Interface Randomizer

  • All Known Implementing Classes:
    DefaultRandomizer

    public interface Randomizer
    The Randomizer interface defines a set of methods for creating cryptographically random numbers and strings. Implementers should be sure to use a strong cryptographic implementation, such as the JCE or BouncyCastle. Weak sources of randomness can undermine a wide variety of security mechanisms. The specific algorithm used is configurable in ESAPI.properties.
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
    • Method Detail

      • getRandomString

        java.lang.String getRandomString​(int length,
                                         char[] characterSet)
        Gets a random string of a desired length and character set. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Parameters:
        length - the length of the string
        characterSet - the set of characters to include in the created random string
        Returns:
        the random string of the desired length and character set
      • getRandomBoolean

        boolean getRandomBoolean()
        Returns a random boolean. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Returns:
        true or false, randomly
      • getRandomInteger

        int getRandomInteger​(int min,
                             int max)
        Gets the random integer. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Parameters:
        min - the minimum integer that will be returned
        max - the maximum integer that will be returned
        Returns:
        the random integer
      • getRandomLong

        long getRandomLong()
        Gets the random long. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Returns:
        the random long
      • getRandomFilename

        java.lang.String getRandomFilename​(java.lang.String extension)
        Returns an unguessable random filename with the specified extension. This method could call getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset then merely append "." + extension.
        Parameters:
        extension - extension to add to the random filename
        Returns:
        a random unguessable filename ending with the specified extension
      • getRandomReal

        float getRandomReal​(float min,
                            float max)
        Gets the random real. The use of java.security.SecureRandom is recommended because it provides a cryptographically strong pseudo-random number generator. If SecureRandom is not used, the pseudo-random number gernerator used should comply with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1.
        Parameters:
        min - the minimum real number that will be returned
        max - the maximum real number that will be returned
        Returns:
        the random real
      • getRandomGUID

        java.lang.String getRandomGUID()
                                throws EncryptionException
        Generates a random GUID. This method could use a hash of random Strings, the current time, and any other random data available. The format is a well-defined sequence of 32 hex digits grouped into chunks of 8-4-4-4-12.

        For more information including algorithms used to create UUIDs, see the Internet-Draft UUIDs and GUIDs or the standards body definition at ISO/IEC 11578:1996.

        Returns:
        the GUID
        Throws:
        EncryptionException - if hashing or encryption fails
      • getRandomBytes

        byte[] getRandomBytes​(int n)
        Generates a specified number of random bytes.
        Parameters:
        n - The requested number of random bytes.
        Returns:
        The n random bytes are returned.