andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5ffac03f1e
netty5/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java
Alexey Kachayev fa4e28ba1c Fix random number generators in WebSocketUtil 
Motivation:

Implementation of WebSocketUtil/randomNumber is incorrect and might violate
the API returning values > maximum specified.

Modifications:

* WebSocketUtil/randomNumber is reimplemented, the idea of the solution described
  in the comment in the code

* Implementation of WebSocketUtil/randomBytes changed to nextBytes method

* PlatformDependet.threadLocalRandom is used instead of Math.random to improve efficiency

* Added test cases to check random numbers generator

* To ensure corretness, we now assert that min < max when generating random number

Result:

WebSocketUtil/randomNumber always produces correct result.

Covers https://github.com/netty/netty/issues/8023
2018-06-25 14:42:59 +02:00

153 lines
4.9 KiB
Java
Raw Blame History

/*
* Copyright 2012 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.util.CharsetUtil;
import io.netty.util.concurrent.FastThreadLocal;
import io.netty.util.internal.PlatformDependent;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/**
* A utility class mainly for use by web sockets
*/
final class WebSocketUtil {
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
@Override
protected MessageDigest initialValue() throws Exception {
try {
//Try to get a MessageDigest that uses MD5
return MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
//This shouldn't happen! How old is the computer?
throw new InternalError("MD5 not supported on this platform - Outdated?");
}
}
};
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
@Override
protected MessageDigest initialValue() throws Exception {
try {
//Try to get a MessageDigest that uses SHA1
return MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
//This shouldn't happen! How old is the computer?
throw new InternalError("SHA-1 not supported on this platform - Outdated?");
}
}
};
/**
* Performs a MD5 hash on the specified data
*
* @param data The data to hash
* @return The hashed data
*/
static byte[] md5(byte[] data) {
// TODO(normanmaurer): Create md5 method that not need MessageDigest.
return digest(MD5, data);
}
/**
* Performs a SHA-1 hash on the specified data
*
* @param data The data to hash
* @return The hashed data
*/
static byte[] sha1(byte[] data) {
// TODO(normanmaurer): Create sha1 method that not need MessageDigest.
return digest(SHA1, data);
}
private static byte[] digest(FastThreadLocal<MessageDigest> digestFastThreadLocal, byte[] data) {
MessageDigest digest = digestFastThreadLocal.get();
digest.reset();
return digest.digest(data);
}
/**
* Performs base64 encoding on the specified data
*
* @param data The data to encode
* @return An encoded string containing the data
*/
static String base64(byte[] data) {
ByteBuf encodedData = Unpooled.wrappedBuffer(data);
ByteBuf encoded = Base64.encode(encodedData);
String encodedString = encoded.toString(CharsetUtil.UTF_8);
encoded.release();
return encodedString;
}
/**
* Creates an arbitrary number of random bytes
*
* @param size the number of random bytes to create
* @return An array of random bytes
*/
static byte[] randomBytes(int size) {
byte[] bytes = new byte[size];
PlatformDependent.threadLocalRandom().nextBytes(bytes);
return bytes;
}
/**
* Generates a pseudo-random number
*
* @param minimum The minimum allowable value
* @param maximum The maximum allowable value
* @return A pseudo-random number
*/
static int randomNumber(int minimum, int maximum) {
assert minimum < maximum;
double fraction = PlatformDependent.threadLocalRandom().nextDouble();
// the idea here is that nextDouble gives us a random value
//
// 0 <= fraction <= 1
//
// the distance from min to max declared as
//
// dist = max - min
//
// satisfies the following
//
// min + dist = max
//
// taking into account
//
// 0 <= fraction * dist <= dist
//
// we've got
//
// min <= min + fraction * dist <= max
return (int) (minimum + fraction * (maximum - minimum));
}
/**
* A private constructor to ensure that instances of this class cannot be made
*/
private WebSocketUtil() {
// Unused
}
}
Reference in New Issue View Git Blame Copy Permalink