Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi
Interface Randomizer

All Known Implementing Classes:
DefaultRandomizer
public interface Randomizer

The Randomizer interface defines a set of methods for creating cryptographically random numbers and strings. Implementers should be sure to use a strong cryptographic implementation, such as the JCE or BouncyCastle. Weak sources of randomness can undermine a wide variety of security mechanisms. The specific algorithm used is configurable in ESAPI.properties.

Since:
June 1, 2007
Author:
Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

Method Summary
 boolean getRandomBoolean()
          Returns a random boolean.
 byte[] getRandomBytes(int n)
          Generates a specified number of random bytes.
 java.lang.String getRandomFilename(java.lang.String extension)
          Returns an unguessable random filename with the specified extension.
 java.lang.String getRandomGUID()
          Generates a random GUID.
 int getRandomInteger(int min, int max)
          Gets the random integer.
 long getRandomLong()
          Gets the random long.
 float getRandomReal(float min, float max)
          Gets the random real.
 java.lang.String getRandomString(int length, char[] characterSet)
          Gets a random string of a desired length and character set.
 

Method Detail

getRandomString

java.lang.String getRandomString(int length,
                                 char[] characterSet)
Gets a random string of a desired length and character set. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Parameters:
length - the length of the string
characterSet - the set of characters to include in the created random string
Returns:
the random string of the desired length and character set

getRandomBoolean

boolean getRandomBoolean()
Returns a random boolean. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Returns:
true or false, randomly

getRandomInteger

int getRandomInteger(int min,
                     int max)
Gets the random integer. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Parameters:
min - the minimum integer that will be returned
max - the maximum integer that will be returned
Returns:
the random integer

getRandomLong

long getRandomLong()
Gets the random long. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Returns:
the random long

getRandomFilename

java.lang.String getRandomFilename(java.lang.String extension)
Returns an unguessable random filename with the specified extension. This method could call getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset then merely append "." + extension.

Parameters:
extension - extension to add to the random filename
Returns:
a random unguessable filename ending with the specified extension

getRandomReal

float getRandomReal(float min,
                    float max)
Gets the random real. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Parameters:
min - the minimum real number that will be returned
max - the maximum real number that will be returned
Returns:
the random real

getRandomGUID

java.lang.String getRandomGUID()
                               throws EncryptionException
Generates a random GUID. This method could use a hash of random Strings, the current time, and any other random data available. The format is a well-defined sequence of 32 hex digits grouped into chunks of 8-4-4-4-12.

For more information including algorithms used to create UUIDs, see the Internet-Draft UUIDs and GUIDs or the standards body definition at ISO/IEC 11578:1996.

Returns:
the GUID
Throws:
EncryptionException - if hashing or encryption fails

getRandomBytes

byte[] getRandomBytes(int n)
Generates a specified number of random bytes.

Parameters:
n - The requested number of random bytes.
Returns:
The n random bytes are returned.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.