ssh: use a single SecureRandom instance for hashing hostnames

According to Spotbugs, that's better practice. It's questionable
whether it makes a big difference, though, especially since the
hash is the cryptographically weak SHA1.

Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
index 85e406f4224ccc387c3a12294e9b47d113708bd5..d8bf449acf028c6f104263564d77db2a26243c80 100644 (file)
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
@@ -34,6 +34,7 @@ import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.Random;
 import java.util.TreeSet;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Supplier;
@@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase
 
        private final List<HostKeyFile> defaultFiles = new ArrayList<>();
 
+       private Random prng;
+
        /**
         * Creates a new {@link OpenSshServerKeyDatabase}.
         *
@@ -680,7 +683,9 @@ public class OpenSshServerKeyDatabase
                        // or to Apache MINA sshd.
                        NamedFactory<Mac> digester = KnownHostDigest.SHA1;
                        Mac mac = digester.create();
-                       SecureRandom prng = new SecureRandom();
+                       if (prng == null) {
+                               prng = new SecureRandom();
+                       }
                        byte[] salt = new byte[mac.getDefaultBlockSize()];
                        for (SshdSocketAddress address : patterns) {
                                if (result.length() > 0) {