vanitasvitae/Smack
1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2025-09-09 09:09:38 +02:00
Code Issues Releases Wiki Activity

Add secure(OnlineAttackSafe|Unique|OfflineAttackSafe)RandomString()

Browse source 
and replace usages of java.util.UUID in Smack with
secureUniqueRandomString() because it uses a thread-local secure random
number generator.
This commit is contained in:
Florian Schmaus 2019-06-02 19:56:56 +02:00
parent 58fc39714f
commit 619b8e6f4a
8 changed files with 89 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

7
smack-extensions/src/main/java/org/jivesoftware/smackx/bytestreams/ibb/InBandBytestreamManager.java
View file

@ -20,7 +20,6 @@ import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
@ -36,6 +35,7 @@ import org.jivesoftware.smack.XMPPException;
import org.jivesoftware.smack.XMPPException.XMPPErrorException;
import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.packet.StanzaError;
import org.jivesoftware.smack.util.StringUtils;
import org.jivesoftware.smackx.bytestreams.BytestreamListener;
import org.jivesoftware.smackx.bytestreams.BytestreamManager;
@ -138,9 +138,6 @@ public final class InBandBytestreamManager extends Manager implements Bytestream
/* prefix used to generate session IDs */
private static final String SESSION_ID_PREFIX = "jibb_";
/* random generator to create session IDs */
private static final Random randomGenerator = new Random();
/* stores one InBandBytestreamManager for each XMPP connection */
private static final Map<XMPPConnection, InBandBytestreamManager> managers = new WeakHashMap<>();
@ -490,7 +487,7 @@ public final class InBandBytestreamManager extends Manager implements Bytestream
private static String getNextSessionID() {
StringBuilder buffer = new StringBuilder();
buffer.append(SESSION_ID_PREFIX);
buffer.append(randomGenerator.nextInt(Integer.MAX_VALUE) + randomGenerator.nextInt(Integer.MAX_VALUE));
buffer.append(StringUtils.secureOnlineAttackSafeRandomString());
return buffer.toString();
}

7
smack-extensions/src/main/java/org/jivesoftware/smackx/bytestreams/socks5/Socks5BytestreamManager.java
View file

@ -24,7 +24,6 @@ import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
@ -44,6 +43,7 @@ import org.jivesoftware.smack.XMPPException.XMPPErrorException;
import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.packet.Stanza;
import org.jivesoftware.smack.packet.StanzaError;
import org.jivesoftware.smack.util.StringUtils;
import org.jivesoftware.smackx.bytestreams.BytestreamListener;
import org.jivesoftware.smackx.bytestreams.BytestreamManager;
@ -114,9 +114,6 @@ public final class Socks5BytestreamManager extends Manager implements Bytestream
/* prefix used to generate session IDs */
private static final String SESSION_ID_PREFIX = "js5_";
/* random generator to create session IDs */
private static final Random randomGenerator = new Random();
/* stores one Socks5BytestreamManager for each XMPP connection */
private static final Map<XMPPConnection, Socks5BytestreamManager> managers = new WeakHashMap<>();
@ -759,7 +756,7 @@ public final class Socks5BytestreamManager extends Manager implements Bytestream
private static String getNextSessionID() {
StringBuilder buffer = new StringBuilder();
buffer.append(SESSION_ID_PREFIX);
buffer.append(randomGenerator.nextInt(Integer.MAX_VALUE) + randomGenerator.nextInt(Integer.MAX_VALUE));
buffer.append(StringUtils.secureOnlineAttackSafeRandomString());
return buffer.toString();
}