1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.myfaces.push.cdi;
20
21 import java.util.Map;
22 import java.util.Random;
23 import javax.faces.context.ExternalContext;
24 import javax.faces.context.FacesContext;
25 import javax.xml.bind.DatatypeConverter;
26
27 import org.apache.myfaces.application.StateCache;
28 import org.apache.myfaces.shared.renderkit.RendererUtils;
29 import org.apache.myfaces.shared.util.WebConfigParamUtils;
30
31
32
33
34 class RandomCsrfSessionTokenFactory extends CsrfSessionTokenFactory
35 {
36 private final Random random;
37 private final int length;
38
39 public RandomCsrfSessionTokenFactory(FacesContext facesContext)
40 {
41 length = WebConfigParamUtils.getIntegerInitParameter(
42 facesContext.getExternalContext(),
43 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM,
44 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM_DEFAULT);
45 random = new Random(((int) System.nanoTime()) + this.hashCode());
46 }
47
48 public Integer generateCounterKey(FacesContext facesContext)
49 {
50 ExternalContext externalContext = facesContext.getExternalContext();
51 Object sessionObj = externalContext.getSession(true);
52 Integer sequence;
53 synchronized (sessionObj)
54 {
55 Map<String, Object> map = externalContext.getSessionMap();
56 sequence = (Integer) map.get(RendererUtils.SEQUENCE_PARAM);
57 if (sequence == null || sequence.intValue() == Integer.MAX_VALUE)
58 {
59 sequence = Integer.valueOf(1);
60 }
61 else
62 {
63 sequence = Integer.valueOf(sequence.intValue() + 1);
64 }
65 map.put(RendererUtils.SEQUENCE_PARAM, sequence);
66 }
67 return sequence;
68 }
69
70 public byte[] generateKey(FacesContext facesContext)
71 {
72 byte[] array = new byte[length];
73 random.nextBytes(array);
74 return array;
75 }
76
77 @Override
78 public String createCryptographicallyStrongTokenFromSession(FacesContext context)
79 {
80 byte[] key = generateKey(context);
81 return DatatypeConverter.printHexBinary(key);
82 }
83 }