Oh, stupid, stupid me. I screwed-up the
SecureRandom service provider implementation in Qwicap 1.4b3 by doing nothing more than setting the visibility modifier on my subclass of
SecureRandomSpi to "package", rather than
public. (As always, I was trying to keep as much out of the public API as possible.) Having just written and used nearly identical code in another project, and because I couldn't readily create a JUnit test for anything that depended on the environment provided by an application server, I put the code in without testing it, thereby compounding my mistake with a "what could go wrong?" attitude. Of course, when we actually came to use the one project that utilized that service provider this morning, exceptions were thrown, and time wasted.
That mistake has been corrected in the just-released version 1.4b4. Also corrected is a mistake in the Javadocs that explain how to get a
SecureRandom instance based on Qwicap's provider. Also, I found a way to create a JUnit test for the visibility-modifier induced bug, so I won't re-create it in the future.
SecureRandom service provider was a feature new to 1.4b3, I'm the only one who has had time to create any code that depends on it, so this bug won't affect any existing Qwicap users. Still, it's embarassing.