You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by jc...@apache.org on 2008/08/19 22:27:18 UTC
svn commit: r687144 -
/wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java
Author: jcompagner
Date: Tue Aug 19 13:27:18 2008
New Revision: 687144
URL: http://svn.apache.org/viewvc?rev=687144&view=rev
Log:
bad bad igor, going on vacation with a broken build!
Modified:
wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java
Modified: wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java
URL: http://svn.apache.org/viewvc/wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java?rev=687144&r1=687143&r2=687144&view=diff
==============================================================================
--- wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java (original)
+++ wicket/branches/wicket-1.3.x/jdk-1.4/wicket/src/main/java/org/apache/wicket/util/crypt/KeyInSessionSunJceCryptFactory.java Tue Aug 19 13:27:18 2008
@@ -16,7 +16,7 @@
*/
package org.apache.wicket.util.crypt;
-import java.util.UUID;
+import java.security.SecureRandom;
import javax.servlet.http.HttpSession;
@@ -34,6 +34,8 @@
*/
public class KeyInSessionSunJceCryptFactory implements ICryptFactory
{
+ private static SecureRandom numberGenerator;
+
public ICrypt newCrypt()
{
WebRequestCycle rc = (WebRequestCycle)RequestCycle.get();
@@ -47,7 +49,7 @@
if (key == null)
{
// generate new key
- key = session.getId() + "." + UUID.randomUUID().toString();
+ key = session.getId() + "." + randomUUIDString();
session.setAttribute(keyAttr, key);
}
@@ -56,4 +58,38 @@
crypt.setKey(key);
return crypt;
}
+
+ private static String randomUUIDString()
+ {
+ SecureRandom ng = numberGenerator;
+ if (ng == null)
+ {
+ numberGenerator = ng = new SecureRandom();
+ }
+
+ byte[] randomBytes = new byte[16];
+ ng.nextBytes(randomBytes);
+ randomBytes[6] &= 0x0f; /* clear version */
+ randomBytes[6] |= 0x40; /* set to version 4 */
+ randomBytes[8] &= 0x3f; /* clear variant */
+ randomBytes[8] |= 0x80; /* set to IETF variant */
+
+ long mostSigBits = 0;
+ long leastSigBits = 0;
+ for (int i = 0; i < 8; i++)
+ mostSigBits = (mostSigBits << 8) | (randomBytes[i] & 0xff);
+ for (int i = 8; i < 16; i++)
+ leastSigBits = (leastSigBits << 8) | (randomBytes[i] & 0xff);
+
+
+ return (digits(mostSigBits >> 32, 8) + "-" + digits(mostSigBits >> 16, 4) + "-" +
+ digits(mostSigBits, 4) + "-" + digits(leastSigBits >> 48, 4) + "-" + digits(
+ leastSigBits, 12));
+ }
+
+ private static String digits(long val, int digits)
+ {
+ long hi = 1L << (digits * 4);
+ return Long.toHexString(hi | (val & (hi - 1))).substring(1);
+ }
}