You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by jc...@apache.org on 2008/08/19 22:27:18 UTC

svn commit: r687144 - /wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java

Author: jcompagner
Date: Tue Aug 19 13:27:18 2008
New Revision: 687144

URL: http://svn.apache.org/viewvc?rev=687144&view=rev
Log:
bad bad igor, going on vacation with a broken build!

Modified:
    wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java

Modified: wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java
URL: http://svn.apache.org/viewvc/wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java?rev=687144&r1=687143&r2=687144&view=diff
==============================================================================
--- wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java (original)
+++ wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java Tue Aug 19 13:27:18 2008
@@ -16,7 +16,7 @@
  */
 package org.apache.wicket.util.crypt;
 
-import java.util.UUID;
+import java.security.SecureRandom;
 
 import javax.servlet.http.HttpSession;
 
@@ -34,6 +34,8 @@
  */
 public class KeyInSessionSunJceCryptFactory implements ICryptFactory
 {
+	private static SecureRandom numberGenerator;
+
 	public ICrypt newCrypt()
 	{
 		WebRequestCycle rc = (WebRequestCycle)RequestCycle.get();
@@ -47,7 +49,7 @@
 		if (key == null)
 		{
 			// generate new key
-			key = session.getId() + "." + UUID.randomUUID().toString();
+			key = session.getId() + "." + randomUUIDString();
 			session.setAttribute(keyAttr, key);
 		}
 
@@ -56,4 +58,38 @@
 		crypt.setKey(key);
 		return crypt;
 	}
+
+	private static String randomUUIDString()
+	{
+		SecureRandom ng = numberGenerator;
+		if (ng == null)
+		{
+			numberGenerator = ng = new SecureRandom();
+		}
+
+		byte[] randomBytes = new byte[16];
+		ng.nextBytes(randomBytes);
+		randomBytes[6] &= 0x0f; /* clear version */
+		randomBytes[6] |= 0x40; /* set to version 4 */
+		randomBytes[8] &= 0x3f; /* clear variant */
+		randomBytes[8] |= 0x80; /* set to IETF variant */
+
+		long mostSigBits = 0;
+		long leastSigBits = 0;
+		for (int i = 0; i < 8; i++)
+			mostSigBits = (mostSigBits << 8) | (randomBytes[i] & 0xff);
+		for (int i = 8; i < 16; i++)
+			leastSigBits = (leastSigBits << 8) | (randomBytes[i] & 0xff);
+
+
+		return (digits(mostSigBits >> 32, 8) + "-" + digits(mostSigBits >> 16, 4) + "-" +
+			digits(mostSigBits, 4) + "-" + digits(leastSigBits >> 48, 4) + "-" + digits(
+			leastSigBits, 12));
+	}
+
+	private static String digits(long val, int digits)
+	{
+		long hi = 1L << (digits * 4);
+		return Long.toHexString(hi | (val & (hi - 1))).substring(1);
+	}
 }