diff --git a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java index 19b4e4d9bb..36a89ca013 100644 --- a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java +++ b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java @@ -20,7 +20,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.commons.lang3.RandomStringUtils; + import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.types.PasswordPolicySpec; import org.apache.syncope.core.persistence.beans.ExternalResource; @@ -30,6 +30,7 @@ import org.apache.syncope.core.persistence.dao.PolicyDAO; import org.apache.syncope.core.policy.PolicyPattern; import org.apache.syncope.core.util.InvalidPasswordPolicySpecException; +import org.apache.syncope.core.util.SecureRandomUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -41,7 +42,7 @@ @Component public class PasswordGenerator { - private static final String[] SPECIAL_CHARS = {"", "!", "£", "%", "&", "(", ")", "?", "#", "_", "$"}; + private static final char[] SPECIAL_CHARS = {'!', '£', '%', '&', '(', ')', '?', '#', '$'}; @Autowired private PolicyDAO policyDAO; @@ -216,7 +217,7 @@ private String generate(final PasswordPolicySpec policySpec) { //filled empty chars for (int firstEmptyChar = firstEmptyChar(generatedPassword); firstEmptyChar < generatedPassword.length - 1; firstEmptyChar++) { - generatedPassword[firstEmptyChar] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[firstEmptyChar] = SecureRandomUtil.generateRandomLetter(); } checkPrefixAndSuffix(generatedPassword, policySpec); @@ -224,48 +225,43 @@ private String generate(final PasswordPolicySpec policySpec) { return StringUtils.join(generatedPassword); } - private int randomNumber(final int range) { - int randomNumber = (int) (Math.random() * (range - 1)); - return randomNumber == 0 ? 1 : randomNumber; - } - private void checkStartChar(final String[] generatedPassword, final PasswordPolicySpec policySpec) { if (policySpec.isMustStartWithAlpha()) { - generatedPassword[0] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[0] = SecureRandomUtil.generateRandomLetter(); } if (policySpec.isMustStartWithNonAlpha() || policySpec.isMustStartWithDigit()) { - generatedPassword[0] = RandomStringUtils.randomNumeric(1); + generatedPassword[0] = SecureRandomUtil.generateRandomNumber(); } if (policySpec.isMustntStartWithAlpha()) { - generatedPassword[0] = RandomStringUtils.randomNumeric(1); + generatedPassword[0] = SecureRandomUtil.generateRandomNumber(); } if (policySpec.isMustntStartWithDigit()) { - generatedPassword[0] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[0] = SecureRandomUtil.generateRandomLetter(); } if (policySpec.isMustntStartWithNonAlpha()) { - generatedPassword[0] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[0] = SecureRandomUtil.generateRandomLetter(); } } private void checkEndChar(final String[] generatedPassword, final PasswordPolicySpec policySpec) { if (policySpec.isMustEndWithAlpha()) { - generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter(); } if (policySpec.isMustEndWithNonAlpha() || policySpec.isMustEndWithDigit()) { - generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomNumeric(1); + generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomNumber(); } if (policySpec.isMustntEndWithAlpha()) { - generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomNumeric(1); + generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomNumber(); } if (policySpec.isMustntEndWithDigit()) { - generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter(); } if (policySpec.isMustntEndWithNonAlpha()) { - generatedPassword[policySpec.getMinLength() - 1] = RandomStringUtils.randomAlphabetic(1); + generatedPassword[policySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter(); } } @@ -282,26 +278,26 @@ private void checkRequired(final String[] generatedPassword, final PasswordPolic if (policySpec.isDigitRequired() && !PolicyPattern.DIGIT.matcher(StringUtils.join(generatedPassword)).matches()) { - generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomNumeric(1); + generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomNumber(); } if (policySpec.isUppercaseRequired() && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(generatedPassword)).matches()) { - generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomAlphabetic(1).toUpperCase(); + generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomLetter().toUpperCase(); } if (policySpec.isLowercaseRequired() && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(generatedPassword)).matches()) { - generatedPassword[firstEmptyChar(generatedPassword)] = RandomStringUtils.randomAlphabetic(1).toLowerCase(); + generatedPassword[firstEmptyChar(generatedPassword)] = SecureRandomUtil.generateRandomLetter().toLowerCase(); } if (policySpec.isNonAlphanumericRequired() && !PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(generatedPassword)).matches()) { - generatedPassword[firstEmptyChar(generatedPassword)] = - SPECIAL_CHARS[randomNumber(SPECIAL_CHARS.length - 1)]; + generatedPassword[firstEmptyChar(generatedPassword)] = + SecureRandomUtil.generateRandomSpecialCharacter(SPECIAL_CHARS); } } @@ -318,4 +314,5 @@ private void checkPrefixAndSuffix(final String[] generatedPassword, final Passwo } } } + } diff --git a/core/src/main/java/org/apache/syncope/core/util/SecureRandomUtil.java b/core/src/main/java/org/apache/syncope/core/util/SecureRandomUtil.java index 775958858a..860a1538ee 100644 --- a/core/src/main/java/org/apache/syncope/core/util/SecureRandomUtil.java +++ b/core/src/main/java/org/apache/syncope/core/util/SecureRandomUtil.java @@ -19,19 +19,26 @@ package org.apache.syncope.core.util; import java.security.SecureRandom; -import java.util.Random; + +import org.apache.commons.lang3.RandomStringUtils; public class SecureRandomUtil { + + private static final SecureRandom RANDOM = new SecureRandom(); public static String generateRandomPassword(final int tokenLength) { - Random random = new SecureRandom(); - - final String letters = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ0123456789"; - - String pw = ""; - for (int i = 0; i < tokenLength; i++) { - pw += letters.charAt((int) (random.nextDouble() * letters.length())); - } - return pw; + return RandomStringUtils.random(tokenLength, 0, 0, true, false, null, RANDOM); + } + + public static String generateRandomLetter() { + return RandomStringUtils.random(1, 0, 0, true, false, null, RANDOM); + } + + public static String generateRandomNumber() { + return RandomStringUtils.random(1, 0, 0, false, true, null, RANDOM); + } + + public static String generateRandomSpecialCharacter(char[] characters) { + return RandomStringUtils.random(1, 0, 0, false, false, characters, RANDOM); } }