removed weak random from digest.
This commit is contained in:
gregw 2020-07-17 13:02:46 +02:00
parent f6d39849e8
commit 88ec429b9c
1 changed files with 6 additions and 10 deletions

View File

@ -26,6 +26,7 @@ import java.security.SecureRandom;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.Random; import java.util.Random;
import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicInteger;
@ -67,11 +68,12 @@ public class DigestAuthentication extends AbstractAuthentication
* @param realm the realm to match for the authentication * @param realm the realm to match for the authentication
* @param user the user that wants to authenticate * @param user the user that wants to authenticate
* @param password the password of the user * @param password the password of the user
* @param random the Random generator to use for nonces, or null for a weak algorithm. * @param random the Random generator to use for nonces.
*/ */
public DigestAuthentication(URI uri, String realm, String user, String password, Random random) public DigestAuthentication(URI uri, String realm, String user, String password, Random random)
{ {
super(uri, realm); super(uri, realm);
Objects.requireNonNull(random);
this.random = random; this.random = random;
this.user = user; this.user = user;
this.password = password; this.password = password;
@ -231,15 +233,9 @@ public class DigestAuthentication extends AbstractAuthentication
private String newClientNonce() private String newClientNonce()
{ {
if (random != null) byte[] bytes = new byte[8];
{ random.nextBytes(bytes);
byte[] bytes = new byte[8]; return toHexString(bytes);
random.nextBytes(bytes);
return toHexString(bytes);
}
long pseudoRandom = System.nanoTime() ^ System.identityHashCode(new Object());
return Long.toHexString(pseudoRandom);
} }
private String toHexString(byte[] bytes) private String toHexString(byte[] bytes)