Smack 4.2.0

-----BEGIN PGP SIGNATURE-----
 
 iQGTBAABCgB9FiEEl3UFnzoh3OFr5PuuIjmn6PWFIFIFAljDKBtfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3
 NzUwNTlGM0EyMURDRTE2QkU0RkJBRTIyMzlBN0U4RjU4NTIwNTIACgkQIjmn6PWF
 IFJB7Qf6AlkwpzMqq1g18jzEBFVX/3Sk2QWivEY7t3EhGuSguan2VIfd1fL0P85Q
 vLBm6Pw93haIxHXKRUKc8DINwP9yuRMvUotCN2hYVgfqfByHGhDCJLTNZ9atncL5
 JToptfhdRy6kgljVZPtpXOMXKBvaO3QOuTuC5cmz8PlidsYw0yUnliPLQ36uPRWX
 eaEXXbgmkjJh35WjsaafD/uM86OCqZahfvEf3e8bkPzdAayd0OKU67+v0ArA9P2E
 CiRU5vfco/vt2Qo41aLLIEOjSFfVX6Xh/pXxfQvInMAxies0KRLi5vonOmfrWRmi
 uIblzcYRXCSaZSgVN2yF8KzmF4pzcw==
 =qETn
 -----END PGP SIGNATURE-----

Merge tag '4.2.0'

Smack 4.2.0

smack-core/src/main/java/org/jivesoftware/smack/sasl/core/ScramMechanism.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2014-2016 Florian Schmaus
+ * Copyright 2014-2017 Florian Schmaus
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@ import java.security.SecureRandom;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Random;
 
 import javax.security.auth.callback.CallbackHandler;
 
@@ -41,7 +42,12 @@ public abstract class ScramMechanism extends SASLMechanism {
     private static final byte[] SERVER_KEY_BYTES = toBytes("Server Key");
     private static final byte[] ONE = new byte[] { 0, 0, 0, 1 };
 
-    private static final SecureRandom RANDOM = new SecureRandom();
+    private static final ThreadLocal<SecureRandom> SECURE_RANDOM = new ThreadLocal<SecureRandom>() {
+        @Override
+        protected SecureRandom initialValue() {
+            return new SecureRandom();
+        }
+    };
 
     private static final Cache<String, Keys> CACHE = new LruCache<String, Keys>(10);
 
@@ -292,8 +298,9 @@ public abstract class ScramMechanism extends SASLMechanism {
     String getRandomAscii() {
         int count = 0;
         char[] randomAscii = new char[RANDOM_ASCII_BYTE_COUNT];
+        final Random random = SECURE_RANDOM.get();
         while (count < RANDOM_ASCII_BYTE_COUNT) {
-            int r = RANDOM.nextInt(128);
+            int r = random.nextInt(128);
             char c = (char) r;
             // RFC 5802 § 5.1 specifies 'r:' to exclude the ',' character and to be only printable ASCII characters
             if (!isPrintableNonCommaAsciiChar(c)) {

smack-core/src/main/java/org/jivesoftware/smack/util/ParserUtils.java

@@ -235,4 +235,19 @@ public class ParserUtils {
         return uri;
     }
 
+    public static String getRequiredAttribute(XmlPullParser parser, String name) throws IOException {
+        String value = parser.getAttributeValue("", name);
+        if (StringUtils.isNullOrEmpty(value)) {
+            throw new IOException("Attribute " + name + " is null or empty (" + value + ')');
+        }
+        return value;
+    }
+
+    public static String getRequiredNextText(XmlPullParser parser) throws XmlPullParserException, IOException {
+        String text = parser.nextText();
+        if (StringUtils.isNullOrEmpty(text)) {
+            throw new IOException("Next text is null or empty (" + text + ')');
+        }
+        return text;
+    }
 }

smack-core/src/main/java/org/jivesoftware/smack/util/StringUtils.java

@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2003-2007 Jive Software, 2016 Florian Schmaus.
+ * Copyright 2003-2007 Jive Software, 2016-2017 Florian Schmaus.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -271,7 +271,12 @@ public class StringUtils {
      * The Random class is not considered to be cryptographically secure, so
      * only use these random Strings for low to medium security applications.
      */
-    private static final Random randGen = new Random();
+    private static final ThreadLocal<Random> randGen = new ThreadLocal<Random>() {
+        @Override
+        protected Random initialValue() {
+            return new Random();
+        }
+    };
 
     /**
      * Array of numbers and letters of mixed case. Numbers appear in the list
@@ -299,15 +304,22 @@ public class StringUtils {
         if (length < 1) {
             return null;
         }
+
+        final Random random = randGen.get();
         // Create a char buffer to put random letters and numbers in.
         char [] randBuffer = new char[length];
         for (int i=0; i<randBuffer.length; i++) {
-            randBuffer[i] = numbersAndLetters[randGen.nextInt(numbersAndLetters.length)];
+            randBuffer[i] = numbersAndLetters[random.nextInt(numbersAndLetters.length)];
         }
         return new String(randBuffer);
     }
 
-    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
+    private static final ThreadLocal<SecureRandom> SECURE_RANDOM = new ThreadLocal<SecureRandom>() {
+        @Override
+        protected SecureRandom initialValue() {
+            return new SecureRandom();
+        }
+    };
 
     public static String randomString(final int length) {
         if (length < 1) {
@@ -315,7 +327,7 @@ public class StringUtils {
         }
 
         byte[] randomBytes = new byte[length];
-        SECURE_RANDOM.nextBytes(randomBytes);
+        SECURE_RANDOM.get().nextBytes(randomBytes);
         char[] randomChars = new char[length];
         for (int i = 0; i < length; i++) {
             randomChars[i] = getPrintableChar(randomBytes[i]);