vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Introduce RandomUtil 

and use it in EncryptedOpenPgpContentElement
This commit is contained in:
Florian Schmaus 2019-03-25 12:07:01 +01:00
parent 927eb5e7d7
commit 14f288a763
3 changed files with 52 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
smack-core/src/main/java/org/jivesoftware/smack/util/RandomUtil.java Normal file
View File

@ -0,0 +1,46 @@
/**
*
* Copyright 2003-2007 Jive Software, 2016-2019 Florian Schmaus.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.util;
import java.security.SecureRandom;
import java.util.Random;
public class RandomUtil {
static final ThreadLocal<SecureRandom> SECURE_RANDOM = new ThreadLocal<SecureRandom>() {
@Override
protected SecureRandom initialValue() {
return new SecureRandom();
}
};
/**
* Pseudo-random number generator object for use with randomString().
* The Random class is not considered to be cryptographically secure, so
* only use these random Strings for low to medium security applications.
*/
static final ThreadLocal<Random> RANDOM = new ThreadLocal<Random>() {
@Override
protected Random initialValue() {
return new Random();
}
};
public static int nextSecureRandomInt(int bound) {
return SECURE_RANDOM.get().nextInt(bound);
}
}

26
smack-core/src/main/java/org/jivesoftware/smack/util/StringUtils.java
View File

@ -1,6 +1,6 @@
/** /**
* *
* Copyright 2003-2007 Jive Software, 2016-2018 Florian Schmaus. * Copyright 2003-2007 Jive Software, 2016-2019 Florian Schmaus.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,7 +18,6 @@
package org.jivesoftware.smack.util; package org.jivesoftware.smack.util;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.Collection; import java.util.Collection;
import java.util.Iterator; import java.util.Iterator;
import java.util.Random; import java.util.Random;
@ -253,18 +252,6 @@ public class StringUtils {
} }
} }
/**
* Pseudo-random number generator object for use with randomString().
* The Random class is not considered to be cryptographically secure, so
* only use these random Strings for low to medium security applications.
*/
private static final ThreadLocal<Random> randGen = new ThreadLocal<Random>() {
@Override
protected Random initialValue() {
return new Random();
}
};
/** /**
* Array of numbers and letters of mixed case. Numbers appear in the list * Array of numbers and letters of mixed case. Numbers appear in the list
* twice so that there is a more equal chance that a number will be picked. * twice so that there is a more equal chance that a number will be picked.
@ -288,18 +275,11 @@ public class StringUtils {
* @return a random String of numbers and letters of the specified length. * @return a random String of numbers and letters of the specified length.
*/ */
public static String insecureRandomString(int length) { public static String insecureRandomString(int length) {
return randomString(length, randGen.get()); return randomString(length, RandomUtil.RANDOM.get());
} }
private static final ThreadLocal<SecureRandom> SECURE_RANDOM = new ThreadLocal<SecureRandom>() {
@Override
protected SecureRandom initialValue() {
return new SecureRandom();
}
};
public static String randomString(final int length) { public static String randomString(final int length) {
return randomString(length, SECURE_RANDOM.get()); return randomString(length, RandomUtil.SECURE_RANDOM.get());
} }
public static String randomString(final int length, Random random) { public static String randomString(final int length, Random random) {

7
smack-openpgp/src/main/java/org/jivesoftware/smackx/ox/element/EncryptedOpenPgpContentElement.java
View File

@ -1,6 +1,6 @@
/** /**
* *
* Copyright 2017 Florian Schmaus, 2018 Paul Schaub. * Copyright 2017-2019 Florian Schmaus, 2018 Paul Schaub.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,13 +16,13 @@
*/ */
package org.jivesoftware.smackx.ox.element; package org.jivesoftware.smackx.ox.element;
import java.security.SecureRandom;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import org.jivesoftware.smack.packet.ExtensionElement; import org.jivesoftware.smack.packet.ExtensionElement;
import org.jivesoftware.smack.util.Objects; import org.jivesoftware.smack.util.Objects;
import org.jivesoftware.smack.util.RandomUtil;
import org.jivesoftware.smack.util.StringUtils; import org.jivesoftware.smack.util.StringUtils;
import org.jivesoftware.smack.util.XmlStringBuilder; import org.jivesoftware.smack.util.XmlStringBuilder;
@ -53,8 +53,7 @@ public abstract class EncryptedOpenPgpContentElement extends OpenPgpContentEleme
} }
private static String createRandomPadding() { private static String createRandomPadding() {
SecureRandom secRan = new SecureRandom(); int len = RandomUtil.nextSecureRandomInt(256);
int len = secRan.nextInt(256);
return StringUtils.randomString(len); return StringUtils.randomString(len);
} }