Use a secure random generator to seed nonce for digest authentication
https://tools.ietf.org/html/rfc7616 says: 5.12. Parameter Randomness The security of this protocol is critically dependent on the randomness of the randomly chosen parameters, such as client and server nonces. These should be generated by a strong random or properly seeded pseudorandom source (see [RFC4086]). Change-Id: I4da5316cb1eb3f59ae06c070ce1c3335e9ee87d6 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This commit is contained in:
parent
81fa158e7c
commit
78db9bd175
|
@ -51,6 +51,7 @@
|
|||
import java.net.URL;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
|
@ -59,7 +60,6 @@
|
|||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.Random;
|
||||
|
||||
import org.eclipse.jgit.transport.http.HttpConnection;
|
||||
import org.eclipse.jgit.util.Base64;
|
||||
|
@ -323,7 +323,7 @@ void configureRequest(final HttpConnection conn) throws IOException {
|
|||
|
||||
/** Performs HTTP digest authentication. */
|
||||
private static class Digest extends HttpAuthMethod {
|
||||
private static final Random PRNG = new Random();
|
||||
private static final SecureRandom PRNG = new SecureRandom();
|
||||
|
||||
private final Map<String, String> params;
|
||||
|
||||
|
|
Loading…
Reference in New Issue