Class DefaultRandomizer

  • All Implemented Interfaces:
    Randomizer

    public class DefaultRandomizer
    extends java.lang.Object
    implements Randomizer
    Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
    See Also:
    Randomizer
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static Randomizer getInstance()  
      boolean getRandomBoolean()
      Returns a random boolean.
      byte[] getRandomBytes​(int n)
      Generates a specified number of random bytes.
      java.lang.String getRandomFilename​(java.lang.String extension)
      Returns an unguessable random filename with the specified extension.
      java.lang.String getRandomGUID()
      Generates a random GUID.
      int getRandomInteger​(int min, int max)
      Gets the random integer in the range of [min, max).
      long getRandomLong()
      Gets the random long.
      float getRandomReal​(float min, float max)
      Gets the random real in the range of [min, max].
      java.lang.String getRandomString​(int length, char[] characterSet)
      Gets a random string of a desired length and character set.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • getInstance

        public static Randomizer getInstance()
      • getRandomString

        public java.lang.String getRandomString​(int length,
                                                char[] characterSet)
        Gets a random string of a desired length and character set. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Specified by:
        getRandomString in interface Randomizer
        Parameters:
        length - the length of the string
        characterSet - the set of characters to include in the created random string
        Returns:
        the random string of the desired length and character set
      • getRandomBoolean

        public boolean getRandomBoolean()
        Returns a random boolean. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Specified by:
        getRandomBoolean in interface Randomizer
        Returns:
        true or false, randomly
      • getRandomInteger

        public int getRandomInteger​(int min,
                                    int max)
        Gets the random integer in the range of [min, max). The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Specified by:
        getRandomInteger in interface Randomizer
        Parameters:
        min - the minimum integer that will be returned, inclusive
        max - the maximum integer that will be returned, exclusive
        Returns:
        the random integer
      • getRandomLong

        public long getRandomLong()
        Gets the random long. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Specified by:
        getRandomLong in interface Randomizer
        Returns:
        the random long
      • getRandomReal

        public float getRandomReal​(float min,
                                   float max)
        Gets the random real in the range of [min, max]. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Specified by:
        getRandomReal in interface Randomizer
        Parameters:
        min - the minimum real number that will be returned, inclusive
        max - the maximum real number that will be returned, inclusive
        Returns:
        the random real
      • getRandomFilename

        public java.lang.String getRandomFilename​(java.lang.String extension)
        Returns an unguessable random filename with the specified extension. This method could call getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset then merely append "." + extension.
        Specified by:
        getRandomFilename in interface Randomizer
        Parameters:
        extension - extension to add to the random filename
        Returns:
        a random unguessable filename ending with the specified extension
      • getRandomGUID

        public java.lang.String getRandomGUID()
                                       throws EncryptionException
        Generates a random GUID. This method could use a hash of random Strings, the current time, and any other random data available. The format is a well-defined sequence of 32 hex digits grouped into chunks of 8-4-4-4-12.

        For more information including algorithms used to create UUIDs, see the Internet-Draft UUIDs and GUIDs or the standards body definition at ISO/IEC 11578:1996.

        Specified by:
        getRandomGUID in interface Randomizer
        Returns:
        the GUID
        Throws:
        EncryptionException - if hashing or encryption fails
      • getRandomBytes

        public byte[] getRandomBytes​(int n)
        Generates a specified number of random bytes.
        Specified by:
        getRandomBytes in interface Randomizer
        Parameters:
        n - The requested number of random bytes.
        Returns:
        The n random bytes are returned.