Import java.security.SecureRandom* from jdk-17.0.6-ga
List of files:
ojluni/src/main/java/java/security/SecureRandom.java
ojluni/src/main/java/java/security/SecureRandomSpi.java
Generated by tools/expected_upstream/ojluni_merge_to_main.py
Bug: 260847206
Test: N/A
No-Typo-Check: Imported files
Change-Id: If0b194da66760b5970fab0b8e624e89b2317424c
diff --git a/EXPECTED_UPSTREAM b/EXPECTED_UPSTREAM
index 4641b75..94aa26c 100644
--- a/EXPECTED_UPSTREAM
+++ b/EXPECTED_UPSTREAM
@@ -593,9 +593,9 @@
ojluni/src/main/java/java/security/ProviderException.java,jdk11u/jdk-11.0.13-ga,src/java.base/share/classes/java/security/ProviderException.java
ojluni/src/main/java/java/security/PublicKey.java,jdk17u/jdk-17.0.6-ga,src/java.base/share/classes/java/security/PublicKey.java
ojluni/src/main/java/java/security/SecureClassLoader.java,jdk8u/jdk8u121-b13,jdk/src/share/classes/java/security/SecureClassLoader.java
-ojluni/src/main/java/java/security/SecureRandom.java,jdk8u/jdk8u121-b13,jdk/src/share/classes/java/security/SecureRandom.java
+ojluni/src/main/java/java/security/SecureRandom.java,jdk17u/jdk-17.0.6-ga,src/java.base/share/classes/java/security/SecureRandom.java
ojluni/src/main/java/java/security/SecureRandomParameters.java,jdk17u/jdk-17.0.6-ga,src/java.base/share/classes/java/security/SecureRandomParameters.java
-ojluni/src/main/java/java/security/SecureRandomSpi.java,jdk8u/jdk8u121-b13,jdk/src/share/classes/java/security/SecureRandomSpi.java
+ojluni/src/main/java/java/security/SecureRandomSpi.java,jdk17u/jdk-17.0.6-ga,src/java.base/share/classes/java/security/SecureRandomSpi.java
ojluni/src/main/java/java/security/Security.java,jdk8u/jdk8u121-b13,jdk/src/share/classes/java/security/Security.java
ojluni/src/main/java/java/security/SecurityPermission.java,jdk11u/jdk-11.0.13-ga,src/java.base/share/classes/java/security/SecurityPermission.java
ojluni/src/main/java/java/security/Signature.java,jdk8u/jdk8u121-b13,jdk/src/share/classes/java/security/Signature.java
diff --git a/ojluni/src/main/java/java/security/SecureRandom.java b/ojluni/src/main/java/java/security/SecureRandom.java
index 6848be5..1cf18d7 100644
--- a/ojluni/src/main/java/java/security/SecureRandom.java
+++ b/ojluni/src/main/java/java/security/SecureRandom.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,72 +25,134 @@
package java.security;
+import java.math.BigInteger;
import java.util.*;
+import java.util.random.RandomGenerator;
import java.util.regex.*;
-
import java.security.Provider.Service;
+import jdk.internal.util.random.RandomSupport.RandomGeneratorProperties;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
+import sun.security.provider.SunEntries;
import sun.security.util.Debug;
/**
* This class provides a cryptographically strong random number
* generator (RNG).
*
- * <p>A cryptographically strong random number
- * minimally complies with the statistical random number generator tests
- * specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+ * <p>A cryptographically strong random number minimally complies with the
+ * statistical random number generator tests specified in
+ * <a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">
* <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>,
* section 4.9.1.
- * Additionally, SecureRandom must produce non-deterministic output.
- * Therefore any seed material passed to a SecureRandom object must be
- * unpredictable, and all SecureRandom output sequences must be
+ * Additionally, {@code SecureRandom} must produce non-deterministic output.
+ * Therefore any seed material passed to a {@code SecureRandom} object must be
+ * unpredictable, and all {@code SecureRandom} output sequences must be
* cryptographically strong, as described in
- * <a href="http://www.ietf.org/rfc/rfc1750.txt">
- * <i>RFC 1750: Randomness Recommendations for Security</i></a>.
+ * <a href="http://tools.ietf.org/html/rfc4086">
+ * <i>RFC 4086: Randomness Requirements for Security</i></a>.
*
- * <p>A caller obtains a SecureRandom instance via the
- * no-argument constructor or one of the {@code getInstance} methods:
- *
- * <pre>
- * SecureRandom random = new SecureRandom();
- * </pre>
- *
- * <p> Many SecureRandom implementations are in the form of a pseudo-random
- * number generator (PRNG), which means they use a deterministic algorithm
- * to produce a pseudo-random sequence from a true random seed.
+ * <p> Many {@code SecureRandom} implementations are in the form of a
+ * pseudo-random number generator (PRNG, also known as deterministic random
+ * bits generator or DRBG), which means they use a deterministic algorithm
+ * to produce a pseudo-random sequence from a random seed.
* Other implementations may produce true random numbers,
* and yet others may use a combination of both techniques.
*
- * <p> Typical callers of SecureRandom invoke the following methods
+ * <p>A caller obtains a {@code SecureRandom} instance via the
+ * no-argument constructor or one of the {@code getInstance} methods.
+ * For example:
+ *
+ * <blockquote><pre>
+ * SecureRandom r1 = new SecureRandom();
+ * SecureRandom r2 = SecureRandom.getInstance("NativePRNG");
+ * SecureRandom r3 = SecureRandom.getInstance("DRBG",
+ * DrbgParameters.instantiation(128, RESEED_ONLY, null));</pre>
+ * </blockquote>
+ *
+ * <p> The third statement above returns a {@code SecureRandom} object of the
+ * specific algorithm supporting the specific instantiate parameters. The
+ * implementation's effective instantiated parameters must match this minimum
+ * request but is not necessarily the same. For example, even if the request
+ * does not require a certain feature, the actual instantiation can provide
+ * the feature. An implementation may lazily instantiate a {@code SecureRandom}
+ * until it's actually used, but the effective instantiate parameters must be
+ * determined right after it's created and {@link #getParameters()} should
+ * always return the same result unchanged.
+ *
+ * <p> Typical callers of {@code SecureRandom} invoke the following methods
* to retrieve random bytes:
*
- * <pre>
- * SecureRandom random = new SecureRandom();
- * byte bytes[] = new byte[20];
- * random.nextBytes(bytes);
- * </pre>
+ * <blockquote><pre>
+ * SecureRandom random = new SecureRandom();
+ * byte[] bytes = new byte[20];
+ * random.nextBytes(bytes);</pre>
+ * </blockquote>
*
- * <p> Callers may also invoke the {@code generateSeed} method
+ * <p> Callers may also invoke the {@link #generateSeed} method
* to generate a given number of seed bytes (to seed other random number
* generators, for example):
- * <pre>
- * byte seed[] = random.generateSeed(20);
- * </pre>
*
- * Note: Depending on the implementation, the {@code generateSeed} and
- * {@code nextBytes} methods may block as entropy is being gathered,
- * for example, if they need to read from /dev/random on various Unix-like
- * operating systems.
+ * <blockquote><pre>
+ * byte[] seed = random.generateSeed(20);</pre>
+ * </blockquote>
+ *
+ * <p> A newly created PRNG {@code SecureRandom} object is not seeded (except
+ * if it is created by {@link #SecureRandom(byte[])}). The first call to
+ * {@code nextBytes} will force it to seed itself from an implementation-
+ * specific entropy source. This self-seeding will not occur if {@code setSeed}
+ * was previously called.
+ *
+ * <p> A {@code SecureRandom} can be reseeded at any time by calling the
+ * {@code reseed} or {@code setSeed} method. The {@code reseed} method
+ * reads entropy input from its entropy source to reseed itself.
+ * The {@code setSeed} method requires the caller to provide the seed.
+ *
+ * <p> Please note that {@code reseed} may not be supported by all
+ * {@code SecureRandom} implementations.
+ *
+ * <p> Some {@code SecureRandom} implementations may accept a
+ * {@link SecureRandomParameters} parameter in its
+ * {@link #nextBytes(byte[], SecureRandomParameters)} and
+ * {@link #reseed(SecureRandomParameters)} methods to further
+ * control the behavior of the methods.
+ *
+ * <p> Note: Depending on the implementation, the {@code generateSeed},
+ * {@code reseed} and {@code nextBytes} methods may block as entropy is being
+ * gathered, for example, if the entropy source is /dev/random on various
+ * Unix-like operating systems.
+ *
+ * <h2> Thread safety </h2>
+ * {@code SecureRandom} objects are safe for use by multiple concurrent threads.
+ *
+ * @implSpec
+ * A {@code SecureRandom} service provider can advertise that it is thread-safe
+ * by setting the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#service-attributes">service
+ * provider attribute</a> "ThreadSafe" to "true" when registering the provider.
+ * Otherwise, this class will instead synchronize access to the following
+ * methods of the {@code SecureRandomSpi} implementation:
+ * <ul>
+ * <li>{@link SecureRandomSpi#engineSetSeed(byte[])}
+ * <li>{@link SecureRandomSpi#engineNextBytes(byte[])}
+ * <li>{@link SecureRandomSpi#engineNextBytes(byte[], SecureRandomParameters)}
+ * <li>{@link SecureRandomSpi#engineGenerateSeed(int)}
+ * <li>{@link SecureRandomSpi#engineReseed(SecureRandomParameters)}
+ * </ul>
*
* @see java.security.SecureRandomSpi
* @see java.util.Random
*
* @author Benjamin Renaud
* @author Josh Bloch
+ * @since 1.1
*/
+@RandomGeneratorProperties(
+ name = "SecureRandom",
+ isStochastic = true
+)
public class SecureRandom extends java.util.Random {
private static final Debug pdebug =
@@ -114,8 +176,16 @@
*/
private SecureRandomSpi secureRandomSpi = null;
- /*
- * The algorithm name of null if unknown.
+ /**
+ * Thread safety.
+ *
+ * @serial
+ * @since 9
+ */
+ private final boolean threadSafe;
+
+ /**
+ * The algorithm name or {@code null} if unknown.
*
* @serial
* @since 1.5
@@ -123,7 +193,7 @@
private String algorithm;
// Seed Generator
- private static volatile SecureRandom seedGenerator = null;
+ private static volatile SecureRandom seedGenerator;
/**
* Constructs a secure random number generator (RNG) implementing the
@@ -131,26 +201,19 @@
*
* <p> This constructor traverses the list of registered security Providers,
* starting with the most preferred Provider.
- * A new SecureRandom object encapsulating the
- * SecureRandomSpi implementation from the first
- * Provider that supports a SecureRandom (RNG) algorithm is returned.
+ * A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the first
+ * Provider that supports a {@code SecureRandom} (RNG) algorithm is returned.
* If none of the Providers support a RNG algorithm,
* then an implementation-specific default is returned.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
- * <p> See the SecureRandom section in the <a href=
- * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
- * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * <p> See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
* for information about standard RNG algorithm names.
- *
- * <p> The returned SecureRandom object has not been seeded. To seed the
- * returned object, call the {@code setSeed} method.
- * If {@code setSeed} is not called, the first call to
- * {@code nextBytes} will force the SecureRandom object to seed itself.
- * This self-seeding will not occur if {@code setSeed} was
- * previously called.
*/
public SecureRandom() {
/*
@@ -160,73 +223,100 @@
*/
super(0);
getDefaultPRNG(false, null);
+ this.threadSafe = getThreadSafe();
+ }
+
+ private boolean getThreadSafe() {
+ if (provider == null || algorithm == null) {
+ return false;
+ } else {
+ return Boolean.parseBoolean(provider.getProperty(
+ "SecureRandom." + algorithm + " ThreadSafe", "false"));
+ }
}
/**
* Constructs a secure random number generator (RNG) implementing the
* default random number algorithm.
- * The SecureRandom instance is seeded with the specified seed bytes.
+ * The {@code SecureRandom} instance is seeded with the specified seed bytes.
*
* <p> This constructor traverses the list of registered security Providers,
* starting with the most preferred Provider.
- * A new SecureRandom object encapsulating the
- * SecureRandomSpi implementation from the first
- * Provider that supports a SecureRandom (RNG) algorithm is returned.
+ * A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the first
+ * Provider that supports a {@code SecureRandom} (RNG) algorithm is returned.
* If none of the Providers support a RNG algorithm,
* then an implementation-specific default is returned.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
- * <p> See the SecureRandom section in the <a href=
- * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
- * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * <p> See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
* for information about standard RNG algorithm names.
*
* @param seed the seed.
*/
- public SecureRandom(byte seed[]) {
+ public SecureRandom(byte[] seed) {
super(0);
getDefaultPRNG(true, seed);
+ this.threadSafe = getThreadSafe();
}
private void getDefaultPRNG(boolean setSeed, byte[] seed) {
- String prng = getPrngAlgorithm();
- if (prng == null) {
- // bummer, get the SUN implementation
- prng = "SHA1PRNG";
+ Service prngService = null;
+ String prngAlgorithm = null;
+ for (Provider p : Providers.getProviderList().providers()) {
+ // SUN provider uses the SunEntries.DEF_SECURE_RANDOM_ALGO
+ // as the default SecureRandom algorithm; for other providers,
+ // Provider.getDefaultSecureRandom() will use the 1st
+ // registered SecureRandom algorithm
+ if (p.getName().equals("SUN")) {
+ prngAlgorithm = SunEntries.DEF_SECURE_RANDOM_ALGO;
+ prngService = p.getService("SecureRandom", prngAlgorithm);
+ break;
+ } else {
+ prngService = p.getDefaultSecureRandomService();
+ if (prngService != null) {
+ prngAlgorithm = prngService.getAlgorithm();
+ break;
+ }
+ }
+ }
+ // per javadoc, if none of the Providers support a RNG algorithm,
+ // then an implementation-specific default is returned.
+ if (prngService == null) {
+ prngAlgorithm = "SHA1PRNG";
this.secureRandomSpi = new sun.security.provider.SecureRandom();
this.provider = Providers.getSunProvider();
- if (setSeed) {
- this.secureRandomSpi.engineSetSeed(seed);
- }
} else {
try {
- SecureRandom random = SecureRandom.getInstance(prng);
- this.secureRandomSpi = random.getSecureRandomSpi();
- this.provider = random.getProvider();
- if (setSeed) {
- this.secureRandomSpi.engineSetSeed(seed);
- }
+ this.secureRandomSpi = (SecureRandomSpi)
+ prngService.newInstance(null);
+ this.provider = prngService.getProvider();
} catch (NoSuchAlgorithmException nsae) {
- // never happens, because we made sure the algorithm exists
+ // should not happen
throw new RuntimeException(nsae);
}
}
+ if (setSeed) {
+ this.secureRandomSpi.engineSetSeed(seed);
+ }
// JDK 1.1 based implementations subclass SecureRandom instead of
// SecureRandomSpi. They will also go through this code path because
// they must call a SecureRandom constructor as it is their superclass.
// If we are dealing with such an implementation, do not set the
// algorithm value as it would be inaccurate.
if (getClass() == SecureRandom.class) {
- this.algorithm = prng;
+ this.algorithm = prngAlgorithm;
}
}
/**
- * Creates a SecureRandom object.
+ * Creates a {@code SecureRandom} object.
*
- * @param secureRandomSpi the SecureRandom implementation.
+ * @param secureRandomSpi the {@code SecureRandom} implementation.
* @param provider the provider.
*/
protected SecureRandom(SecureRandomSpi secureRandomSpi,
@@ -240,44 +330,52 @@
this.secureRandomSpi = secureRandomSpi;
this.provider = provider;
this.algorithm = algorithm;
+ this.threadSafe = getThreadSafe();
if (!skipDebug && pdebug != null) {
pdebug.println("SecureRandom." + algorithm +
- " algorithm from: " + this.provider.getName());
+ " algorithm from: " + getProviderName());
}
}
+ private String getProviderName() {
+ return (provider == null) ? "(no provider)" : provider.getName();
+ }
+
/**
- * Returns a SecureRandom object that implements the specified
+ * Returns a {@code SecureRandom} object that implements the specified
* Random Number Generator (RNG) algorithm.
*
* <p> This method traverses the list of registered security Providers,
* starting with the most preferred Provider.
- * A new SecureRandom object encapsulating the
- * SecureRandomSpi implementation from the first
+ * A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the first
* Provider that supports the specified algorithm is returned.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
- * <p> The returned SecureRandom object has not been seeded. To seed the
- * returned object, call the {@code setSeed} method.
- * If {@code setSeed} is not called, the first call to
- * {@code nextBytes} will force the SecureRandom object to seed itself.
- * This self-seeding will not occur if {@code setSeed} was
- * previously called.
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred}
+ * {@link Security#getProperty(String) Security} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
*
* @param algorithm the name of the RNG algorithm.
- * See the SecureRandom section in the <a href=
- * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
- * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
* for information about standard RNG algorithm names.
*
- * @return the new SecureRandom object.
+ * @return the new {@code SecureRandom} object
*
- * @exception NoSuchAlgorithmException if no Provider supports a
- * SecureRandomSpi implementation for the
- * specified algorithm.
+ * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+ * {@code SecureRandomSpi} implementation for the
+ * specified algorithm
+ *
+ * @throws NullPointerException if {@code algorithm} is {@code null}
*
* @see Provider
*
@@ -285,50 +383,46 @@
*/
public static SecureRandom getInstance(String algorithm)
throws NoSuchAlgorithmException {
+ Objects.requireNonNull(algorithm, "null algorithm name");
Instance instance = GetInstance.getInstance("SecureRandom",
- SecureRandomSpi.class, algorithm);
+ SecureRandomSpi.class, algorithm);
return new SecureRandom((SecureRandomSpi)instance.impl,
- instance.provider, algorithm);
+ instance.provider, algorithm);
}
/**
- * Returns a SecureRandom object that implements the specified
+ * Returns a {@code SecureRandom} object that implements the specified
* Random Number Generator (RNG) algorithm.
*
- * <p> A new SecureRandom object encapsulating the
- * SecureRandomSpi implementation from the specified provider
+ * <p> A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the specified provider
* is returned. The specified provider must be registered
* in the security provider list.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
- * <p> The returned SecureRandom object has not been seeded. To seed the
- * returned object, call the {@code setSeed} method.
- * If {@code setSeed} is not called, the first call to
- * {@code nextBytes} will force the SecureRandom object to seed itself.
- * This self-seeding will not occur if {@code setSeed} was
- * previously called.
- *
* @param algorithm the name of the RNG algorithm.
- * See the SecureRandom section in the <a href=
- * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
- * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
* for information about standard RNG algorithm names.
*
* @param provider the name of the provider.
*
- * @return the new SecureRandom object.
+ * @return the new {@code SecureRandom} object
*
- * @exception NoSuchAlgorithmException if a SecureRandomSpi
- * implementation for the specified algorithm is not
- * available from the specified provider.
+ * @throws IllegalArgumentException if the provider name is {@code null}
+ * or empty
*
- * @exception NoSuchProviderException if the specified provider is not
- * registered in the security provider list.
+ * @throws NoSuchAlgorithmException if a {@code SecureRandomSpi}
+ * implementation for the specified algorithm is not
+ * available from the specified provider
*
- * @exception IllegalArgumentException if the provider name is null
- * or empty.
+ * @throws NoSuchProviderException if the specified provider is not
+ * registered in the security provider list
+ *
+ * @throws NullPointerException if {@code algorithm} is {@code null}
*
* @see Provider
*
@@ -336,6 +430,7 @@
*/
public static SecureRandom getInstance(String algorithm, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException {
+ Objects.requireNonNull(algorithm, "null algorithm name");
Instance instance = GetInstance.getInstance("SecureRandom",
SecureRandomSpi.class, algorithm, provider);
return new SecureRandom((SecureRandomSpi)instance.impl,
@@ -343,36 +438,32 @@
}
/**
- * Returns a SecureRandom object that implements the specified
+ * Returns a {@code SecureRandom} object that implements the specified
* Random Number Generator (RNG) algorithm.
*
- * <p> A new SecureRandom object encapsulating the
- * SecureRandomSpi implementation from the specified Provider
- * object is returned. Note that the specified Provider object
+ * <p> A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the specified {@code Provider}
+ * object is returned. Note that the specified {@code Provider} object
* does not have to be registered in the provider list.
*
- * <p> The returned SecureRandom object has not been seeded. To seed the
- * returned object, call the {@code setSeed} method.
- * If {@code setSeed} is not called, the first call to
- * {@code nextBytes} will force the SecureRandom object to seed itself.
- * This self-seeding will not occur if {@code setSeed} was
- * previously called.
- *
* @param algorithm the name of the RNG algorithm.
- * See the SecureRandom section in the <a href=
- * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
- * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
* for information about standard RNG algorithm names.
*
* @param provider the provider.
*
- * @return the new SecureRandom object.
+ * @return the new {@code SecureRandom} object
*
- * @exception NoSuchAlgorithmException if a SecureRandomSpi
- * implementation for the specified algorithm is not available
- * from the specified Provider object.
+ * @throws IllegalArgumentException if the specified provider is
+ * {@code null}
*
- * @exception IllegalArgumentException if the specified provider is null.
+ * @throws NoSuchAlgorithmException if a {@code SecureRandomSpi}
+ * implementation for the specified algorithm is not available
+ * from the specified {@code Provider} object
+ *
+ * @throws NullPointerException if {@code algorithm} is {@code null}
*
* @see Provider
*
@@ -380,6 +471,7 @@
*/
public static SecureRandom getInstance(String algorithm,
Provider provider) throws NoSuchAlgorithmException {
+ Objects.requireNonNull(algorithm, "null algorithm name");
Instance instance = GetInstance.getInstance("SecureRandom",
SecureRandomSpi.class, algorithm, provider);
return new SecureRandom((SecureRandomSpi)instance.impl,
@@ -387,44 +479,245 @@
}
/**
- * Returns the SecureRandomSpi of this SecureRandom object.
+ * Returns a {@code SecureRandom} object that implements the specified
+ * Random Number Generator (RNG) algorithm and supports the specified
+ * {@code SecureRandomParameters} request.
+ *
+ * <p> This method traverses the list of registered security Providers,
+ * starting with the most preferred Provider.
+ * A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the first
+ * Provider that supports the specified algorithm and the specified
+ * {@code SecureRandomParameters} is returned.
+ *
+ * <p> Note that the list of registered providers may be retrieved via
+ * the {@link Security#getProviders() Security.getProviders()} method.
+ *
+ * @implNote
+ * The JDK Reference Implementation additionally uses the
+ * {@code jdk.security.provider.preferred} property to determine
+ * the preferred provider order for the specified algorithm. This
+ * may be different than the order of providers returned by
+ * {@link Security#getProviders() Security.getProviders()}.
+ *
+ * @param algorithm the name of the RNG algorithm.
+ * See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
+ * for information about standard RNG algorithm names.
+ *
+ * @param params the {@code SecureRandomParameters}
+ * the newly created {@code SecureRandom} object must support.
+ *
+ * @return the new {@code SecureRandom} object
+ *
+ * @throws IllegalArgumentException if the specified params is
+ * {@code null}
+ *
+ * @throws NoSuchAlgorithmException if no Provider supports a
+ * {@code SecureRandomSpi} implementation for the specified
+ * algorithm and parameters
+ *
+ * @throws NullPointerException if {@code algorithm} is {@code null}
+ *
+ * @see Provider
+ *
+ * @since 9
*/
- SecureRandomSpi getSecureRandomSpi() {
- return secureRandomSpi;
+ public static SecureRandom getInstance(
+ String algorithm, SecureRandomParameters params)
+ throws NoSuchAlgorithmException {
+ Objects.requireNonNull(algorithm, "null algorithm name");
+ if (params == null) {
+ throw new IllegalArgumentException("params cannot be null");
+ }
+ Instance instance = GetInstance.getInstance("SecureRandom",
+ SecureRandomSpi.class, algorithm, params);
+ return new SecureRandom((SecureRandomSpi)instance.impl,
+ instance.provider, algorithm);
}
/**
- * Returns the provider of this SecureRandom object.
+ * Returns a {@code SecureRandom} object that implements the specified
+ * Random Number Generator (RNG) algorithm and supports the specified
+ * {@code SecureRandomParameters} request.
*
- * @return the provider of this SecureRandom object.
+ * <p> A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the specified provider
+ * is returned. The specified provider must be registered
+ * in the security provider list.
+ *
+ * <p> Note that the list of registered providers may be retrieved via
+ * the {@link Security#getProviders() Security.getProviders()} method.
+ *
+ * @param algorithm the name of the RNG algorithm.
+ * See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
+ * for information about standard RNG algorithm names.
+ *
+ * @param params the {@code SecureRandomParameters}
+ * the newly created {@code SecureRandom} object must support.
+ *
+ * @param provider the name of the provider.
+ *
+ * @return the new {@code SecureRandom} object
+ *
+ * @throws IllegalArgumentException if the provider name is {@code null}
+ * or empty, or params is {@code null}
+ *
+ * @throws NoSuchAlgorithmException if the specified provider does not
+ * support a {@code SecureRandomSpi} implementation for the
+ * specified algorithm and parameters
+ *
+ * @throws NoSuchProviderException if the specified provider is not
+ * registered in the security provider list
+ *
+ * @throws NullPointerException if {@code algorithm} is {@code null}
+ *
+ * @see Provider
+ *
+ * @since 9
+ */
+ public static SecureRandom getInstance(String algorithm,
+ SecureRandomParameters params, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException {
+ Objects.requireNonNull(algorithm, "null algorithm name");
+ if (params == null) {
+ throw new IllegalArgumentException("params cannot be null");
+ }
+ Instance instance = GetInstance.getInstance("SecureRandom",
+ SecureRandomSpi.class, algorithm, params, provider);
+ return new SecureRandom((SecureRandomSpi)instance.impl,
+ instance.provider, algorithm);
+ }
+
+ /**
+ * Returns a {@code SecureRandom} object that implements the specified
+ * Random Number Generator (RNG) algorithm and supports the specified
+ * {@code SecureRandomParameters} request.
+ *
+ * <p> A new {@code SecureRandom} object encapsulating the
+ * {@code SecureRandomSpi} implementation from the specified
+ * {@code Provider} object is returned. Note that the specified
+ * {@code Provider} object does not have to be registered in the
+ * provider list.
+ *
+ * @param algorithm the name of the RNG algorithm.
+ * See the {@code SecureRandom} section in the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#securerandom-number-generation-algorithms">
+ * Java Security Standard Algorithm Names Specification</a>
+ * for information about standard RNG algorithm names.
+ *
+ * @param params the {@code SecureRandomParameters}
+ * the newly created {@code SecureRandom} object must support.
+ *
+ * @param provider the provider.
+ *
+ * @return the new {@code SecureRandom} object
+ *
+ * @throws IllegalArgumentException if the specified provider or params
+ * is {@code null}
+ *
+ * @throws NoSuchAlgorithmException if the specified provider does not
+ * support a {@code SecureRandomSpi} implementation for the
+ * specified algorithm and parameters
+ *
+ * @throws NullPointerException if {@code algorithm} is {@code null}
+ *
+ * @see Provider
+ *
+ * @since 9
+ */
+ public static SecureRandom getInstance(String algorithm,
+ SecureRandomParameters params, Provider provider)
+ throws NoSuchAlgorithmException {
+ Objects.requireNonNull(algorithm, "null algorithm name");
+ if (params == null) {
+ throw new IllegalArgumentException("params cannot be null");
+ }
+ Instance instance = GetInstance.getInstance("SecureRandom",
+ SecureRandomSpi.class, algorithm, params, provider);
+ return new SecureRandom((SecureRandomSpi)instance.impl,
+ instance.provider, algorithm);
+ }
+
+ /**
+ * Returns the provider of this {@code SecureRandom} object.
+ *
+ * @return the provider of this {@code SecureRandom} object.
*/
public final Provider getProvider() {
return provider;
}
/**
- * Returns the name of the algorithm implemented by this SecureRandom
- * object.
+ * Returns the name of the algorithm implemented by this
+ * {@code SecureRandom} object.
*
* @return the name of the algorithm or {@code unknown}
* if the algorithm name cannot be determined.
* @since 1.5
*/
public String getAlgorithm() {
- return (algorithm != null) ? algorithm : "unknown";
+ return Objects.toString(algorithm, "unknown");
}
/**
- * Reseeds this random object. The given seed supplements, rather than
- * replaces, the existing seed. Thus, repeated calls are guaranteed
- * never to reduce randomness.
+ * Returns a Human-readable string representation of this
+ * {@code SecureRandom}.
+ *
+ * @return the string representation
+ */
+ @Override
+ public String toString() {
+ return secureRandomSpi.toString();
+ }
+
+ /**
+ * Returns the effective {@link SecureRandomParameters} for this
+ * {@code SecureRandom} instance.
+ * <p>
+ * The returned value can be different from the
+ * {@code SecureRandomParameters} object passed into a {@code getInstance}
+ * method, but it cannot change during the lifetime of this
+ * {@code SecureRandom} object.
+ * <p>
+ * A caller can use the returned value to find out what features this
+ * {@code SecureRandom} supports.
+ *
+ * @return the effective {@link SecureRandomParameters} parameters,
+ * or {@code null} if no parameters were used.
+ *
+ * @since 9
+ * @see SecureRandomSpi
+ */
+ public SecureRandomParameters getParameters() {
+ return secureRandomSpi.engineGetParameters();
+ }
+
+ /**
+ * Reseeds this random object with the given seed. The seed supplements,
+ * rather than replaces, the existing seed. Thus, repeated calls are
+ * guaranteed never to reduce randomness.
+ * <p>
+ * A PRNG {@code SecureRandom} will not seed itself automatically if
+ * {@code setSeed} is called before any {@code nextBytes} or {@code reseed}
+ * calls. The caller should make sure that the {@code seed} argument
+ * contains enough entropy for the security of this {@code SecureRandom}.
*
* @param seed the seed.
*
* @see #getSeed
*/
- synchronized public void setSeed(byte[] seed) {
- secureRandomSpi.engineSetSeed(seed);
+ public void setSeed(byte[] seed) {
+ if (threadSafe) {
+ secureRandomSpi.engineSetSeed(seed);
+ } else {
+ synchronized (this) {
+ secureRandomSpi.engineSetSeed(seed);
+ }
+ }
}
/**
@@ -443,29 +736,60 @@
@Override
public void setSeed(long seed) {
/*
- * Ignore call from super constructor (as well as any other calls
- * unfortunate enough to be passing 0). It's critical that we
- * ignore call from superclass constructor, as digest has not
- * yet been initialized at that point.
+ * Ignore call from super constructor as well as any other calls
+ * unfortunate enough to be passing 0. All SecureRandom
+ * constructors call `super(0)` which leads to `setSeed(0)`.
+ * We either keep the object unseeded (in `new SecureRandom()`)
+ * or we seed the object explicitly (in `new SecureRandom(byte[])`).
*/
if (seed != 0) {
- secureRandomSpi.engineSetSeed(longToByteArray(seed));
+ setSeed(longToByteArray(seed));
}
}
/**
* Generates a user-specified number of random bytes.
*
- * <p> If a call to {@code setSeed} had not occurred previously,
- * the first call to this method forces this SecureRandom object
- * to seed itself. This self-seeding will not occur if
- * {@code setSeed} was previously called.
- *
* @param bytes the array to be filled in with random bytes.
*/
@Override
public void nextBytes(byte[] bytes) {
- secureRandomSpi.engineNextBytes(bytes);
+ if (threadSafe) {
+ secureRandomSpi.engineNextBytes(bytes);
+ } else {
+ synchronized (this) {
+ secureRandomSpi.engineNextBytes(bytes);
+ }
+ }
+ }
+
+ /**
+ * Generates a user-specified number of random bytes with
+ * additional parameters.
+ *
+ * @param bytes the array to be filled in with random bytes
+ * @param params additional parameters
+ * @throws NullPointerException if {@code bytes} is null
+ * @throws UnsupportedOperationException if the underlying provider
+ * implementation has not overridden this method
+ * @throws IllegalArgumentException if {@code params} is {@code null},
+ * illegal or unsupported by this {@code SecureRandom}
+ *
+ * @since 9
+ */
+ public void nextBytes(byte[] bytes, SecureRandomParameters params) {
+ if (params == null) {
+ throw new IllegalArgumentException("params cannot be null");
+ }
+ if (threadSafe) {
+ secureRandomSpi.engineNextBytes(
+ Objects.requireNonNull(bytes), params);
+ } else {
+ synchronized (this) {
+ secureRandomSpi.engineNextBytes(
+ Objects.requireNonNull(bytes), params);
+ }
+ }
}
/**
@@ -483,9 +807,9 @@
* of pseudo-random bits (right justified, with leading zeros).
*/
@Override
- final protected int next(int numBits) {
+ protected final int next(int numBits) {
int numBytes = (numBits+7)/8;
- byte b[] = new byte[numBytes];
+ byte[] b = new byte[numBytes];
int next = 0;
nextBytes(b);
@@ -503,21 +827,24 @@
*
* <p>This method is only included for backwards compatibility.
* The caller is encouraged to use one of the alternative
- * {@code getInstance} methods to obtain a SecureRandom object, and
+ * {@code getInstance} methods to obtain a {@code SecureRandom} object, and
* then call the {@code generateSeed} method to obtain seed bytes
* from that object.
*
* @param numBytes the number of seed bytes to generate.
*
+ * @throws IllegalArgumentException if {@code numBytes} is negative
* @return the seed bytes.
*
* @see #setSeed
*/
public static byte[] getSeed(int numBytes) {
- if (seedGenerator == null) {
- seedGenerator = new SecureRandom();
+ SecureRandom seedGen = seedGenerator;
+ if (seedGen == null) {
+ seedGen = new SecureRandom();
+ seedGenerator = seedGen;
}
- return seedGenerator.generateSeed(numBytes);
+ return seedGen.generateSeed(numBytes);
}
/**
@@ -526,11 +853,20 @@
* call may be used to seed other random number generators.
*
* @param numBytes the number of seed bytes to generate.
- *
+ * @throws IllegalArgumentException if {@code numBytes} is negative
* @return the seed bytes.
*/
public byte[] generateSeed(int numBytes) {
- return secureRandomSpi.engineGenerateSeed(numBytes);
+ if (numBytes < 0) {
+ throw new IllegalArgumentException("numBytes cannot be negative");
+ }
+ if (threadSafe) {
+ return secureRandomSpi.engineGenerateSeed(numBytes);
+ } else {
+ synchronized (this) {
+ return secureRandomSpi.engineGenerateSeed(numBytes);
+ }
+ }
}
/**
@@ -548,23 +884,6 @@
return retVal;
}
- /**
- * Gets a default PRNG algorithm by looking through all registered
- * providers. Returns the first PRNG algorithm of the first provider that
- * has registered a SecureRandom implementation, or null if none of the
- * registered providers supplies a SecureRandom implementation.
- */
- private static String getPrngAlgorithm() {
- for (Provider p : Providers.getProviderList().providers()) {
- for (Service s : p.getServices()) {
- if (s.getType().equals("SecureRandom")) {
- return s.getAlgorithm();
- }
- }
- }
- return null;
- }
-
/*
* Lazily initialize since Pattern.compile() is heavy.
* Effective Java (2nd Edition), Item 71.
@@ -614,8 +933,9 @@
public static SecureRandom getInstanceStrong()
throws NoSuchAlgorithmException {
+ @SuppressWarnings("removal")
String property = AccessController.doPrivileged(
- new PrivilegedAction<String>() {
+ new PrivilegedAction<>() {
@Override
public String run() {
return Security.getProperty(
@@ -623,7 +943,7 @@
}
});
- if ((property == null) || (property.length() == 0)) {
+ if (property == null || property.isEmpty()) {
throw new NoSuchAlgorithmException(
"Null/empty securerandom.strongAlgorithms Security Property");
}
@@ -656,7 +976,56 @@
"No strong SecureRandom impls available: " + property);
}
+ /**
+ * Reseeds this {@code SecureRandom} with entropy input read from its
+ * entropy source.
+ *
+ * @throws UnsupportedOperationException if the underlying provider
+ * implementation has not overridden this method.
+ *
+ * @since 9
+ */
+ public void reseed() {
+ if (threadSafe) {
+ secureRandomSpi.engineReseed(null);
+ } else {
+ synchronized (this) {
+ secureRandomSpi.engineReseed(null);
+ }
+ }
+ }
+
+ /**
+ * Reseeds this {@code SecureRandom} with entropy input read from its
+ * entropy source with additional parameters.
+ * <p>
+ * Note that entropy is obtained from an entropy source. While
+ * some data in {@code params} may contain entropy, its main usage is to
+ * provide diversity.
+ *
+ * @param params extra parameters
+ * @throws UnsupportedOperationException if the underlying provider
+ * implementation has not overridden this method.
+ * @throws IllegalArgumentException if {@code params} is {@code null},
+ * illegal or unsupported by this {@code SecureRandom}
+ *
+ * @since 9
+ */
+ public void reseed(SecureRandomParameters params) {
+ if (params == null) {
+ throw new IllegalArgumentException("params cannot be null");
+ }
+ if (threadSafe) {
+ secureRandomSpi.engineReseed(params);
+ } else {
+ synchronized (this) {
+ secureRandomSpi.engineReseed(params);
+ }
+ }
+ }
+
// Declare serialVersionUID to be compatible with JDK1.1
+ @java.io.Serial
static final long serialVersionUID = 4940670005562187L;
// Retain unused values serialized from JDK1.1
@@ -667,6 +1036,7 @@
/**
* @serial
*/
+ @SuppressWarnings("serial") // Not statically typed as Serializable
private MessageDigest digest = null;
/**
* @serial
@@ -674,7 +1044,7 @@
* We know that the MessageDigest class does not implement
* java.io.Serializable. However, since this field is no longer
* used, it will always be NULL and won't affect the serialization
- * of the SecureRandom class itself.
+ * of the {@code SecureRandom} class itself.
*/
private byte[] randomBytes;
/**
diff --git a/ojluni/src/main/java/java/security/SecureRandomSpi.java b/ojluni/src/main/java/java/security/SecureRandomSpi.java
index ef6c243..9ad18e2 100644
--- a/ojluni/src/main/java/java/security/SecureRandomSpi.java
+++ b/ojluni/src/main/java/java/security/SecureRandomSpi.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,24 +27,91 @@
/**
* This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
- * for the {@code SecureRandom} class.
+ * for the {@link SecureRandom} class.
+ * <p>
* All the abstract methods in this class must be implemented by each
* service provider who wishes to supply the implementation
* of a cryptographically strong pseudo-random number generator.
*
+ * @implSpec
+ * If the {@link #SecureRandomSpi(SecureRandomParameters)}
+ * constructor is overridden in an implementation, it will always be called
+ * whenever a {@code SecureRandom} is instantiated. Precisely, if an object is
+ * instantiated with one of {@code SecureRandom}'s {@code getInstance} methods
+ * <em>without</em> a {@link SecureRandomParameters} parameter,
+ * the constructor will be called with a {@code null} argument and the
+ * implementation is responsible for creating its own
+ * {@code SecureRandomParameters} parameter for use when
+ * {@link #engineGetParameters()} is called. If an object
+ * is instantiated with one of {@code SecureRandom}'s {@code getInstance}
+ * methods <em>with</em> a {@code SecureRandomParameters} argument,
+ * the constructor will be called with that argument. The
+ * {@link #engineGetParameters()} method must not return {@code null}.
+ * <p>
+ * Otherwise, if the {@code SecureRandomSpi(SecureRandomParameters)}
+ * constructor is not overridden in an implementation, the
+ * {@link #SecureRandomSpi()} constructor must be overridden and it will be
+ * called if an object is instantiated with one of {@code SecureRandom}'s
+ * {@code getInstance} methods <em>without</em> a
+ * {@code SecureRandomParameters} argument. Calling one of
+ * {@code SecureRandom}'s {@code getInstance} methods <em>with</em>
+ * a {@code SecureRandomParameters} argument will never
+ * return an instance of this implementation. The
+ * {@link #engineGetParameters()} method must return {@code null}.
+ * <p>
+ * See {@link SecureRandom} for additional details on thread safety. By
+ * default, a {@code SecureRandomSpi} implementation is considered to be
+ * not safe for use by multiple concurrent threads and {@code SecureRandom}
+ * will synchronize access to each of the applicable engine methods
+ * (see {@link SecureRandom} for the list of methods). However, if a
+ * {@code SecureRandomSpi} implementation is thread-safe, the <a href=
+ * "{@docRoot}/../specs/security/standard-names.html#service-attributes">
+ * service provider attribute</a> "ThreadSafe" should be set to "true" during
+ * its registration, as follows:
+ * <blockquote><pre>
+ * put("SecureRandom.AlgName ThreadSafe", "true");</pre>
+ * </blockquote>
+ * or
+ * <blockquote><pre>
+ * putService(new Service(this, "SecureRandom", "AlgName", className,
+ * null, Map.of("ThreadSafe", "true")));</pre>
+ * </blockquote>
+ * {@code SecureRandom} will call the applicable engine methods
+ * without any synchronization.
*
- * @see SecureRandom
* @since 1.2
*/
public abstract class SecureRandomSpi implements java.io.Serializable {
+ @java.io.Serial
private static final long serialVersionUID = -2991854161009191830L;
/**
- * Reseeds this random object. The given seed supplements, rather than
- * replaces, the existing seed. Thus, repeated calls are guaranteed
- * never to reduce randomness.
+ * Constructor without a parameter.
+ */
+ public SecureRandomSpi() {
+ // ignored
+ }
+
+ /**
+ * Constructor with a parameter.
+ *
+ * @param params the {@link SecureRandomParameters} object.
+ * This argument can be {@code null}.
+ * @throws IllegalArgumentException if {@code params} is
+ * unrecognizable or unsupported by this {@code SecureRandom}
+ *
+ * @since 9
+ */
+ protected SecureRandomSpi(SecureRandomParameters params) {
+ // ignored
+ }
+
+ /**
+ * Reseeds this random object with the given seed. The seed supplements,
+ * rather than replaces, the existing seed. Thus, repeated calls
+ * are guaranteed never to reduce randomness.
*
* @param seed the seed.
*/
@@ -52,17 +119,45 @@
/**
* Generates a user-specified number of random bytes.
- *
- * <p> If a call to {@code engineSetSeed} had not occurred previously,
- * the first call to this method forces this SecureRandom implementation
- * to seed itself. This self-seeding will not occur if
- * {@code engineSetSeed} was previously called.
+ * <p>
+ * Some random number generators can only generate a limited amount
+ * of random bytes per invocation. If the size of {@code bytes}
+ * is greater than this limit, the implementation should invoke
+ * its generation process multiple times to completely fill the
+ * buffer before returning from this method.
*
* @param bytes the array to be filled in with random bytes.
*/
protected abstract void engineNextBytes(byte[] bytes);
/**
+ * Generates a user-specified number of random bytes with
+ * additional parameters.
+ * <p>
+ * Some random number generators can only generate a limited amount
+ * of random bytes per invocation. If the size of {@code bytes}
+ * is greater than this limit, the implementation should invoke
+ * its generation process multiple times to completely fill the
+ * buffer before returning from this method.
+ *
+ * @implSpec The default implementation throws
+ * an {@link UnsupportedOperationException}.
+ *
+ * @param bytes the array to be filled in with random bytes
+ * @param params additional parameters
+ * @throws UnsupportedOperationException if the implementation
+ * has not overridden this method
+ * @throws IllegalArgumentException if {@code params} is {@code null},
+ * illegal or unsupported by this {@code SecureRandom}
+ *
+ * @since 9
+ */
+ protected void engineNextBytes(
+ byte[] bytes, SecureRandomParameters params) {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
* Returns the given number of seed bytes. This call may be used to
* seed other random number generators.
*
@@ -70,5 +165,56 @@
*
* @return the seed bytes.
*/
- protected abstract byte[] engineGenerateSeed(int numBytes);
+ protected abstract byte[] engineGenerateSeed(int numBytes);
+
+ /**
+ * Reseeds this random object with entropy input read from its
+ * entropy source with additional parameters.
+ * <p>
+ * If this method is called by {@link SecureRandom#reseed()},
+ * {@code params} will be {@code null}.
+ * <p>
+ * Do not override this method if the implementation does not
+ * support reseeding.
+ *
+ * @implSpec The default implementation throws
+ * an {@link UnsupportedOperationException}.
+ *
+ * @param params extra parameters, can be {@code null}.
+ * @throws UnsupportedOperationException if the implementation
+ * has not overridden this method
+ * @throws IllegalArgumentException if {@code params} is
+ * illegal or unsupported by this {@code SecureRandom}
+ *
+ * @since 9
+ */
+ protected void engineReseed(SecureRandomParameters params) {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the effective {@link SecureRandomParameters} for this
+ * {@code SecureRandom} instance.
+ *
+ * @implSpec The default implementation returns {@code null}.
+ *
+ * @return the effective {@link SecureRandomParameters} parameters,
+ * or {@code null} if no parameters were used.
+ *
+ * @since 9
+ */
+ protected SecureRandomParameters engineGetParameters() {
+ return null;
+ }
+
+ /**
+ * Returns a Human-readable string representation of this
+ * {@code SecureRandom}.
+ *
+ * @return the string representation
+ */
+ @Override
+ public String toString() {
+ return getClass().getSimpleName();
+ }
}