diff --git a/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs b/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs index c86fc10f8..56cd1e7be 100644 --- a/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs +++ b/src/AWS.Deploy.ServerMode.Client/ServerModeHttpClient.cs @@ -36,6 +36,8 @@ public class ServerModeHttpClientAuthorizationHandler : HttpClientHandler private readonly Func> _credentialsGenerator; private readonly Aes? _aes; + private static readonly object AES_LOCK = new object(); + internal ServerModeHttpClientAuthorizationHandler(Func> credentialsGenerator, Aes? aes = null) { _credentialsGenerator = credentialsGenerator; @@ -73,8 +75,14 @@ public static void AddAuthorizationHeader(HttpRequestMessage request, ImmutableC string base64; if(aes != null) { - aes.GenerateIV(); - var encryptor = aes.CreateEncryptor(aes.Key, aes.IV); + byte[] iv; + lock (AES_LOCK) + { + aes.GenerateIV(); + iv = aes.IV; + } + + var encryptor = aes.CreateEncryptor(aes.Key, iv); using var inputStream = new MemoryStream(Encoding.UTF8.GetBytes(json)); using var outputStream = new MemoryStream(); @@ -83,7 +91,7 @@ public static void AddAuthorizationHeader(HttpRequestMessage request, ImmutableC inputStream.CopyTo(encryptStream); } - base64 = $"{Convert.ToBase64String(aes.IV)} {Convert.ToBase64String(outputStream.ToArray())}"; + base64 = $"{Convert.ToBase64String(iv)} {Convert.ToBase64String(outputStream.ToArray())}"; } else {