added getRandomgString method

2013-03-03 22:12:46 +00:00
parent 75d060ec24
commit e0d47d1251
3 changed files with 74 additions and 3 deletions
--- a/security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java
+++ b/security/src/main/java/de/muehlencord/shared/security/PasswordUtil.java
@ -9,6 +9,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;

 /**
 *
@ -16,6 +17,9 @@ import org.apache.commons.codec.binary.Base64;
 */
 public abstract class PasswordUtil {

+    /** logging object */
+    private final static Logger logger = Logger.getLogger(PasswordUtil.class);
+
    /**
     * returns password (pos 0) and the salt (pos 1) of given plaintext password. Both strings are base64 encoded
     *
@ -73,8 +77,30 @@ public abstract class PasswordUtil {
     * @throws SecurityException if the creation of the salt fails
     */
    public static String createSaltString(int saltLength) throws SecurityException {
-        byte[] salt = createSalt(saltLength);
-        return base64Encode(salt);
+        byte[] saltByteArray = createSalt(saltLength);
+        String saltString = base64Encode(saltByteArray);
+        if (saltString.length() > saltLength) {
+            return saltString.substring(0, saltLength);
+        } else {
+            return saltString;
+        }
+    }
+
+    /** returns a random string with total length starting with prefix string
+     *
+     * @param prefix the prefix to start the string with
+     * @param length the maximum length of the string (including prefix)
+     * @return a random string
+     *
+     * @throws SecurityException if the random string could not be computed
+     */
+    public static String getRandomString(String prefix, int length) throws SecurityException {
+        if (prefix == null) {
+            prefix = "";
+        }
+        int idLength = length - prefix.length();
+        return prefix + createSaltString(idLength);
+
    }


@ -90,6 +116,7 @@ public abstract class PasswordUtil {
    private static byte[] createSalt(int saltLength) throws SecurityException {
        try {
            SecureRandom sha1SecureRandom = SecureRandom.getInstance("SHA1PRNG");
+
            byte salt[] = new byte[saltLength];
            synchronized (sha1SecureRandom) {
                sha1SecureRandom.nextBytes(salt);
@ -102,10 +129,12 @@ public abstract class PasswordUtil {

    /**
     * hashes the given password (md5 hashed, base64 coded) with the given salt
+     *
     * @param text the text to salt
     * @param salt the salt to use
     * @return the input text salted with password
-     * @throws SecurityException 
+     *
+     * @throws SecurityException
     */
    private static byte[] hashPasswordWithSalt(byte text[], byte salt[]) throws SecurityException {
        try {
--- a/security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java
+++ b/security/src/test/java/de/muehlencord/shared/security/PasswordUtilTest.java
@ -111,5 +111,41 @@ public class PasswordUtilTest {
    result = PasswordUtil.checkPassword(plainTextPassword, cryptedPassword, salt3);
    assertEquals(expResult, result);        
  }
+  
+    @Test
+    public void getRandomString() throws SecurityException {
+        System.out.println ("getRandomString"); 
+        String randomString = PasswordUtil.getRandomString("test-", 32);
+        System.out.println(randomString);
+        assertNotNull(randomString);
+        assertTrue("string must start with prefix", randomString.startsWith("test"));
+        assertEquals("string length check", 32, randomString.length());
+        
+        String randomString2 = PasswordUtil.getRandomString("test-", 32);
+        System.out.println(randomString2);
+        assertNotNull(randomString2);
+        assertTrue("string must start with prefix", randomString2.startsWith("test"));
+        assertEquals("string length check", 32, randomString2.length()); 
+        
+        assertNotSame(randomString, randomString2);
+    }
+
+    @Test
+    public void getRandomStringBlankPrefix() throws SecurityException {
+        System.out.println ("getRandomStringBlankPrefix"); 
+        String randomString = PasswordUtil.getRandomString("", 32);
+        System.out.println(randomString);
+        assertNotNull(randomString);
+        assertEquals("string length check", 32, randomString.length());
+    }
+
+    @Test
+    public void getRandomStringNullPrefix() throws SecurityException {
+        System.out.println ("getRandomStringNullPrefix"); 
+        String randomString = PasswordUtil.getRandomString(null, 32);
+        System.out.println(randomString);
+        assertNotNull(randomString);
+        assertEquals("string length check", 32, randomString.length());
+    }  

 }