Replace (important) instances of Random with SecureRandom

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1023 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4

3 files changed, 7 insertions, 7 deletions

diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
index 7744b166..bb81c94b 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
@@ -44,10 +44,10 @@ import java.security.GeneralSecurityException;
 import java.security.KeyPair;

 import java.security.KeyPairGenerator;

 import java.security.KeyStore;

+import java.security.SecureRandom;
 import java.security.NoSuchAlgorithmException;

 import java.util.Calendar;

 import java.util.GregorianCalendar;

-import java.util.Random;

 

 import org.slf4j.Logger;

 import org.slf4j.LoggerFactory;

@@ -80,7 +80,7 @@ public class TLSServerCA {
 

     caKeyPair = generateKeyPair();

     caCert = new X509Certificate();

-    caCert.setSerialNumber(new BigInteger(20, new Random()));

+    caCert.setSerialNumber(new BigInteger(20, new SecureRandom()));

     caCert.setSubjectDN(subject);

     caCert.setPublicKey(caKeyPair.getPublic());

     caCert.setIssuerDN(subject);

@@ -116,7 +116,7 @@ public class TLSServerCA {
 

     serverKeyPair = generateKeyPair();

     serverCert = new X509Certificate();

-    serverCert.setSerialNumber(new BigInteger(20, new Random()));

+    serverCert.setSerialNumber(new BigInteger(20, new SecureRandom()));

     serverCert.setSubjectDN(subject);

     serverCert.setPublicKey(serverKeyPair.getPublic());

     serverCert.setIssuerDN(caCert.getSubjectDN());

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java
index 81747490..6856ab1a 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/IdValueFactoryImpl.java
@@ -26,7 +26,7 @@ package at.gv.egiz.bku.slcommands.impl.xsect;
 

 import java.util.HashMap;

 import java.util.Map;

-import java.util.Random;

+import java.security.SecureRandom;

 

 /**

  * An implementation of the IdValueFactory.

@@ -108,7 +108,7 @@ public class IdValueFactoryImpl implements IdValueFactory {
    */

   public IdValueFactoryImpl() {

 

-    Random random = new Random();

+    SecureRandom random = new SecureRandom();

     int rand = random.nextInt();

     seed = Integer.toHexString(rand);

 

diff --git a/smcc/src/main/java/at/gv/egiz/smcc/DNIeCryptoUtil.java b/smcc/src/main/java/at/gv/egiz/smcc/DNIeCryptoUtil.java
index c4e27d08..75095c10 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/DNIeCryptoUtil.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/DNIeCryptoUtil.java
@@ -32,6 +32,7 @@ import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.KeyFactory;
 import java.security.MessageDigest;
+import java.security.SecureRandom;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.cert.CertificateFactory;
@@ -42,7 +43,6 @@ import java.security.spec.KeySpec;
 import java.security.spec.RSAPrivateKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Arrays;
-import java.util.Random;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -122,7 +122,7 @@ public class DNIeCryptoUtil {
 
 		for (int i = 0; i < length; i++) {
 
-			Random rand = new Random();
+			SecureRandom rand = new SecureRandom();
 			byte current = (byte) rand.nextInt(255);
 			result[i] = current;
 		}