|
|
Java example source code file (SecureRandom.java)
This example Java source code file (SecureRandom.java) is included in the alvinalexander.com
"Java Source Code
Warehouse" project. The intent of this project is to help you "Learn
Java by Example" TM.
Learn more about this Java project at its project page.
The SecureRandom.java Java example source code
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security;
import java.util.*;
import java.util.regex.*;
import java.security.Provider.Service;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
/**
* This class provides a cryptographically strong random number
* generator (RNG).
*
* <p>A cryptographically strong random number
* minimally complies with the statistical random number generator tests
* specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
* <i>FIPS 140-2, Security Requirements for Cryptographic Modules,
* section 4.9.1.
* Additionally, SecureRandom must produce non-deterministic output.
* Therefore any seed material passed to a SecureRandom object must be
* unpredictable, and all SecureRandom output sequences must be
* cryptographically strong, as described in
* <a href="http://www.ietf.org/rfc/rfc1750.txt">
* <i>RFC 1750: Randomness Recommendations for Security.
*
* <p>A caller obtains a SecureRandom instance via the
* no-argument constructor or one of the {@code getInstance} methods:
*
* <pre>
* SecureRandom random = new SecureRandom();
* </pre>
*
* <p> Many SecureRandom implementations are in the form of a pseudo-random
* number generator (PRNG), which means they use a deterministic algorithm
* to produce a pseudo-random sequence from a true random seed.
* Other implementations may produce true random numbers,
* and yet others may use a combination of both techniques.
*
* <p> Typical callers of SecureRandom invoke the following methods
* to retrieve random bytes:
*
* <pre>
* SecureRandom random = new SecureRandom();
* byte bytes[] = new byte[20];
* random.nextBytes(bytes);
* </pre>
*
* <p> Callers may also invoke the {@code generateSeed} method
* to generate a given number of seed bytes (to seed other random number
* generators, for example):
* <pre>
* byte seed[] = random.generateSeed(20);
* </pre>
*
* Note: Depending on the implementation, the {@code generateSeed} and
* {@code nextBytes} methods may block as entropy is being gathered,
* for example, if they need to read from /dev/random on various Unix-like
* operating systems.
*
* @see java.security.SecureRandomSpi
* @see java.util.Random
*
* @author Benjamin Renaud
* @author Josh Bloch
*/
public class SecureRandom extends java.util.Random {
/**
* The provider.
*
* @serial
* @since 1.2
*/
private Provider provider = null;
/**
* The provider implementation.
*
* @serial
* @since 1.2
*/
private SecureRandomSpi secureRandomSpi = null;
/*
* The algorithm name of null if unknown.
*
* @serial
* @since 1.5
*/
private String algorithm;
// Seed Generator
private static volatile SecureRandom seedGenerator = null;
/**
* Constructs a secure random number generator (RNG) implementing the
* default random number algorithm.
*
* <p> This constructor traverses the list of registered security Providers,
* starting with the most preferred Provider.
* A new SecureRandom object encapsulating the
* SecureRandomSpi implementation from the first
* Provider that supports a SecureRandom (RNG) algorithm is returned.
* If none of the Providers support a RNG algorithm,
* then an implementation-specific default is returned.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* <p> See the SecureRandom section in the > (numBytes*8 - numBits);
}
/**
* Returns the given number of seed bytes, computed using the seed
* generation algorithm that this class uses to seed itself. This
* call may be used to seed other random number generators.
*
* <p>This method is only included for backwards compatibility.
* The caller is encouraged to use one of the alternative
* {@code getInstance} methods to obtain a SecureRandom object, and
* then call the {@code generateSeed} method to obtain seed bytes
* from that object.
*
* @param numBytes the number of seed bytes to generate.
*
* @return the seed bytes.
*
* @see #setSeed
*/
public static byte[] getSeed(int numBytes) {
if (seedGenerator == null) {
seedGenerator = new SecureRandom();
}
return seedGenerator.generateSeed(numBytes);
}
/**
* Returns the given number of seed bytes, computed using the seed
* generation algorithm that this class uses to seed itself. This
* call may be used to seed other random number generators.
*
* @param numBytes the number of seed bytes to generate.
*
* @return the seed bytes.
*/
public byte[] generateSeed(int numBytes) {
return secureRandomSpi.engineGenerateSeed(numBytes);
}
/**
* Helper function to convert a long into a byte array (least significant
* byte first).
*/
private static byte[] longToByteArray(long l) {
byte[] retVal = new byte[8];
for (int i = 0; i < 8; i++) {
retVal[i] = (byte) l;
l >>= 8;
}
return retVal;
}
/**
* Gets a default PRNG algorithm by looking through all registered
* providers. Returns the first PRNG algorithm of the first provider that
* has registered a SecureRandom implementation, or null if none of the
* registered providers supplies a SecureRandom implementation.
*/
private static String getPrngAlgorithm() {
for (Provider p : Providers.getProviderList().providers()) {
for (Service s : p.getServices()) {
if (s.getType().equals("SecureRandom")) {
return s.getAlgorithm();
}
}
}
return null;
}
/*
* Lazily initialize since Pattern.compile() is heavy.
* Effective Java (2nd Edition), Item 71.
*/
private static final class StrongPatternHolder {
/*
* Entries are alg:prov separated by ,
* Allow for prepended/appended whitespace between entries.
*
* Capture groups:
* 1 - alg
* 2 - :prov (optional)
* 3 - prov (optional)
* 4 - ,nextEntry (optional)
* 5 - nextEntry (optional)
*/
private static Pattern pattern =
Pattern.compile(
"\\s*([\\S&&[^:,]]*)(\\:([\\S&&[^,]]*))?\\s*(\\,(.*))?");
}
/**
* Returns a {@code SecureRandom} object that was selected by using
* the algorithms/providers specified in the {@code
* securerandom.strongAlgorithms} {@link Security} property.
* <p>
* Some situations require strong random values, such as when
* creating high-value/long-lived secrets like RSA public/private
* keys. To help guide applications in selecting a suitable strong
* {@code SecureRandom} implementation, Java distributions
* include a list of known strong {@code SecureRandom}
* implementations in the {@code securerandom.strongAlgorithms}
* Security property.
* <p>
* Every implementation of the Java platform is required to
* support at least one strong {@code SecureRandom} implementation.
*
* @return a strong {@code SecureRandom} implementation as indicated
* by the {@code securerandom.strongAlgorithms} Security property
*
* @throws NoSuchAlgorithmException if no algorithm is available
*
* @see Security#getProperty(String)
*
* @since 1.8
*/
public static SecureRandom getInstanceStrong()
throws NoSuchAlgorithmException {
String property = AccessController.doPrivileged(
new PrivilegedAction<String>() {
@Override
public String run() {
return Security.getProperty(
"securerandom.strongAlgorithms");
}
});
if ((property == null) || (property.length() == 0)) {
throw new NoSuchAlgorithmException(
"Null/empty securerandom.strongAlgorithms Security Property");
}
String remainder = property;
while (remainder != null) {
Matcher m;
if ((m = StrongPatternHolder.pattern.matcher(
remainder)).matches()) {
String alg = m.group(1);
String prov = m.group(3);
try {
if (prov == null) {
return SecureRandom.getInstance(alg);
} else {
return SecureRandom.getInstance(alg, prov);
}
} catch (NoSuchAlgorithmException |
NoSuchProviderException e) {
}
remainder = m.group(5);
} else {
remainder = null;
}
}
throw new NoSuchAlgorithmException(
"No strong SecureRandom impls available: " + property);
}
// Declare serialVersionUID to be compatible with JDK1.1
static final long serialVersionUID = 4940670005562187L;
// Retain unused values serialized from JDK1.1
/**
* @serial
*/
private byte[] state;
/**
* @serial
*/
private MessageDigest digest = null;
/**
* @serial
*
* We know that the MessageDigest class does not implement
* java.io.Serializable. However, since this field is no longer
* used, it will always be NULL and won't affect the serialization
* of the SecureRandom class itself.
*/
private byte[] randomBytes;
/**
* @serial
*/
private int randomBytesUsed;
/**
* @serial
*/
private long counter;
}
|
The search page
Other Java source code examples at this package level
Click here to learn more about this project