Package org.owasp.esapi
Interface Randomizer
-
- All Known Implementing Classes:
DefaultRandomizer
public interface Randomizer
The Randomizer interface defines a set of methods for creating cryptographically random numbers and strings. Implementers should be sure to use a strong cryptographic implementation, such as the JCE or BouncyCastle. Weak sources of randomness can undermine a wide variety of security mechanisms. The specific algorithm used is configurable in ESAPI.properties.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
getRandomBoolean()
Returns a random boolean.byte[]
getRandomBytes(int n)
Generates a specified number of random bytes.java.lang.String
getRandomFilename(java.lang.String extension)
Returns an unguessable random filename with the specified extension.java.lang.String
getRandomGUID()
Generates a random GUID.int
getRandomInteger(int min, int max)
Gets the random integer in the range of [min, max).long
getRandomLong()
Gets the random long.float
getRandomReal(float min, float max)
Gets the random real in the range of [min, max].java.lang.String
getRandomString(int length, char[] characterSet)
Gets a random string of a desired length and character set.
-
-
-
Method Detail
-
getRandomString
java.lang.String getRandomString(int length, char[] characterSet)
Gets a random string of a desired length and character set. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Parameters:
length
- the length of the stringcharacterSet
- the set of characters to include in the created random string- Returns:
- the random string of the desired length and character set
-
getRandomBoolean
boolean getRandomBoolean()
Returns a random boolean. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Returns:
- true or false, randomly
-
getRandomInteger
int getRandomInteger(int min, int max)
Gets the random integer in the range of [min, max). The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Parameters:
min
- the minimum integer that will be returned, inclusivemax
- the maximum integer that will be returned, exclusive- Returns:
- the random integer
-
getRandomLong
long getRandomLong()
Gets the random long. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Returns:
- the random long
-
getRandomFilename
java.lang.String getRandomFilename(java.lang.String extension)
Returns an unguessable random filename with the specified extension. This method could call getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset then merely append "." + extension.- Parameters:
extension
- extension to add to the random filename- Returns:
- a random unguessable filename ending with the specified extension
-
getRandomReal
float getRandomReal(float min, float max)
Gets the random real in the range of [min, max]. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number generator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.- Parameters:
min
- the minimum real number that will be returned, inclusivemax
- the maximum real number that will be returned, inclusive- Returns:
- the random real
-
getRandomGUID
java.lang.String getRandomGUID() throws EncryptionException
Generates a random GUID. This method could use a hash of random Strings, the current time, and any other random data available. The format is a well-defined sequence of 32 hex digits grouped into chunks of 8-4-4-4-12.For more information including algorithms used to create UUIDs, see the Internet-Draft UUIDs and GUIDs or the standards body definition at ISO/IEC 11578:1996.
- Returns:
- the GUID
- Throws:
EncryptionException
- if hashing or encryption fails
-
getRandomBytes
byte[] getRandomBytes(int n)
Generates a specified number of random bytes.- Parameters:
n
- The requested number of random bytes.- Returns:
- The
n
random bytes are returned.
-
-