Caching upgrades, better native support, clean up

core/src/main/java/org/eclipsefoundation/core/helper/CSRFHelper.java

@@ -4,7 +4,6 @@ import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
-import javax.annotation.PostConstruct;
 import javax.inject.Singleton;
 
 import org.eclipse.microprofile.config.inject.ConfigProperty;
@@ -25,7 +24,6 @@ import io.undertow.util.HexConverter;
 @Singleton
 public final class CSRFHelper {
     public static final Logger LOGGER = LoggerFactory.getLogger(CSRFHelper.class);
-    public static final String CSRF_HEADER_NAME = "x-csrf-token";
 
     @ConfigProperty(name = "security.token.salt", defaultValue = "short-salt")
     String salt;
@@ -36,12 +34,6 @@ public final class CSRFHelper {
     // cryptographically secure random number generator
     private SecureRandom rnd;
 
-    @PostConstruct
-    void init() {
-        // create a secure Random impl using salt + timestamp bytes
-        rnd = new SecureRandom(Long.toString(System.currentTimeMillis()).getBytes());
-    }
-
     /**
      * Generate a new CSRF token that has been hardened to make it more difficult to predict.
      *
@@ -49,7 +41,7 @@ public final class CSRFHelper {
      */
     public String getNewCSRFToken() {
         // use a random value salted with a configured static value
-        byte[] bytes = rnd.generateSeed(24);
+        byte[] bytes = rnd().generateSeed(24);
         String secureRnd = new String(bytes);
         // create a secure random secret to embed in the user session
         String preHash = secureRnd + salt;
@@ -88,4 +80,11 @@ public final class CSRFHelper {
             }
         }
     }
+
+    private SecureRandom rnd() {
+        if (this.rnd == null) {
+            this.rnd = new SecureRandom(Long.toString(System.currentTimeMillis()).getBytes());
+        }
+        return rnd;
+    }
 }