Skip to content

Commit dd5d7c4

Browse files
committed
CODEC-252: B64 salt generator: Random -> ThreadLocal<SecureRandom>
1 parent 163d643 commit dd5d7c4

2 files changed

Lines changed: 12 additions & 3 deletions

File tree

src/changes/changes.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ The <action> type attribute can be add,update,fix,remove.
4444
<body>
4545
<release version="1.12" date="2017-MM-DD" description="Feature and fix release.">
4646
<!-- The first attribute below should be the issue id; makes it easier to navigate in the IDE outline -->
47+
<action issue="CODEC-252" dev="chtompki" type="fix">B64 salt generator: Random -> ThreadLocalRandom</action>
4748
<action issue="CODEC-250" dev="sebb" type="fix" due-to="Alex Volodko">Wrong value calculated by Cologne Phonetic if a special character is placed between equal letters</action>
4849
<action issue="CODEC-244" dev="ggregory" type="update">Update from Java 6 to Java 7</action>
4950
<action issue="CODEC-240" dev="ggregory" type="add" due-to="Ioannis Sermetziadis">Add Percent-Encoding Codec (described in RFC3986 and RFC7578)</action>

src/main/java/org/apache/commons/codec/digest/B64.java

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616
*/
1717
package org.apache.commons.codec.digest;
1818

19+
import java.security.NoSuchAlgorithmException;
20+
import java.security.SecureRandom;
1921
import java.util.concurrent.ThreadLocalRandom;
2022

2123
/**
@@ -74,9 +76,15 @@ static void b64from24bit(final byte b2, final byte b1, final byte b0, final int
7476
*/
7577
static String getRandomSalt(final int num) {
7678
final StringBuilder saltString = new StringBuilder(num);
77-
final ThreadLocalRandom current = ThreadLocalRandom.current();
78-
for (int i = 1; i <= num; i++) {
79-
saltString.append(B64T.charAt(current.nextInt(B64T.length())));
79+
ThreadLocal<SecureRandom> secureRandomThreadLocal = new ThreadLocal<SecureRandom>();
80+
try {
81+
secureRandomThreadLocal.set(SecureRandom.getInstance("SHA1PRNG"));
82+
final SecureRandom current = secureRandomThreadLocal.get();
83+
for (int i = 1; i <= num; i++) {
84+
saltString.append(B64T.charAt(current.nextInt(B64T.length())));
85+
}
86+
} catch (NoSuchAlgorithmException e) {
87+
throw new RuntimeException(e);
8088
}
8189
return saltString.toString();
8290
}

0 commit comments

Comments
 (0)