Examples of java.security.SecureRandom

• java.security.SecureRandom
  nist.gov/cryptval/140-2.htm"> FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.

  A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods:

   SecureRandom random = new SecureRandom(); 

  Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

  Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

   SecureRandom random = new SecureRandom(); byte bytes[] = new byte[20]; random.nextBytes(bytes); 

  Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

   byte seed[] = random.generateSeed(20); 

  @see java.security.SecureRandomSpi @see java.util.Random @version 1.54, 04/21/06 @author Benjamin Renaud @author Josh Bloch

    private String getRefreshToken() {
        // authorize application on user's behalf
        webClient.getOptions().setRedirectEnabled(true);

        try {
            final String csrfId = String.valueOf(new SecureRandom().nextLong());

            final String encodedRedirectUri = URLEncoder.encode(oAuthParams.getRedirectUri(), "UTF-8");
            final OAuthScope[] scopes = oAuthParams.getScopes();

            final String url;

        try {
            keyGen = KeyPairGenerator.getInstance(algorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
        keyGen.initialize(keylength, new SecureRandom());
        return keyGen.generateKeyPair();
    }

    this.tokenSecret = Preconditions.checkNotNull(tokenSecret);

    this.normalizer = Normalizer.getStandardNormalizer();
    this.signer = Signer.getStandardSigner();

    this.secureRandom = new SecureRandom();
  }

     * @return the SecureRandom used to generate secure random data, wrapped in a
     * {@link RandomGenerator}.
     */
    private RandomGenerator getSecRan() {
        if (secRand == null) {
            secRand = RandomGeneratorFactory.createRandomGenerator(new SecureRandom());
            secRand.setSeed(System.currentTimeMillis() + System.identityHashCode(this));
        }
        return secRand;
    }

    //random_bits1 = md5.digest(SshMisc.addArrayOfBytes(md5.digest((password + login).getBytes()), random_bits1));
    //random_bits2 = md5.digest(SshMisc.addArrayOfBytes(md5.digest((password + login).getBytes()), random_bits2));


    SecureRandom random = new java.security.SecureRandom(random_bits1); //no supported by netscape :-(
    random.nextBytes(random_bits1);
    random.nextBytes(random_bits2);

    session_key = SshMisc.addArrayOfBytes(random_bits1, random_bits2);

    //Xor the 16 first bytes with the session-id
    byte[] session_keyXored = SshMisc.XORArrayOfBytes(random_bits1, hash_md5);

  }

  static public byte getNotZeroRandomByte() {
    byte[] randomBytes = new byte[32];

    SecureRandom random = new java.security.SecureRandom(randomBytes);
    while (true) {
      random.nextBytes(randomBytes);
      for (int i = 0; i < randomBytes.length; i++)
        if (randomBytes[i] != 0)
          return randomBytes[i];
    }
  }

   public static SSLContext createContext(final String keystorePath, final String keystorePassword, final String trustStorePath, final String trustStorePassword) throws Exception
   {
      SSLContext context = SSLContext.getInstance("TLS");
      KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystorePath, keystorePassword);
      TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStorePath, trustStorePassword);
      context.init(keyManagers, trustManagers, new SecureRandom());
      return context;
   }

    public static SSLContext clientContext() {
        try {
            InputStream stream = FixedCertificates.class.getResourceAsStream("/" + CLIENT_STORE);
            assert stream != null;
            SSLContext context = Utilities.newSSLContext(stream, CLIENT_PASSWORD, "PKCS12", "sunx509");
            context.init(null, new TrustManager[] { new X509TrustManagerTrustAll() }, new SecureRandom());
            return context;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        }};

        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    }

    private static final int ITERATION_COUNT = 1000;
    private static final int KEY_LENGTH = 64 * 8;
    public static final String SHA_1_PRNG = "SHA1PRNG";

    public static byte[] getSalt() {
        SecureRandom sr;
        try {
            sr = SecureRandom.getInstance(SHA_1_PRNG);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not find algorithm: " + SHA_1_PRNG, e);
        }
        byte[] salt = new byte[SALT_LENGTH];
        sr.nextBytes(salt);
        return salt;
    }