org.owasp.esapi.reference
Class DefaultRandomizer

java.lang.Object
  org.owasp.esapi.reference.DefaultRandomizer

All Implemented Interfaces:

Randomizer

public class DefaultRandomizer
extends java.lang.Object
implements Randomizer

Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.

Since:

June 1, 2007

Author:

Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

See Also:

Randomizer

Method Summary

static Randomizer	getInstance()
boolean	getRandomBoolean() Returns a random boolean.
byte[]	getRandomBytes(int n) Generates a specified number of random bytes.
java.lang.String	getRandomFilename(java.lang.String extension) Returns an unguessable random filename with the specified extension.
java.lang.String	getRandomGUID() Generates a random GUID.
int	getRandomInteger(int min, int max) Gets the random integer.
long	getRandomLong() Gets the random long.
float	getRandomReal(float min, float max) Gets the random real.
java.lang.String	getRandomString(int length, char[] characterSet) Gets a random string of a desired length and character set.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static Randomizer getInstance()

getRandomString

public java.lang.String getRandomString(int length,
                                        char[] characterSet)

Gets a random string of a desired length and character set. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Specified by:

getRandomString in interface Randomizer

Parameters:

length - the length of the string

characterSet - the set of characters to include in the created random string

Returns:

the random string of the desired length and character set

getRandomBoolean

public boolean getRandomBoolean()

Returns a random boolean. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Specified by:

getRandomBoolean in interface Randomizer

Returns:

true or false, randomly

getRandomInteger

public int getRandomInteger(int min,
                            int max)

Gets the random integer. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Specified by:

getRandomInteger in interface Randomizer

Parameters:

min - the minimum integer that will be returned

max - the maximum integer that will be returned

Returns:

the random integer

getRandomLong

public long getRandomLong()

Gets the random long. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Specified by:

getRandomLong in interface Randomizer

Returns:

the random long

getRandomReal

public float getRandomReal(float min,
                           float max)

Gets the random real. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.

Specified by:

getRandomReal in interface Randomizer

Parameters:

min - the minimum real number that will be returned

max - the maximum real number that will be returned

Returns:

the random real

getRandomFilename

public java.lang.String getRandomFilename(java.lang.String extension)

Returns an unguessable random filename with the specified extension. This method could call getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset then merely append "." + extension.

Specified by:

getRandomFilename in interface Randomizer

Parameters:

extension - extension to add to the random filename

Returns:

a random unguessable filename ending with the specified extension

getRandomGUID

public java.lang.String getRandomGUID()
                               throws EncryptionException

Generates a random GUID. This method could use a hash of random Strings, the current time, and any other random data available. The format is a well-defined sequence of 32 hex digits grouped into chunks of 8-4-4-4-12.

For more information including algorithms used to create UUIDs, see the Internet-Draft UUIDs and GUIDs or the standards body definition at ISO/IEC 11578:1996.

Specified by:

getRandomGUID in interface Randomizer

Returns:

the GUID

Throws:

EncryptionException - if hashing or encryption fails

getRandomBytes

public byte[] getRandomBytes(int n)

Generates a specified number of random bytes.

Specified by:

getRandomBytes in interface Randomizer

Parameters:

n - The requested number of random bytes.

Returns:

The n random bytes are returned.