libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

use SecureRandom for totp

Browse source
This commit is contained in:
Bill Burke 2014-08-10 12:12:24 -04:00
parent ad94b94833
commit cae0a7628d
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
View file

@ -27,6 +27,7 @@ import org.keycloak.models.utils.Base32;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.Random;
@ -50,15 +51,22 @@ public class TotpBean {
private static String randomString(int length) {
String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
Random r = new Random();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < length; i++) {
char c = chars.charAt(r.nextInt(chars.length()));
char c = chars.charAt(random.nextInt(chars.length()));
sb.append(c);
}
return sb.toString();
}
private static final SecureRandom random;
static
{
random = new SecureRandom();
random.nextInt();
}
public boolean isEnabled() {
return enabled;
}