1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-12-22 20:47:57 +01:00

Make StringUtils.randomString(int) use SecureRandom

This commit is contained in:
Florian Schmaus 2016-01-06 14:56:49 +01:00
parent f79a7d9d5f
commit 658a671cbe
6 changed files with 34 additions and 8 deletions

View file

@ -18,6 +18,7 @@
package org.jivesoftware.smack.util;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.Iterator;
import java.util.Random;
@ -174,7 +175,7 @@ public class StringUtils {
* @param length the desired length of the random String to return.
* @return a random String of numbers and letters of the specified length.
*/
public static String randomString(int length) {
public static String insecureRandomString(int length) {
if (length < 1) {
return null;
}
@ -186,6 +187,31 @@ public class StringUtils {
return new String(randBuffer);
}
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
public static String randomString(final int length) {
if (length < 1) {
return null;
}
byte[] randomBytes = new byte[length];
SECURE_RANDOM.nextBytes(randomBytes);
char[] randomChars = new char[length];
for (int i = 0; i < length; i++) {
randomChars[i] = getPrintableChar(randomBytes[i]);
}
return new String(randomChars);
}
private static char getPrintableChar(byte indexByte) {
assert(numbersAndLetters.length < Byte.MAX_VALUE * 2);
// Convert indexByte as it where an unsigned byte by promoting it to int
// and masking it with 0xff. Yields results from 0 - 254.
int index = indexByte & 0xff;
return numbersAndLetters[index % numbersAndLetters.length];
}
/**
* Returns true if CharSequence is not null and is not empty, false otherwise.
* Examples:

View file

@ -42,8 +42,8 @@ public class IntTestUtil {
public static UsernameAndPassword registerAccount(XMPPConnection connection)
throws NoResponseException, XMPPErrorException, NotConnectedException,
InterruptedException {
return registerAccount(connection, StringUtils.randomString(12),
StringUtils.randomString(12));
return registerAccount(connection, StringUtils.insecureRandomString(12),
StringUtils.insecureRandomString(12));
}
public static UsernameAndPassword registerAccount(XMPPConnection connection, String username,

View file

@ -519,7 +519,7 @@ public class SmackIntegrationTestFramework {
accountUsername = USERNAME_PREFIX + '-' + middlefix + '-' +testRunResult.testRunId;
}
if (StringUtils.isNullOrEmpty(accountPassword)) {
accountPassword = StringUtils.randomString(16);
accountPassword = StringUtils.insecureRandomString(16);
}
// @formatter:off
Builder builder = XMPPTCPConnectionConfiguration.builder()
@ -584,7 +584,7 @@ public class SmackIntegrationTestFramework {
}
public static final class TestRunResult {
public final String testRunId = StringUtils.randomString(5);
public final String testRunId = StringUtils.insecureRandomString(5);
private final List<SuccessfulTest> successfulTests = Collections.synchronizedList(new LinkedList<SuccessfulTest>());
private final List<FailedTest> failedIntegrationTests = Collections.synchronizedList(new LinkedList<FailedTest>());
private final List<TestNotPossible> impossibleTestMethods = Collections.synchronizedList(new LinkedList<TestNotPossible>());

View file

@ -52,7 +52,7 @@ public class LoginIntegrationTest extends AbstractSmackLowLevelIntegrationTest {
@SmackIntegrationTest
public void testInvalidLogin() throws SmackException, IOException, XMPPException,
InterruptedException, KeyManagementException, NoSuchAlgorithmException {
final String nonExistentUserString = StringUtils.randomString(24);
final String nonExistentUserString = StringUtils.insecureRandomString(24);
XMPPTCPConnectionConfiguration conf = getConnectionConfiguration().setUsernameAndPassword(
nonExistentUserString, "invalidPassword").build();

View file

@ -43,7 +43,7 @@ public class FileTransferIntegrationTest extends AbstractSmackIntegrationTest {
ftManagerTwo = FileTransferManager.getInstanceFor(conTwo);
}
private static final byte[] dataToSend = StringUtils.randomString(1024 * 4 * 5).getBytes();
private static final byte[] dataToSend = StringUtils.insecureRandomString(1024 * 4 * 5).getBytes();
@SmackIntegrationTest
public void fileTransferTest() throws Exception {

View file

@ -39,7 +39,7 @@ import org.jxmpp.jid.parts.Resourcepart;
public class MultiUserChatIntegrationTest extends AbstractSmackIntegrationTest {
private final String randomString = StringUtils.randomString(6);
private final String randomString = StringUtils.insecureRandomString(6);
private final MultiUserChatManager mucManagerOne;
private final MultiUserChatManager mucManagerTwo;