This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 44083 - Creating SecureRandom during bootstrap is expensive
Summary: Creating SecureRandom during bootstrap is expensive
Status: RESOLVED FIXED
Alias: None
Product: platform
Classification: Unclassified
Component: -- Other -- (show other bugs)
Version: 4.x
Hardware: PC Linux
: P3 blocker (vote)
Assignee: Jaroslav Tulach
URL:
Keywords: PERFORMANCE
Depends on:
Blocks: 70939
  Show dependency tree
 
Reported: 2004-06-01 10:01 UTC by _ rkubacki
Modified: 2008-12-22 23:38 UTC (History)
3 users (show)

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Sandip's mail (1.34 KB, text/plain)
2006-05-21 05:59 UTC, _ rkubacki 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description _ rkubacki 2004-06-01 10:01:46 UTC 
o.n.CLIHandler creates new SecureRandom to crypt
communication. This is sometimes very expensive.
If there is a problem with DNS it can take tens of
seconds or even minute before startup can proceed.
During this time
java.net.Inet4AddressImpl.getLocalHostName is
waiting for result and all other processing is
blocked.
Comment 1 Jesse Glick 2004-06-23 13:31:18 UTC 
Do you know how to reproduce?
Comment 2 Jaroslav Tulach 2004-06-23 14:33:14 UTC 
Why me? My original code used Random. You have introduce secure random
before merge of my branch for reasons I do not remember.
Comment 3 Jesse Glick 2004-06-23 16:04:11 UTC 
Well, because Random isn't secure, of course. :-) I know I added that
code but I thought you might have more time to look at it.
Comment 4 Jesse Glick 2004-07-14 23:10:38 UTC 
Haven't seen any details on when and why it is slow. No apparent
alternative anyway (need a secure random number here); if there is a
problem in the SecureRandom implementation it would need to be filed
as a JRE bug.
Comment 5 Tomas Danek 2005-07-27 12:35:37 UTC 
no further comments - closing.
Comment 6 _ rkubacki 2006-05-21 05:51:47 UTC 
Why is it slow: on Linux (and Solaris) it initializes network and resolves
hotsname through DNS. On my Ultra-20 this can take 0-10 seconds because for some
reason JRE thinks that I have IPv6 configured. Even without init of IPv6 it can
take similar time while talking to network. On Windows there is another
expensive operation that accesses I/O devices. I will attach Sandip's comment on
this.

If we really think we need to secure CLI handler let's move the init from
critical path of startup sequence. If we are lucky it can be processed
asynchronously sooner than another code tries to read InetAddress of machine
(IDESettings during  proxy updating - probably called as a side-effect when
checking for MDI/SDI mode, or AU module needs to know this data).
Comment 7 _ rkubacki 2006-05-21 05:59:02 UTC 
Created attachment 30533 [details]
Sandip's mail
Comment 8 Jesse Glick 2006-06-06 20:39:34 UTC 
CLIHandler is Yarda's code. Would be WONTFIX except for Radim's suggestion of
doing this initialization asynchronously - not sure if that is actually possible
in this case, but perhaps.
Comment 9 Jaroslav Tulach 2006-08-09 09:03:21 UTC 
SecureRandom is computed asynchronously.

/shared/data/ccvs/repository/core/bootstrap/src/org/netbeans/CLIHandler.java,v  
<--  CLIHandler.java
new revision: 1.46; previous revision: 1.45
done
Checking in test/unit/src/org/netbeans/CLIHowHardIsToGuessKeyTest.java;
/shared/data/ccvs/repository/core/bootstrap/test/unit/src/org/netbeans/CLIHowHardIsToGuessKeyTest.java,v  
<--  CLIHowHardIsToGuessKeyTest.java
new revision: 1.5; previous revision: 1.4
done
Checking in test/unit/src/org/netbeans/CLIHandlerTest.java;
/shared/data/ccvs/repository/core/bootstrap/test/unit/src/org/netbeans/CLIHandlerTest.java,v  
<--  CLIHandlerTest.java
new revision: 1.10; previous revision: 1.9
Comment 10 Jesse Glick 2006-08-09 15:51:13 UTC 
Not quite done:

1. apisupport/harness/release/run.xml still passes the now-obsolete switch

-J-Dorg.netbeans.CLIHandler.fast.random=true

2. And core/arch/arch-core-launcher.xml still mentions it.

Also, minor but: is the field/var identifier 'parael' supposed to mean
something? Did you mean 'parallel' perhaps?
Comment 11 Jaroslav Tulach 2006-08-09 16:50:51 UTC 
Should not the property be rather kept for apisupport puproses?
Comment 12 Jesse Glick 2006-08-09 17:06:32 UTC 
If you are doing the secure number generation asynch, then I don't see why
apisupport would need to have the tested app behave any differently than normal.
Issue #70939 was basically about wanting to avoid the performance hit for
security while developing an app, but if the performance hit is now gone, then
you might as well have the security.
Comment 13 Jaroslav Tulach 2006-08-10 05:22:36 UTC 
#44083: Removing friend api between CLIHandler and apisupport to speedup 
startup in development mode, as the startup shall be now fast enough"

Checking in core/arch/arch-core-launcher.xml;
/shared/data/ccvs/repository/core/arch/arch-core-launcher.xml,v  <--  
arch-core-launcher.xml
new revision: 1.47; previous revision: 1.46
done
Removing 
core/bootstrap/test/unit/src/org/netbeans/CLIDoesNotQuerySecureRandomTest.java;
/shared/data/ccvs/repository/core/bootstrap/test/unit/src/org/netbeans/CLIDoesNotQuerySecureRandomTest.java,v  
<--  CLIDoesNotQuerySecureRandomTest.java
new revision: delete; previous revision: 1.5
done
Checking in apisupport/harness/arch.xml;
/shared/data/ccvs/repository/apisupport/harness/arch.xml,v  <--  arch.xml
new revision: 1.6; previous revision: 1.5
done
Checking in apisupport/harness/release/run.xml;
/shared/data/ccvs/repository/apisupport/harness/release/run.xml,v  <--  
run.xml
new revision: 1.24; previous revision: 1.23