CAMEL-23879: Add SecureRandomHelper to camel-util, consolidate all SecureRandom usage#24374
CAMEL-23879: Add SecureRandomHelper to camel-util, consolidate all SecureRandom usage#24374gnodet wants to merge 4 commits into
Conversation
|
🌟 Thank you for your contribution to the Apache Camel project! 🌟 🐫 Apache Camel Committers, please review the following items:
|
|
🧪 CI tested the following changed modules:
🔬 Scalpel shadow comparison — Scalpel: 644 tested, 29 compile-only — current: 558 all testedMaveniverse Scalpel detected 673 affected modules (current approach: 558).
|
7d7e0f2 to
a3f47e6
Compare
There was a problem hiding this comment.
Pull request overview
This PR introduces a shared SecureRandom facility in camel-util (SecureRandomHelper) and updates multiple Camel modules (notably camel-pqc, plus camel-support and camel-main) to reuse that shared instance instead of repeatedly allocating new SecureRandom(). It also documents the intended framework guidance in design/security.adoc.
Changes:
- Added
org.apache.camel.util.SecureRandomHelperexposing a sharedSecureRandominstance. - Replaced per-call
new SecureRandom()usage acrosscamel-pqcand a few core classes withSecureRandomHelper.getSecureRandom(). - Added a “Shared SecureRandom” section to the security design documentation describing rationale and usage guidance.
Reviewed changes
Copilot reviewed 29 out of 29 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| design/security.adoc | Documents the new “Shared SecureRandom” approach and usage guidance. |
| core/camel-util/src/main/java/org/apache/camel/util/SecureRandomHelper.java | New helper exposing a shared SecureRandom instance for internal use. |
| core/camel-support/src/main/java/org/apache/camel/converter/stream/CipherPair.java | Uses shared SecureRandom for KeyGenerator initialization. |
| core/camel-main/src/main/java/org/apache/camel/main/SelfSignedCertificateGenerator.java | Uses shared SecureRandom for key generation and certificate serial number generation. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/PQCProducer.java | Uses shared SecureRandom for KEM encapsulation/extraction initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/HashicorpVaultKeyLifecycleManager.java | Uses shared SecureRandom for key pair generation initialization paths. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/FileBasedKeyLifecycleManager.java | Uses shared SecureRandom for key pair generation initialization paths. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/AwsSecretsManagerKeyLifecycleManager.java | Uses shared SecureRandom for key pair generation initialization paths. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/dataformat/PQCDataFormat.java | Uses shared SecureRandom for KEM operations and nonce generation. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultXMSSMTMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultXMSSMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultSPHINCSPLUSMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultSLHDSAMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultMLDSAMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultSNTRUPrimeMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultSABERMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultNTRUMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultNTRULPRimeMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultMLKEMMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultKYBERMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultHQCMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultFRODOMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultCMCEMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultBIKEMaterial.java | Uses shared SecureRandom for KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/hybrid/PQCDefaultX25519MLKEMMaterial.java | Uses shared SecureRandom for PQC KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/hybrid/PQCDefaultEd25519MLDSAMaterial.java | Uses shared SecureRandom for PQC KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/hybrid/PQCDefaultECDSAMLDSAMaterial.java | Uses shared SecureRandom for ECDSA and PQC KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/hybrid/PQCDefaultECDHMLKEMMaterial.java | Uses shared SecureRandom for ECDH and PQC KPG initialization. |
| components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/hybrid/HybridKEM.java | Uses shared SecureRandom for KEM generator initialization and EC ephemeral key generation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| * Provides a shared {@link SecureRandom} instance for use across Camel. | ||
| * <p> | ||
| * {@code SecureRandom} is thread-safe but heavyweight to instantiate — each {@code new SecureRandom()} call gathers OS | ||
| * entropy. Reusing a single instance avoids repeated initialization overhead while maintaining cryptographic security | ||
| * guarantees. |
| Since Java 9, the default `SecureRandom` implementation uses DRBG (Deterministic Random Bit | ||
| Generator) which handles concurrent access efficiently. A single shared instance is both safe and | ||
| performant. |
| `SecureRandomHelper` in `camel-util` provides a shared instance via a static getter: | ||
|
|
||
| [source,java] | ||
| ---- | ||
| import org.apache.camel.util.SecureRandomHelper; |
| `java.security.SecureRandom` is thread-safe but heavyweight to instantiate: each `new SecureRandom()` | ||
| call gathers OS entropy (reads from `/dev/urandom` on Linux, `CryptGenRandom` on Windows). Creating | ||
| a fresh instance per call is wasteful and measurably slows down startup when many components | ||
| initialize cryptographic material (e.g., `camel-pqc` had ~40 separate allocations). | ||
|
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SecureRandom is thread-safe but heavyweight to instantiate (OS entropy gathering). The camel-pqc module had ~40 separate new SecureRandom() calls scattered across producers, data formats, lifecycle managers, and test material classes, each paying the initialization cost. Introduce PQCSecureRandom utility class with a single shared instance and replace all per-call allocations across 25 files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move the shared SecureRandom from PQC-specific utility to a framework utility in camel-util (SecureRandomHelper.getSecureRandom()). This makes it available to all Camel modules without each component reinventing its own holder. Consumers updated: - camel-pqc: all 25 files now use SecureRandomHelper (PQCSecureRandom deleted) - camel-support: CipherPair - camel-main: SelfSignedCertificateGenerator Also document the pattern and rationale in design/security.adoc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the private static field and parameter threading — just call SecureRandomHelper.getSecureRandom() directly at each usage site. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
a3f47e6 to
4f88e6b
Compare
Summary
Claude Code on behalf of Guillaume Nodet
Fixes https://issues.apache.org/jira/browse/CAMEL-23879
SecureRandomis thread-safe but heavyweight to instantiate — eachnew SecureRandom()call gathers OS entropy. Multiple Camel modules were creating ad-hoc instances per call, paying that cost repeatedly.This PR introduces a framework-level
SecureRandomHelperincamel-utilwith a single shared instance exposed viagetSecureRandom(), then wires all existing call sites to use it.New:
SecureRandomHelper(camel-util)Consumers updated
new SecureRandom()→SecureRandomHelper.getSecureRandom()across producers, data formats, lifecycle managers, KEM/signature material classesCipherPair— keygen initializationSelfSignedCertificateGenerator— key generation + cert signingDesign documentation
Added "Shared SecureRandom" section to
design/security.adoccovering:SecureRandomParameters,getInstanceStrong(), test code)Why not
RandomGenerator.of()?JCA APIs (
KeyPairGenerator.initialize(),KEMGenerateSpec()) requireSecureRandomspecifically —RandomGeneratoris not a valid substitute.SonarCloud
Resolves S2119 ("SecureRandom should not be created per-call") across all affected files as a side benefit.
Test plan
mvn clean install -Dquickly— camel-util, camel-support, camel-pqc all compilenew SecureRandom()remains outside SecureRandomHelper itself🤖 Generated with Claude Code