1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-26 05:52:06 +01:00

Make StringUtils.randomString(int) use SecureRandom

This commit is contained in:
Florian Schmaus 2016-01-06 14:56:49 +01:00
parent f79a7d9d5f
commit 658a671cbe
6 changed files with 34 additions and 8 deletions

View file

@ -18,6 +18,7 @@
package org.jivesoftware.smack.util; package org.jivesoftware.smack.util;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.Collection; import java.util.Collection;
import java.util.Iterator; import java.util.Iterator;
import java.util.Random; import java.util.Random;
@ -174,7 +175,7 @@ public class StringUtils {
* @param length the desired length of the random String to return. * @param length the desired length of the random String to return.
* @return a random String of numbers and letters of the specified length. * @return a random String of numbers and letters of the specified length.
*/ */
public static String randomString(int length) { public static String insecureRandomString(int length) {
if (length < 1) { if (length < 1) {
return null; return null;
} }
@ -186,6 +187,31 @@ public class StringUtils {
return new String(randBuffer); return new String(randBuffer);
} }
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
public static String randomString(final int length) {
if (length < 1) {
return null;
}
byte[] randomBytes = new byte[length];
SECURE_RANDOM.nextBytes(randomBytes);
char[] randomChars = new char[length];
for (int i = 0; i < length; i++) {
randomChars[i] = getPrintableChar(randomBytes[i]);
}
return new String(randomChars);
}
private static char getPrintableChar(byte indexByte) {
assert(numbersAndLetters.length < Byte.MAX_VALUE * 2);
// Convert indexByte as it where an unsigned byte by promoting it to int
// and masking it with 0xff. Yields results from 0 - 254.
int index = indexByte & 0xff;
return numbersAndLetters[index % numbersAndLetters.length];
}
/** /**
* Returns true if CharSequence is not null and is not empty, false otherwise. * Returns true if CharSequence is not null and is not empty, false otherwise.
* Examples: * Examples:

View file

@ -42,8 +42,8 @@ public class IntTestUtil {
public static UsernameAndPassword registerAccount(XMPPConnection connection) public static UsernameAndPassword registerAccount(XMPPConnection connection)
throws NoResponseException, XMPPErrorException, NotConnectedException, throws NoResponseException, XMPPErrorException, NotConnectedException,
InterruptedException { InterruptedException {
return registerAccount(connection, StringUtils.randomString(12), return registerAccount(connection, StringUtils.insecureRandomString(12),
StringUtils.randomString(12)); StringUtils.insecureRandomString(12));
} }
public static UsernameAndPassword registerAccount(XMPPConnection connection, String username, public static UsernameAndPassword registerAccount(XMPPConnection connection, String username,

View file

@ -519,7 +519,7 @@ public class SmackIntegrationTestFramework {
accountUsername = USERNAME_PREFIX + '-' + middlefix + '-' +testRunResult.testRunId; accountUsername = USERNAME_PREFIX + '-' + middlefix + '-' +testRunResult.testRunId;
} }
if (StringUtils.isNullOrEmpty(accountPassword)) { if (StringUtils.isNullOrEmpty(accountPassword)) {
accountPassword = StringUtils.randomString(16); accountPassword = StringUtils.insecureRandomString(16);
} }
// @formatter:off // @formatter:off
Builder builder = XMPPTCPConnectionConfiguration.builder() Builder builder = XMPPTCPConnectionConfiguration.builder()
@ -584,7 +584,7 @@ public class SmackIntegrationTestFramework {
} }
public static final class TestRunResult { public static final class TestRunResult {
public final String testRunId = StringUtils.randomString(5); public final String testRunId = StringUtils.insecureRandomString(5);
private final List<SuccessfulTest> successfulTests = Collections.synchronizedList(new LinkedList<SuccessfulTest>()); private final List<SuccessfulTest> successfulTests = Collections.synchronizedList(new LinkedList<SuccessfulTest>());
private final List<FailedTest> failedIntegrationTests = Collections.synchronizedList(new LinkedList<FailedTest>()); private final List<FailedTest> failedIntegrationTests = Collections.synchronizedList(new LinkedList<FailedTest>());
private final List<TestNotPossible> impossibleTestMethods = Collections.synchronizedList(new LinkedList<TestNotPossible>()); private final List<TestNotPossible> impossibleTestMethods = Collections.synchronizedList(new LinkedList<TestNotPossible>());

View file

@ -52,7 +52,7 @@ public class LoginIntegrationTest extends AbstractSmackLowLevelIntegrationTest {
@SmackIntegrationTest @SmackIntegrationTest
public void testInvalidLogin() throws SmackException, IOException, XMPPException, public void testInvalidLogin() throws SmackException, IOException, XMPPException,
InterruptedException, KeyManagementException, NoSuchAlgorithmException { InterruptedException, KeyManagementException, NoSuchAlgorithmException {
final String nonExistentUserString = StringUtils.randomString(24); final String nonExistentUserString = StringUtils.insecureRandomString(24);
XMPPTCPConnectionConfiguration conf = getConnectionConfiguration().setUsernameAndPassword( XMPPTCPConnectionConfiguration conf = getConnectionConfiguration().setUsernameAndPassword(
nonExistentUserString, "invalidPassword").build(); nonExistentUserString, "invalidPassword").build();

View file

@ -43,7 +43,7 @@ public class FileTransferIntegrationTest extends AbstractSmackIntegrationTest {
ftManagerTwo = FileTransferManager.getInstanceFor(conTwo); ftManagerTwo = FileTransferManager.getInstanceFor(conTwo);
} }
private static final byte[] dataToSend = StringUtils.randomString(1024 * 4 * 5).getBytes(); private static final byte[] dataToSend = StringUtils.insecureRandomString(1024 * 4 * 5).getBytes();
@SmackIntegrationTest @SmackIntegrationTest
public void fileTransferTest() throws Exception { public void fileTransferTest() throws Exception {

View file

@ -39,7 +39,7 @@ import org.jxmpp.jid.parts.Resourcepart;
public class MultiUserChatIntegrationTest extends AbstractSmackIntegrationTest { public class MultiUserChatIntegrationTest extends AbstractSmackIntegrationTest {
private final String randomString = StringUtils.randomString(6); private final String randomString = StringUtils.insecureRandomString(6);
private final MultiUserChatManager mucManagerOne; private final MultiUserChatManager mucManagerOne;
private final MultiUserChatManager mucManagerTwo; private final MultiUserChatManager mucManagerTwo;