/* ==================================================================== * * Copyright (C) 2014 GeoSolutions S.A.S. * http://www.geo-solutions.it * * GPLv3 + Classpath exception * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. * * ==================================================================== * * This software consists of voluntary contributions made by developers * of GeoSolutions. For more information on GeoSolutions, please see * <http://www.geo-solutions.it/>. * */ package it.geosolutions.geostore.core.security.password; import java.security.SecureRandom; /** * This Class for generating random passwords using {@link SecureRandom}. * <p> * The password alphabet is {@link #PRINTABLE_ALPHABET}. Since the alphabet is * not really big, the length of the password is important. * This class is the same available in GeoServer. * </p> * * @author Lorenzo Natali (lorenzo.natali at geo-solutions.it) */ public class RandomPasswordProvider { /** alphabet */ public static final char[] PRINTABLE_ALPHABET = { '!', '\"', '#', '$', '%', '&', '\'', '(', ')', '*', '+', ',', '-', '.', '/', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ':', ';', '<', '?', '@', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '[', '\\', ']', '^', '_', '`', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~', }; /** * The default password length assures a key strength of 2 ^ 261 * {@link #PRINTABLE_ALPHABET} has 92 characters ln (92 ^ 40 ) / ln (2) = * 260.942478242 */ public static int DefaultPasswordLength = 40; /** * Creates a random password of the specified length, if length <=0, return * <code>null</code> */ public char[] getRandomPassword(int length) { if (length <= 0) return null; char[] buff = new char[length]; getRandomPassword(buff); return buff; } public char[] getRandomPasswordWithDefaultLength() { char[] buff = new char[DefaultPasswordLength]; getRandomPassword(buff); return buff; } /** * Creates a random password filling the specified character array. */ public void getRandomPassword(char[] buff) { SecureRandom random = new SecureRandom(); for (int i = 0; i < buff.length; i++) { int index = random.nextInt() % PRINTABLE_ALPHABET.length; if (index < 0) index += PRINTABLE_ALPHABET.length; buff[i] = PRINTABLE_ALPHABET[index]; } } /** * Creates a random password filling the specified byte array. */ public void getRandomPassword(byte[] buff) { SecureRandom random = new SecureRandom(); for (int i = 0; i < buff.length; i++) { int index = random.nextInt() % PRINTABLE_ALPHABET.length; if (index < 0) index += PRINTABLE_ALPHABET.length; buff[i] = (byte) PRINTABLE_ALPHABET[index]; } } }