Better password generation

git-svn-id: https://svn.apache.org/repos/asf/syncope/trunk@1596537 13f79535-47bb-0310-9956-ffa450edef68

core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java

@@ -20,7 +20,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import org.apache.commons.lang3.RandomStringUtils;
+
 import org.apache.commons.lang3.StringUtils;
 import org.apache.syncope.common.types.PasswordPolicySpec;
 import org.apache.syncope.core.persistence.beans.ExternalResource;
@@ -30,6 +30,7 @@
 import org.apache.syncope.core.persistence.dao.PolicyDAO;
 import org.apache.syncope.core.policy.PolicyPattern;
 import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
+import org.apache.syncope.core.util.SecureRandomUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -41,7 +42,7 @@
 @Component
 public class PasswordGenerator {
 
-    private static final String[] SPECIAL_CHARS = {"", "!", "£", "%", "&", "(", ")", "?", "#", "_", "$"};
+    private static final char[] SPECIAL_CHARS = {'!', '£', '%', '&', '(', ')', '?', '#', '$'};
 
     @Autowired
     private PolicyDAO policyDAO;
@@ -216,56 +217,51 @@ private String generate(final PasswordPolicySpec policySpec) {
         //filled empty chars
         for (int firstEmptyChar = firstEmptyChar(generatedPassword);
                 firstEmptyChar < generatedPassword.length - 1; firstEmptyChar++) {
-            generatedPassword[firstEmptyChar] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[firstEmptyChar] = SecureRandomUtil.generateRandomLetter();
         }
 
         checkPrefixAndSuffix(generatedPassword, policySpec);
 
         return StringUtils.join(generatedPassword);
     }
 
-    private int randomNumber(final int range) {
-        int randomNumber = (int) (Math.random() * (range - 1));
-        return randomNumber == 0 ? 1 : randomNumber;
-    }
-
     private void checkStartChar(final String[] generatedPassword, final PasswordPolicySpec policySpec) {
         if (policySpec.isMustStartWithAlpha()) {
-            generatedPassword[0] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[0] = SecureRandomUtil.generateRandomLetter();
         }
         if (policySpec.isMustStartWithNonAlpha() || policySpec.isMustStartWithDigit()) {
-            generatedPassword[0] = RandomStringUtils.randomNumeric(1);
+            generatedPassword[0] = SecureRandomUtil.generateRandomNumber();
         }
         if (policySpec.isMustntStartWithAlpha()) {
-            generatedPassword[0] = RandomStringUtils.randomNumeric(1);
+            generatedPassword[0] = SecureRandomUtil.generateRandomNumber();
 
         }
         if (policySpec.isMustntStartWithDigit()) {
-            generatedPassword[0] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[0] = SecureRandomUtil.generateRandomLetter();
 
         }
         if (policySpec.isMustntStartWithNonAlpha()) {
-            generatedPassword[0] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[0] = SecureRandomUtil.generateRandomLetter();
 
         }
     }
 
     private void checkEndChar(final String[] generatedPassword, final PasswordPolicySpec policySpec) {
         if (policySpec.isMustEndWithAlpha()) {
-            generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter();
         }
         if (policySpec.isMustEndWithNonAlpha() || policySpec.isMustEndWithDigit()) {
-            generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomNumeric(1);
+            generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomNumber();
         }
 
         if (policySpec.isMustntEndWithAlpha()) {
-            generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomNumeric(1);
+            generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomNumber();
         }
         if (policySpec.isMustntEndWithDigit()) {
-            generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter();
         }
         if (policySpec.isMustntEndWithNonAlpha()) {
-            generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomAlphabetic(1);
+            generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter();
 
         }
     }
@@ -282,26 +278,26 @@ private void checkRequired(final String[] generatedPassword, final PasswordPolic
         if (policySpec.isDigitRequired()
                 && !PolicyPattern.DIGIT.matcher(StringUtils.join(generatedPassword)).matches()) {
 
-            generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomNumeric(1);
+            generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomNumber();
         }
 
         if (policySpec.isUppercaseRequired()
                 && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(generatedPassword)).matches()) {
 
-            generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomAlphabetic(1).toUpperCase();
+            generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomLetter().toUpperCase();
         }
 
         if (policySpec.isLowercaseRequired()
                 && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(generatedPassword)).matches()) {
 
-            generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomAlphabetic(1).toLowerCase();
+            generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomLetter().toLowerCase();
         }
 
         if (policySpec.isNonAlphanumericRequired()
                 && !PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(generatedPassword)).matches()) {
 
-            generatedPassword[firstEmptyChar(generatedPassword)] =
-                    SPECIAL_CHARS[randomNumber(SPECIAL_CHARS.length - 1)];
+            generatedPassword[firstEmptyChar(generatedPassword)] = 
+                SecureRandomUtil.generateRandomSpecialCharacter(SPECIAL_CHARS);
         }
     }
 
@@ -318,4 +314,5 @@ private void checkPrefixAndSuffix(final String[] generatedPassword, final Passwo
             }
         }
     }
+
 }

core/src/main/java/org/apache/syncope/core/util/SecureRandomUtil.java

@@ -19,19 +19,26 @@
 package org.apache.syncope.core.util;
 
 import java.security.SecureRandom;
-import java.util.Random;
+
+import org.apache.commons.lang3.RandomStringUtils;
 
 public class SecureRandomUtil {
+
+    private static final SecureRandom RANDOM = new SecureRandom();
 
     public static String generateRandomPassword(final int tokenLength) {
-        Random random = new SecureRandom();
-
-        final String letters = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ0123456789";
-
-        String pw = "";
-        for (int i = 0; i < tokenLength; i++) {
-            pw += letters.charAt((int) (random.nextDouble() * letters.length()));
-        }
-        return pw;
+        return RandomStringUtils.random(tokenLength, 0, 0, true, false, null, RANDOM);
+    }
+
+    public static String generateRandomLetter() {
+        return RandomStringUtils.random(1, 0, 0, true, false, null, RANDOM);
+    }
+
+    public static String generateRandomNumber() {
+        return RandomStringUtils.random(1, 0, 0, false, true, null, RANDOM);
+    }
+
+    public static String generateRandomSpecialCharacter(char[] characters) {
+        return RandomStringUtils.random(1, 0, 0, false, false, characters, RANDOM);
     }
 }