eclipse-hawkbit · avgustinmm · Jan 30, 2026 · Jan 30, 2026
diff --git a/...tory-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/RandomGeneratedInputStream.java b/...tory-jpa/src/test/java/org/eclipse/hawkbit/repository/jpa/RandomGeneratedInputStream.java
@@ -14,12 +14,9 @@
 import java.security.SecureRandom;
 import java.util.Random;
 
-/**
- *
- */
-public class RandomGeneratedInputStream extends InputStream {
+import org.eclipse.hawkbit.repository.test.util.TestdataFactory;
 
-    private final Random random = new SecureRandom();
+public class RandomGeneratedInputStream extends InputStream {
 
     /** Target size of the stream. */
     private final long size;
@@ -42,7 +39,6 @@ public int read() throws IOException {
 
         index++;
 
-        return random.nextInt(255);
+        return TestdataFactory.SECURE_RND.nextInt(255);
     }
-
-}
+}
diff --git a/...epository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/TargetTestData.java b/...epository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/TargetTestData.java
@@ -9,8 +9,7 @@
  */
 package org.eclipse.hawkbit.repository.test.util;
 
-import java.security.SecureRandom;
-import java.util.Random;
+import static org.eclipse.hawkbit.repository.test.util.TestdataFactory.SECURE_RND;
 
 import lombok.NoArgsConstructor;
 import org.eclipse.hawkbit.repository.model.Target;
@@ -24,20 +23,19 @@ public class TargetTestData {
     public static final String ATTRIBUTE_VALUE_VALID;
 
     static {
-        final Random rand = new SecureRandom();
-        ATTRIBUTE_KEY_TOO_LONG = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_KEY_SIZE + 1, rand);
-        ATTRIBUTE_KEY_VALID = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_KEY_SIZE, rand);
-        ATTRIBUTE_VALUE_TOO_LONG = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_VALUE_SIZE + 1, rand);
-        ATTRIBUTE_VALUE_VALID = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_VALUE_SIZE, rand);
+        ATTRIBUTE_KEY_TOO_LONG = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_KEY_SIZE + 1);
+        ATTRIBUTE_KEY_VALID = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_KEY_SIZE);
+        ATTRIBUTE_VALUE_TOO_LONG = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_VALUE_SIZE + 1);
+        ATTRIBUTE_VALUE_VALID = generateRandomStringWithLength(Target.CONTROLLER_ATTRIBUTE_MAX_VALUE_SIZE);
     }
 
-    private static String generateRandomStringWithLength(final int length, final Random rand) {
+    private static String generateRandomStringWithLength(final int length) {
         final StringBuilder randomStringBuilder = new StringBuilder(length);
         final int lowercaseACode = 97;
         final int lowercaseZCode = 122;
 
         for (int i = 0; i < length; i++) {
-            final char randomCharacter = (char) (rand.nextInt(lowercaseZCode - lowercaseACode + 1) + lowercaseACode);
+            final char randomCharacter = (char) (SECURE_RND.nextInt(lowercaseZCode - lowercaseACode + 1) + lowercaseACode);
             randomStringBuilder.append(randomCharacter);
         }
         return randomStringBuilder.toString();

diff --git a/...pository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/TestdataFactory.java b/...pository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/TestdataFactory.java
@@ -93,6 +93,7 @@ public class TestdataFactory {
 
     @SuppressWarnings("java:S2245") // used for tests only, no need of secure random
     public static final Random RND = new Random();
+    public static final SecureRandom SECURE_RND = new SecureRandom();
 
     public static final String VISIBLE_SM_MD_KEY = "visibleMetdataKey";
     public static final String VISIBLE_SM_MD_VALUE = "visibleMetdataValue";
@@ -309,22 +310,22 @@ public DistributionSet createDistributionSet(final String prefix, final String v
                 SoftwareModuleManagement.Create.builder()
                         .type(findOrCreateSoftwareModuleType(SM_TYPE_APP, Integer.MAX_VALUE))
                         .name(prefix + SM_TYPE_APP)
-                        .version(version + "." + new SecureRandom().nextInt(100))
+                        .version(version + "." + SECURE_RND.nextInt(100))
                         .description(randomDescriptionLong())
                         .vendor(prefix + " vendor Limited, California")
                         .build());
         final SoftwareModule runtimeMod = softwareModuleManagement
                 .create(SoftwareModuleManagement.Create.builder()
                         .type(findOrCreateSoftwareModuleType(SM_TYPE_RT))
                         .name(prefix + "app runtime")
-                        .version(version + "." + new SecureRandom().nextInt(100))
+                        .version(version + "." + SECURE_RND.nextInt(100))
                         .description(randomDescriptionLong()).vendor(prefix + " vendor GmbH, Stuttgart, Germany")
                         .build());
         final SoftwareModule osMod = softwareModuleManagement
                 .create(SoftwareModuleManagement.Create.builder()
                         .type(findOrCreateSoftwareModuleType(SM_TYPE_OS))
                         .name(prefix + " Firmware")
-                        .version(version + "." + new SecureRandom().nextInt(100))
+                        .version(version + "." + SECURE_RND.nextInt(100))
                         .description(randomDescriptionLong()).vendor(prefix + " vendor Limited Inc, California")
                         .build());
 

diff --git a/hawkbit-sdk/hawkbit-sdk-commons/src/main/java/org/eclipse/hawkbit/sdk/HawkbitClient.java b/hawkbit-sdk/hawkbit-sdk-commons/src/main/java/org/eclipse/hawkbit/sdk/HawkbitClient.java
@@ -20,7 +20,8 @@
 import java.lang.reflect.ParameterizedType;
 import java.lang.reflect.Proxy;
 import java.net.HttpURLConnection;
-import java.net.URL;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
@@ -263,7 +264,7 @@ private <T> T proxy(final Class<T> serviceType, final T service, final Tenant te
     private Object callMultipartFormDataRequest(
             final Method method, final Object[] args,
             final Tenant tenant, final Controller controller,
-            final Class<?>[] parameterTypes, final ObjectMapper objectMapper) throws IOException {
+            final Class<?>[] parameterTypes, final ObjectMapper objectMapper) throws URISyntaxException, IOException {
         final PostMapping postMapping = method.getAnnotation(PostMapping.class);
         final Annotation[][] parametersAnnotations = method.getParameterAnnotations();
         // build path - replace @PathVariables
@@ -275,8 +276,8 @@ private Object callMultipartFormDataRequest(
             }
         }
 
-        final HttpURLConnection conn = (HttpURLConnection) new URL(
-                (controller == null ? hawkBitServer.getMgmtUrl() : hawkBitServer.getDdiUrl()) + path).openConnection();
+        final HttpURLConnection conn = (HttpURLConnection) new URI(
+                (controller == null ? hawkBitServer.getMgmtUrl() : hawkBitServer.getDdiUrl()) + path).toURL().openConnection();
         conn.setRequestMethod("POST");
 
         // deal with authentication - only from headers1
@@ -407,15 +408,6 @@ private static <T extends Annotation> T getAnnotation(final Class<T> annotationC
         return null;
     }
 
-    private static final String KEYSTORE_PASSWORD;
-
-    static {
-        final Random random = new SecureRandom();
-        final byte[] bytes = new byte[16];
-        random.nextBytes(bytes);
-        KEYSTORE_PASSWORD = Base64.getEncoder().encodeToString(bytes);
-    }
-
     private static final Map<HttpClientKey, HttpClientWrapper> HTTP_CLIENTS = new HashMap<>();
 
     private static HttpClient httpClient(final HttpClientKey key) {
@@ -430,7 +422,7 @@ private static HttpClient httpClient(final HttpClientKey key) {
                     try {
                         builder.setConnectionManager(
                                 PoolingHttpClientConnectionManagerBuilder.create()
-                                        .setTlsSocketStrategy(getTlsSocketStragegy(key.getClientCertificate(), key.getServerCertificates()))
+                                        .setTlsSocketStrategy(getTlsSocketStrategy(key.getClientCertificate(), key.getServerCertificates()))
                                         .build());
                     } catch (final RuntimeException e) {
                         throw e;
@@ -448,12 +440,17 @@ private static HttpClient httpClient(final HttpClientKey key) {
         }
     }
 
-    private static TlsSocketStrategy getTlsSocketStragegy(final Certificate clientCertificate, final X509Certificate[] serverCertificates)
+    private static final Random SECURE_RND = new SecureRandom();
+
+    private static TlsSocketStrategy getTlsSocketStrategy(final Certificate clientCertificate, final X509Certificate[] serverCertificates)
             throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, CertificateException,
             IOException {
         final SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
         if (clientCertificate != null) {
-            sslContextBuilder.loadKeyMaterial(clientCertificate.toKeyStore(KEYSTORE_PASSWORD), KEYSTORE_PASSWORD.toCharArray());
+            final byte[] bytes = new byte[16];
+            SECURE_RND.nextBytes(bytes);
+            final String keystorePassword = Base64.getEncoder().encodeToString(bytes);
+            sslContextBuilder.loadKeyMaterial(clientCertificate.toKeyStore(keystorePassword), keystorePassword.toCharArray());
         }
         if (serverCertificates == null) {
             // trust all

diff --git a/...awkbit-sdk-mgmt/src/main/java/org/eclipse/hawkbit/sdk/mgmt/AuthenticationSetupHelper.java b/...awkbit-sdk-mgmt/src/main/java/org/eclipse/hawkbit/sdk/mgmt/AuthenticationSetupHelper.java
@@ -44,7 +44,7 @@ public class AuthenticationSetupHelper {
     private static final String AUTHENTICATION_MODE_HEADER_ENABLED = "authentication.header.enabled";
     private static final String AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME = "authentication.header.authority";
 
-    private static final Random RND = new SecureRandom();
+    private static final Random SECURE_RND = new SecureRandom();
 
     @NonNull
     private final Tenant tenant;
@@ -53,7 +53,7 @@ public class AuthenticationSetupHelper {
 
     public static String randomToken() {
         final byte[] rnd = new byte[24];
-        RND.nextBytes(rnd);
+        SECURE_RND.nextBytes(rnd);
         return Base64.getEncoder().encodeToString(rnd);
     }
 

diff --git a/hawkbit-sdk/pom.xml b/hawkbit-sdk/pom.xml
@@ -24,7 +24,7 @@
     <name>hawkBit :: SDK :: Parent</name>
 
     <properties>
-        <spring-cloud-starter-openfeign.version>4.3.0</spring-cloud-starter-openfeign.version>
+        <spring-cloud-starter-openfeign.version>4.3.1</spring-cloud-starter-openfeign.version>
         <openfeign-hc5.version>13.6</openfeign-hc5.version>
         <bouncycastle.version>1.83</bouncycastle.version>
         <java.version>${java.client.version}</java.version>