SecureRandomNumberGenerator.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shiro.crypto;

import org.apache.shiro.util.ByteSource;

import java.security.SecureRandom;

/**
 * Default implementation of the {@link RandomNumberGenerator RandomNumberGenerator} interface, backed by a
 * {@link SecureRandom SecureRandom} instance.
 * <p/>
 * This class is a little easier to use than using the JDK's {@code SecureRandom} class directly.  It also
 * allows for JavaBeans-style of customization, convenient for Shiro's INI configuration or other IoC configuration
 * mechanism.
 *
 * @since 1.1
 */
public class SecureRandomNumberGenerator implements RandomNumberGenerator {

    protected static final int DEFAULT_NEXT_BYTES_SIZE = 16; //16 bytes == 128 bits (a common number in crypto)

    private int defaultNextBytesSize;
    private SecureRandom secureRandom;

    /**
     * Creates a new instance with a default backing {@link SecureRandom SecureRandom} and a
     * {@link #getDefaultNextBytesSize() defaultNextBytesSize} of {@code 16}, which equals 128 bits, a size commonly
     * used in cryptographic algorithms.
     */
    public SecureRandomNumberGenerator() {
        this.defaultNextBytesSize = DEFAULT_NEXT_BYTES_SIZE;
        this.secureRandom = new SecureRandom();
    }

    /**
     * Seeds the backing {@link SecureRandom SecureRandom} instance with additional seed data.
     *
     * @param bytes the seed bytes
     * @see SecureRandom#setSeed(byte[])
     */
    public void setSeed(byte[] bytes) {
        this.secureRandom.setSeed(bytes);
    }

    /**
     * Returns the {@link SecureRandom SecureRandom} backing this instance.
     *
     * @return the {@link SecureRandom SecureRandom} backing this instance.
     */
    public SecureRandom getSecureRandom() {
        return secureRandom;
    }

    /**
     * Sets the {@link SecureRandom SecureRandom} to back this instance.
     *
     * @param random the {@link SecureRandom SecureRandom} to back this instance.
     * @throws NullPointerException if the method argument is null
     */
    public void setSecureRandom(SecureRandom random) throws NullPointerException {
        if (random == null) {
            throw new NullPointerException("SecureRandom argument cannot be null.");
        }
        this.secureRandom = random;
    }

    /**
     * Returns the size of the generated byte array for calls to {@link #nextBytes() nextBytes()}.  Defaults to
     * {@code 16}, which equals 128 bits, a size commonly used in cryptographic algorithms.
     *
     * @return the size of the generated byte array for calls to {@link #nextBytes() nextBytes()}.
     */
    public int getDefaultNextBytesSize() {
        return defaultNextBytesSize;
    }

    /**
     * Sets the size of the generated byte array for calls to {@link #nextBytes() nextBytes()}. Defaults to
     * {@code 16}, which equals 128 bits, a size commonly used in cryptographic algorithms.
     *
     * @param defaultNextBytesSize the size of the generated byte array for calls to {@link #nextBytes() nextBytes()}.
     * @throws IllegalArgumentException if the argument is 0 or negative
     */
    public void setDefaultNextBytesSize(int defaultNextBytesSize) throws IllegalArgumentException {
        if ( defaultNextBytesSize <= 0) {
            throw new IllegalArgumentException("size value must be a positive integer (1 or larger)");
        }
        this.defaultNextBytesSize = defaultNextBytesSize;
    }

    public ByteSource nextBytes() {
        return nextBytes(getDefaultNextBytesSize());
    }

    public ByteSource nextBytes(int numBytes) {
        if (numBytes <= 0) {
            throw new IllegalArgumentException("numBytes argument must be a positive integer (1 or larger)");
        }
        byte[] bytes = new byte[numBytes];
        this.secureRandom.nextBytes(bytes);
        return ByteSource.Util.bytes(bytes);
    }
}