You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2017/09/27 02:18:07 UTC
[15/29] incubator-guacamole-client git commit: GUACAMOLE-210: Use
cryptographically-sound nonce generator.
GUACAMOLE-210: Use cryptographically-sound nonce generator.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/9159ca42
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/9159ca42
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/9159ca42
Branch: refs/heads/master
Commit: 9159ca4289cc1a13d78afdea17067c64b7ea27d8
Parents: d27ba44
Author: Michael Jumper <mj...@apache.org>
Authored: Mon Jun 13 00:01:08 2016 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Mon Sep 25 13:06:43 2017 -0700
----------------------------------------------------------------------
.../auth/oauth/form/OAuthTokenField.java | 22 ++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/9159ca42/extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/oauth/form/OAuthTokenField.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/oauth/form/OAuthTokenField.java b/extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/oauth/form/OAuthTokenField.java
index 84484e5..5d6599f 100644
--- a/extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/oauth/form/OAuthTokenField.java
+++ b/extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/oauth/form/OAuthTokenField.java
@@ -20,8 +20,9 @@
package org.apache.guacamole.auth.oauth.form;
import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
import java.net.URLEncoder;
-import java.util.UUID;
+import java.security.SecureRandom;
import org.apache.guacamole.form.Field;
/**
@@ -43,6 +44,23 @@ public class OAuthTokenField extends Field {
private final String authorizationURI;
/**
+ * Cryptographically-secure random number generator for generating the
+ * required nonce.
+ */
+ private static final SecureRandom random = new SecureRandom();
+
+ /**
+ * Generates a cryptographically-secure nonce value. The nonce is intended
+ * to be used to prevent replay attacks.
+ *
+ * @return
+ * A cryptographically-secure nonce value.
+ */
+ private static String generateNonce() {
+ return new BigInteger(130, random).toString(32);
+ }
+
+ /**
* Creates a new OAuth "id_token" field which links to the given OAuth
* service using the provided client ID. Successful authentication at the
* OAuth service will result in the client being redirected to the specified
@@ -76,7 +94,7 @@ public class OAuthTokenField extends Field {
+ "&response_type=id_token"
+ "&client_id=" + URLEncoder.encode(clientID, "UTF-8")
+ "&redirect_uri=" + URLEncoder.encode(redirectURI, "UTF-8")
- + "&nonce=" + UUID.randomUUID().toString();
+ + "&nonce=" + generateNonce();
}
// Java is required to provide UTF-8 support