Remove redundant key generation in tests

scm-webapp/src/test/java/sonia/scm/security/BearerRealmTest.java

@@ -61,7 +61,6 @@ import sonia.scm.user.UserDAO;
 import sonia.scm.user.UserTestData;
 
 import javax.crypto.spec.SecretKeySpec;
-import java.security.SecureRandom;
 import java.util.Date;
 import java.util.Set;
 
@@ -71,6 +70,7 @@ import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.when;
+import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
 
 /**
  * Unit tests for {@link BearerRealm}.
@@ -256,12 +256,6 @@ private String createCompactToken(String subject, SecureKey key) {
       .compact();
   }
 
-  private SecureKey createSecureKey() {
-    byte[] bytes = new byte[32];
-    random.nextBytes(bytes);
-    return new SecureKey(bytes, System.currentTimeMillis());
-  }
-
   private void resolveKey(SecureKey key) {
     when(
       keyResolver.resolveSigningKey(
@@ -279,9 +273,6 @@ private String createCompactToken(String subject, SecureKey key) {
 
   //~--- fields ---------------------------------------------------------------
   
-  /** Field description */
-  private final SecureRandom random = new SecureRandom();
-
   @InjectMocks
   private DAORealmHelperFactory helperFactory;
   

scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenBuilderTest.java

@@ -44,7 +44,6 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import java.util.Random;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
@@ -56,6 +55,7 @@ import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.anyString;
 import static org.mockito.Mockito.when;
+import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
 
 /**
  * Unit test for {@link JwtAccessTokenBuilder}.
@@ -162,11 +162,4 @@ public class JwtAccessTokenBuilderTest {
     assertEquals("b", token.getCustom("a").get());
     assertEquals("[\"repo:*\"]", token.getScope().toString());
   }
-  
-  private SecureKey createSecureKey() {
-    byte[] bytes = new byte[32];
-    new Random().nextBytes(bytes);
-    return new SecureKey(bytes, System.currentTimeMillis());
-  }
-
 }

scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenRefresherTest.java

@@ -14,7 +14,6 @@ import java.time.Clock;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Optional;
-import java.util.Random;
 
 import static java.time.Duration.ofMinutes;
 import static java.time.temporal.ChronoUnit.SECONDS;
@@ -23,6 +22,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
 
 @SubjectAware(
   username = "user",
@@ -52,10 +52,7 @@ public class JwtAccessTokenRefresherTest {
 
   @Before
   public void initKeyResolver() {
-    byte[] bytes = new byte[256];
-    new Random().nextBytes(bytes);
-    SecureKey secureKey = new SecureKey(bytes, System.currentTimeMillis());
-    when(keyResolver.getSecureKey(any())).thenReturn(secureKey);
+    when(keyResolver.getSecureKey(any())).thenReturn(createSecureKey());
 
     Clock creationClock = mock(Clock.class);
     when(creationClock.instant()).thenReturn(TOKEN_CREATION);

scm-webapp/src/test/java/sonia/scm/security/JwtAccessTokenResolverTest.java

@@ -56,6 +56,8 @@ import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import static org.mockito.Mockito.*;
+import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
+
 import org.mockito.junit.MockitoJUnitRunner;
 
 /**
@@ -214,12 +216,6 @@ public class JwtAccessTokenResolverTest {
       .compact();
   }
   
-  private SecureKey createSecureKey() {
-    byte[] bytes = new byte[32];
-    random.nextBytes(bytes);
-    return new SecureKey(bytes, System.currentTimeMillis());
-  }
-  
   private void resolveKey(SecureKey key) {
     when(
       keyResolver.resolveSigningKey(

scm-webapp/src/test/java/sonia/scm/security/PercentageJwtAccessTokenRefreshStrategyTest.java

@@ -9,7 +9,6 @@ import org.junit.Test;
 import java.time.Clock;
 import java.time.Instant;
 import java.util.Collections;
-import java.util.Random;
 
 import static java.time.temporal.ChronoUnit.MINUTES;
 import static java.time.temporal.ChronoUnit.SECONDS;
@@ -18,6 +17,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static sonia.scm.security.SecureKeyTestUtil.createSecureKey;
 
 @SubjectAware(
   username = "user",
@@ -41,10 +41,7 @@ public class PercentageJwtAccessTokenRefreshStrategyTest {
   @Before
   public void initToken() {
     SecureKeyResolver keyResolver = mock(SecureKeyResolver.class);
-    byte[] bytes = new byte[256];
-    new Random().nextBytes(bytes);
-    SecureKey secureKey = new SecureKey(bytes, System.currentTimeMillis());
-    when(keyResolver.getSecureKey(any())).thenReturn(secureKey);
+    when(keyResolver.getSecureKey(any())).thenReturn(createSecureKey());
 
     Clock creationClock = mock(Clock.class);
     when(creationClock.instant()).thenReturn(TOKEN_CREATION);

scm-webapp/src/test/java/sonia/scm/security/SecureKeyTestUtil.java

@@ -0,0 +1,11 @@
+package sonia.scm.security;
+
+import java.security.SecureRandom;
+
+public class SecureKeyTestUtil {
+  public static SecureKey createSecureKey() {
+    byte[] bytes = new byte[32];
+    new SecureRandom().nextBytes(bytes);
+    return new SecureKey(bytes, System.currentTimeMillis());
+  }
+}