Commit 8073bab7 authored by Guus der Kinderen's avatar Guus der Kinderen

Improve random distribution of generated stream IDs

Stream ID generation should be based on a strong random number generator,
should use a wider variety of characters than just hexadecimals, and
could be a bit larger for reduced chance of duplicates.
parent 08eb2993
...@@ -22,6 +22,9 @@ package org.jivesoftware.openfire.spi; ...@@ -22,6 +22,9 @@ package org.jivesoftware.openfire.spi;
import org.jivesoftware.openfire.StreamID; import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.StreamIDFactory; import org.jivesoftware.openfire.StreamIDFactory;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Random; import java.util.Random;
/** /**
...@@ -33,13 +36,18 @@ import java.util.Random; ...@@ -33,13 +36,18 @@ import java.util.Random;
public class BasicStreamIDFactory implements StreamIDFactory { public class BasicStreamIDFactory implements StreamIDFactory {
/** /**
* The random number to use, someone with Java can predict stream IDs if they can guess the current seed * * The maximum amount of characters in a stream ID that's generated by this implementation.
*/
private static final int MAX_STRING_SIZE = 10;
/**
* The random number to use, someone with Java can predict stream IDs if they can guess the current seed
*/ */
Random random = new Random(); Random random = new SecureRandom();
@Override @Override
public StreamID createStreamID() { public StreamID createStreamID() {
return new BasicStreamID(Integer.toHexString(random.nextInt())); return new BasicStreamID(new BigInteger( MAX_STRING_SIZE * 5, random ).toString( 36 ));
} }
public StreamID createStreamID(String name) { public StreamID createStreamID(String name) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment