libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-2148: Update HmacOTP to make use of SecureRandom

Browse source
This commit is contained in:
Bruno Oliveira 2015-11-26 15:53:56 -02:00
parent 4a020d545b
commit 0d582a1326
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
model/api/src/main/java/org/keycloak/models/utils/HmacOTP.java
View file

@ -3,7 +3,7 @@ package org.keycloak.models.utils;
import javax.crypto.Mac; import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Random; import java.security.SecureRandom;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -29,7 +29,7 @@ public class HmacOTP {
public static String generateSecret(int length) { public static String generateSecret(int length) {
String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890"; String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
Random r = new Random(); SecureRandom r = new SecureRandom();
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
for (int i = 0; i < length; i++) { for (int i = 0; i < length; i++) {
char c = chars.charAt(r.nextInt(chars.length())); char c = chars.charAt(r.nextInt(chars.length()));