我无法检查您的OpenJDK具体版本,但可以检查jdk6-b33。
SecureRandom使用SeedGenerator获取种子字节
public byte[] engineGenerateSeed(int numBytes) { byte[] b = new byte[numBytes]; SeedGenerator.generateSeed(b); return b;}SeedGenerator
seedSource从SunEntries获取(String)
String egdSource = SunEntries.getSeedSource();
SunEntries尝试
java.security.egd首先从系统属性获取源,如果找不到,则尝试
securerandom.source从
java.security属性文件获取属性,如果找不到属性,则返回空白字符串。
// name of the *System* property, takes precedence over PROP_RNDSOURCEprivate final static String PROP_EGD = "java.security.egd";// name of the *Security* propertyprivate final static String PROP_RNDSOURCE = "securerandom.source";final static String URL_DEV_RANDOM = "file:/dev/random";final static String URL_DEV_URANDOM = "file:/dev/urandom";private static final String seedSource;static { seedSource = AccessController.doPrivileged( new PrivilegedAction<String>() { public String run() { String egdSource = System.getProperty(PROP_EGD, ""); if (egdSource.length() != 0) { return egdSource; } egdSource = Security.getProperty(PROP_RNDSOURCE); if (egdSource == null) { return ""; } return egdSource; } });}在
SeedGenerator检查该值初始化该实例
// Static instance is created at link timeprivate static SeedGenerator instance;private static final Debug debug = Debug.getInstance("provider");final static String URL_DEV_RANDOM = SunEntries.URL_DEV_RANDOM;final static String URL_DEV_URANDOM = SunEntries.URL_DEV_URANDOM;// Static initializer to hook in selected or best performing generatorstatic { String egdSource = SunEntries.getSeedSource(); // Try the URL specifying the source // e.g. file:/dev/random // // The URL file:/dev/random or file:/dev/urandom is used to indicate // the SeedGenerator using OS support, if available. // On Windows, the causes MS CryptoAPI to be used. // On Solaris and Linux, this is the identical to using // URLSeedGenerator to read from /dev/random if (egdSource.equals(URL_DEV_RANDOM) || egdSource.equals(URL_DEV_URANDOM)) { try { instance = new NativeSeedGenerator(); if (debug != null) { debug.println("Using operating system seed generator"); } } catch (IOException e) { if (debug != null) { debug.println("Failed to use operating system seed " + "generator: " + e.toString()); } } } else if (egdSource.length() != 0) { try { instance = new URLSeedGenerator(egdSource); if (debug != null) { debug.println("Using URL seed generator reading from " + egdSource); } } catch (IOException e) { if (debug != null) debug.println("Failed to create seed generator with " + egdSource + ": " + e.toString()); } } // Fall back to ThreadedSeedGenerator if (instance == null) { if (debug != null) { debug.println("Using default threaded seed generator"); } instance = new ThreadedSeedGenerator(); }}如果来源是
final static String URL_DEV_RANDOM = "file:/dev/random";
要么
final static String URL_DEV_URANDOM = "file:/dev/urandom"
使用
NativeSeedGenerator,在Windows上尝试使用原生
CryptoAPILinux上的类简单地扩展
SeedGenerator.URLSeedGenerator
package sun.security.provider;import java.io.IOException;class NativeSeedGenerator extends SeedGenerator.URLSeedGenerator { NativeSeedGenerator() throws IOException { super(); }}并调用
/dev/random默认加载的超类构造函数
URLSeedGenerator() throws IOException { this(SeedGenerator.URL_DEV_RANDOM);}因此,
/dev/random在您未在系统属性
java.security.egd或
securerandom.source安全属性文件的属性中设置另一个值之前,OpenJDK
默认使用。
如果要使用阅读结果
strace,可以更改命令行并添加
trace=open,read表达式
sudo strace -o a.strace -f -e trace=open,read java class
您可以看到类似的内容(我使用Oracle JDK 6进行了测试)
13225 open("/dev/random", O_RDONLY) = 813225 read(8, "@", 1) = 113225 read(3, "PK34n�����RyzB36320267325u4��u4�� ���", 30) = 30........如果您在启动过程中遇到延迟,请参阅“ Tomcat Wiki”部分中有关启动更快的建议,使用/ dev / urandom之类的非阻塞熵源
更多信息:https
:
//wiki.apache.org/tomcat/HowTo/FasterStartUp#Entropy_Source
希望这可以帮助。
