes) {
+            random.setSeed(bytes);
+        }
+
+        protected void engineNextBytes(byte[] bytes) {
+            random.nextBytes(bytes);
+        }
+
+        protected byte[] engineGenerateSeed(int numBytes) {
+            return random.generateSeed(numBytes);
+        }
+    }
+}