From d7a87faaf130b6aca9194e9603eed710fa81b782 Mon Sep 17 00:00:00 2001
From: Amir Vakili <114409643+amirhosv@users.noreply.github.com>
Date: Thu, 27 Jun 2024 16:24:00 -0400
Subject: [PATCH] Undoing PR 376 (#388)

+ With PR 376, when ACCP is set as the first provider and immediately
  new SecureRandom is used, the SecureRandom will not be backed by ACCP.
+ A unit test is modified to check that new SecureRandom immediately after
  install is backed by ACCP.
---
 CHANGELOG.md                                  |  5 +++++
 build.gradle                                  |  2 +-
 examples/gradle-kt-dsl/lib/build.gradle.kts   |  2 +-
 .../AmazonCorrettoCryptoProvider.java         | 21 ++++---------------
 .../test/TestProviderInstallation.java        |  6 +++---
 5 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c75bb915..2cb8a381 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 2.4.1
+
+### Patch
+* [PR 388: Revert PR 376](https://github.com/corretto/amazon-corretto-crypto-provider/pull/388)
+
 ## 2.4.0
 
 ### Minor
diff --git a/build.gradle b/build.gradle
index b1d50644..17b7f59c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,7 +13,7 @@ plugins {
 }
 
 group = 'software.amazon.cryptools'
-version = '2.4.0'
+version = '2.4.1'
 ext.isFips = Boolean.getBoolean('FIPS')
 if (ext.isFips) {
     ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.13'
diff --git a/examples/gradle-kt-dsl/lib/build.gradle.kts b/examples/gradle-kt-dsl/lib/build.gradle.kts
index 0f8b877f..eead2716 100644
--- a/examples/gradle-kt-dsl/lib/build.gradle.kts
+++ b/examples/gradle-kt-dsl/lib/build.gradle.kts
@@ -1,4 +1,4 @@
-val accpVersion = "2.4.0"
+val accpVersion = "2.4.1"
 val accpLocalJar: String by project
 val fips: Boolean by project
 val PLATFORMS_WITHOUT_FIPS_SUPPORT = setOf("osx-x86_64", "osx-aarch_64")
diff --git a/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java b/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java
index c67f8d75..eb646098 100644
--- a/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java
+++ b/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java
@@ -145,23 +145,10 @@ private void buildServiceMap() {
               "DEFAULT")
           .setSelfTest(LibCryptoRng.SPI.SELF_TEST);
 
-      // Following lines are a workaround to ensure that the SecureRandom service
-      // is seen as ThreadSafe by SecureRandom, when using the alias name DEFAULT
-      // See https://bugs.openjdk.org/browse/JDK-8329754
-
-      // We add additional tests to confirm the DEFAULT algorithm is actually ThreadSafe
-      // This is to prevent issues in case a future code change set DEFAULT to a non-ThreadSafe
-      // algorithm
-
-      // Get the name of the algorithm pointed by the alias name DEFAULT
-      String algorithmUsedForDEFAULT = getProperty("Alg.Alias.SecureRandom.DEFAULT");
-      // If this alias exists and the algorithm pointed by it is thread safe, then mark DEFAULT
-      // ThreadSafe
-      if (algorithmUsedForDEFAULT != null
-          && "true"
-              .equals(getProperty("SecureRandom." + algorithmUsedForDEFAULT + " ThreadSafe"))) {
-        setProperty("SecureRandom.DEFAULT ThreadSafe", "true");
-      }
+      // If we `setProperty("SecureRandom.DEFAULT ThreadSafe", "true")`, then
+      // TestProviderInstallation::testProviderInstallation fails. The unique thing about this test
+      // is that it does `new SecureRandom` immediately after installing ACCP and expects to be
+      // backed by ACCP.
     }
 
     addSignatures();
diff --git a/tst/com/amazon/corretto/crypto/provider/test/TestProviderInstallation.java b/tst/com/amazon/corretto/crypto/provider/test/TestProviderInstallation.java
index 2effaa20..96e1e43b 100644
--- a/tst/com/amazon/corretto/crypto/provider/test/TestProviderInstallation.java
+++ b/tst/com/amazon/corretto/crypto/provider/test/TestProviderInstallation.java
@@ -15,6 +15,7 @@
 import java.io.ObjectOutputStream;
 import java.security.MessageDigest;
 import java.security.Provider;
+import java.security.SecureRandom;
 import java.security.Security;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.Test;
@@ -48,6 +49,8 @@ public void testProviderInstallation() throws Exception {
 
     AmazonCorrettoCryptoProvider.install();
 
+    assertEquals("AmazonCorrettoCryptoProvider", new SecureRandom().getProvider().getName());
+
     assertEquals(
         "AmazonCorrettoCryptoProvider",
         MessageDigest.getInstance("SHA-256").getProvider().getName());
@@ -99,8 +102,5 @@ public void testSecureRandomThreadSafe() {
     assertEquals(
         "true",
         AmazonCorrettoCryptoProvider.INSTANCE.getProperty("SecureRandom.LibCryptoRng ThreadSafe"));
-    assertEquals(
-        "true",
-        AmazonCorrettoCryptoProvider.INSTANCE.getProperty("SecureRandom.DEFAULT ThreadSafe"));
   }
 }