Package org.owasp.esapi.reference
Class DefaultRandomizer
- java.lang.Object
-
- org.owasp.esapi.reference.DefaultRandomizer
-
- All Implemented Interfaces:
Randomizer
public class DefaultRandomizer extends java.lang.Object implements Randomizer
Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Randomizer
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Randomizer
getInstance()
boolean
getRandomBoolean()
Returns a random boolean.byte[]
getRandomBytes(int n)
Generates a specified number of random bytes.java.lang.String
getRandomFilename(java.lang.String extension)
Returns an unguessable random filename with the specified extension.java.lang.String
getRandomGUID()
Generates a random GUID.int
getRandomInteger(int min, int max)
Gets the random integer.long
getRandomLong()
Gets the random long.float
getRandomReal(float min, float max)
Gets the random real.java.lang.String
getRandomString(int length, char[] characterSet)
Gets a random string of a desired length and character set.
-
-
-
Method Detail
-
getInstance
public static Randomizer getInstance()
-
getRandomString
public java.lang.String getRandomString(int length, char[] characterSet)
Gets a random string of a desired length and character set. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Specified by:
getRandomString
in interfaceRandomizer
- Parameters:
length
- the length of the stringcharacterSet
- the set of characters to include in the created random string- Returns:
- the random string of the desired length and character set
-
getRandomBoolean
public boolean getRandomBoolean()
Returns a random boolean. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Specified by:
getRandomBoolean
in interfaceRandomizer
- Returns:
- true or false, randomly
-
getRandomInteger
public int getRandomInteger(int min, int max)
Gets the random integer. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Specified by:
getRandomInteger
in interfaceRandomizer
- Parameters:
min
- the minimum integer that will be returnedmax
- the maximum integer that will be returned- Returns:
- the random integer
-
getRandomLong
public long getRandomLong()
Gets the random long. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Specified by:
getRandomLong
in interfaceRandomizer
- Returns:
- the random long
-
getRandomReal
public float getRandomReal(float min, float max)
Gets the random real. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Specified by:
getRandomReal
in interfaceRandomizer
- Parameters:
min
- the minimum real number that will be returnedmax
- the maximum real number that will be returned- Returns:
- the random real
-
getRandomFilename
public java.lang.String getRandomFilename(java.lang.String extension)
Returns an unguessable random filename with the specified extension. This method could call getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset then merely append "." + extension.- Specified by:
getRandomFilename
in interfaceRandomizer
- Parameters:
extension
- extension to add to the random filename- Returns:
- a random unguessable filename ending with the specified extension
-
getRandomGUID
public java.lang.String getRandomGUID() throws EncryptionException
Generates a random GUID. This method could use a hash of random Strings, the current time, and any other random data available. The format is a well-defined sequence of 32 hex digits grouped into chunks of 8-4-4-4-12.For more information including algorithms used to create UUIDs, see the Internet-Draft UUIDs and GUIDs or the standards body definition at ISO/IEC 11578:1996.
- Specified by:
getRandomGUID
in interfaceRandomizer
- Returns:
- the GUID
- Throws:
EncryptionException
- if hashing or encryption fails
-
getRandomBytes
public byte[] getRandomBytes(int n)
Generates a specified number of random bytes.- Specified by:
getRandomBytes
in interfaceRandomizer
- Parameters:
n
- The requested number of random bytes.- Returns:
- The
n
random bytes are returned.
-
-