By using a static holder, we can leave method contracts
as-is and still maintain the performance benefit.
Issue gh-17824
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Creating a new SecureRandom instance on every call causes
unnecessary performance overhead. This change:
- Deprecates BCrypt.gensalt(String, int) method
- Modifies BCryptPasswordEncoder constructors to create
and reuse SecureRandom instances
- Maintains backward compatibility
All existing tests pass.
Closes gh-17824
Signed-off-by: Yerin Lee <rt8632@naver.com>
Previously the RsaSecretEncryptorTests were flaky because the assumed that a BadPaddigException would be thrown
when using things like different salt. However, given that the tests had random inputs (e.g. keys) there is the
possibility that, despite the fact that it can never be properly decrypted, the final bytes look like a valid
encrypted value.
This updates the tests to ensure that decrypt either throws an Exception or is not equal to the original
plaintext.
This commit reorders the originally changed boolean logic so that it returns
false early, as it did before. This allows the change to remain small and also
keeps the most complex logical statements outside of the if statement.
Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Apply the javadoc-warnings-error plugin to spring-security-crypto to
ensure that new Javadoc warnings fail the build and prevent regressions.
Closes gh-18450
Signed-off-by: Jeongwon Been <congcoding@gmail.com>
Wrap bit-shift expressions in {@code ...} so that Javadoc does not parse
'<' as HTML and emit invalid input warnings.
Signed-off-by: Jeongwon Been <congcoding@gmail.com>
This follows the new convention of using include-code going forward to
ensure that the documentation compiles and is tested. This also corrected
a few errors in custom params for Ballooning and PBKDF2 examples.
Issue gh-17706
The Spring portfolio is changing to use <inception-year>-present in
the copyright headers to simplify keeping headers up to date. This
commit updates the headers and the checkstyle accordingly.
The commit updated etc/checkstyle/header.txt
It also updated the copyright headers using the following find/replace:
Find: (Copyright \d{4})\s*(\-\d{4})? the original author or authors.
Replace: Copyright 2004-present the original author or authors.
Closes gh-17633
Since this is going to be merged into Spring Security 7 (a major release) and AESFastEngine is deprecated,
we should no longer support it (as it will likely be removed from Bouncy Castle)
- Update AESEngine to use the default AES engine, following BouncyCastle's recommendations
(see release-1-56 of changelog: https://www.bouncycastle.org/download/bouncy-castle-java/?filter=java%3Drelease-1-56).
- Migrate to the latest API 'newInstance()' method to allow removal of @SuppressWarnings("deprecation")
- Remove @SuppressWarnings("deprecation")
Josh Cummings