1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.myfaces.push.cdi;
20
21 import javax.faces.context.FacesContext;
22 import javax.xml.bind.DatatypeConverter;
23
24 import org.apache.myfaces.application.StateCache;
25 import org.apache.myfaces.shared.util.WebConfigParamUtils;
26
27
28
29
30
31
32
33
34 class SecureRandomCsrfSessionTokenFactory extends CsrfSessionTokenFactory
35 {
36 private final SessionIdGenerator sessionIdGenerator;
37 private final int length;
38
39 public SecureRandomCsrfSessionTokenFactory(FacesContext facesContext)
40 {
41 length = WebConfigParamUtils.getIntegerInitParameter(
42 facesContext.getExternalContext(),
43 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM,
44 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_LENGTH_PARAM_DEFAULT);
45 sessionIdGenerator = new SessionIdGenerator();
46 sessionIdGenerator.setSessionIdLength(length);
47 String secureRandomClass = WebConfigParamUtils.getStringInitParameter(
48 facesContext.getExternalContext(),
49 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM);
50 if (secureRandomClass != null)
51 {
52 sessionIdGenerator.setSecureRandomClass(secureRandomClass);
53 }
54 String secureRandomProvider = WebConfigParamUtils.getStringInitParameter(
55 facesContext.getExternalContext(),
56 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM);
57 if (secureRandomProvider != null)
58 {
59 sessionIdGenerator.setSecureRandomProvider(secureRandomProvider);
60 }
61 String secureRandomAlgorithm = WebConfigParamUtils.getStringInitParameter(
62 facesContext.getExternalContext(),
63 StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM);
64 if (secureRandomAlgorithm != null)
65 {
66 sessionIdGenerator.setSecureRandomAlgorithm(secureRandomAlgorithm);
67 }
68 }
69
70 public byte[] generateKey(FacesContext facesContext)
71 {
72 byte[] array = new byte[length];
73 sessionIdGenerator.getRandomBytes(array);
74 return array;
75 }
76
77 @Override
78 public String createCryptographicallyStrongTokenFromSession(FacesContext context)
79 {
80 byte[] key = generateKey(context);
81 return DatatypeConverter.printHexBinary(key);
82 }
83 }