001: /**********************************************************************************
002: * $URL: https://source.sakaiproject.org/svn/metaobj/tags/sakai_2-4-1/metaobj-impl/api-impl/src/java/org/sakaiproject/metaobj/utils/id/guid/RandomGUID.java $
003: * $Id: RandomGUID.java 14225 2006-09-05 17:39:44Z chmaurer@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2004, 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.sakaiproject.metaobj.utils.id.guid;
021:
022: /*
023: * RandomGUID
024: * @version 1.2.1 11/05/02
025: * @author Marc A. Mnich
026: *
027: * From www.JavaExchange.com, Open Software licensing
028: *
029: * 11/05/02 -- Performance enhancement from Mike Dubman.
030: * Moved InetAddr.getLocal to static block. Mike has measured
031: * a 10 fold improvement in run time.
032: * 01/29/02 -- Bug fix: Improper seeding of nonsecure Random object
033: * caused duplicate GUIDs to be produced. Random object
034: * is now only created once per JVM.
035: * 01/19/02 -- Modified random seeding and added new constructor
036: * to allow secure random feature.
037: * 01/14/02 -- Added random function seeding with JVM run time
038: *
039: */
040:
041: import java.net.InetAddress;
042: import java.net.UnknownHostException;
043: import java.security.MessageDigest;
044: import java.security.NoSuchAlgorithmException;
045: import java.security.SecureRandom;
046: import java.util.Random;
047:
048: /*
049: * In the multitude of java GUID generators, I found none that
050: * guaranteed randomness. GUIDs are guaranteed to be globally unique
051: * by using ethernet MACs, IP addresses, time elements, and sequential
052: * numbers. GUIDs are not expected to be random and most often are
053: * easy/possible to guess given a sample from a given generator.
054: * SQL Server, for example generates GUID that are unique but
055: * sequencial within a given instance.
056: *
057: * GUIDs can be used as security devices to hide things such as
058: * files within a filesystem where listings are unavailable (e.g. files
059: * that are served up from a Web server with indexing turned off).
060: * This may be desireable in cases where standard authentication is not
061: * appropriate. In this scenario, the RandomGUIDs are used as directories.
062: * Another example is the use of GUIDs for primary keys in a database
063: * where you want to ensure that the keys are secret. Random GUIDs can
064: * then be used in a URL to prevent hackers (or users) from accessing
065: * records by guessing or simply by incrementing sequential numbers.
066: *
067: * There are many other possiblities of using GUIDs in the realm of
068: * security and encryption where the element of randomness is important.
069: * This class was written for these purposes but can also be used as a
070: * general purpose GUID generator as well.
071: *
072: * RandomGUID generates truly random GUIDs by using the system's
073: * IP address (name/IP), system time in milliseconds (as an integer),
074: * and a very large random number joined together in a single String
075: * that is passed through an MD5 hash. The IP address and system time
076: * make the MD5 seed globally unique and the random number guarantees
077: * that the generated GUIDs will have no discernable pattern and
078: * cannot be guessed given any number of previously generated GUIDs.
079: * It is generally not possible to access the seed information (IP, time,
080: * random number) from the resulting GUIDs as the MD5 hash algorithm
081: * provides one way encryption.
082: *
083: * ----> Security of RandomGUID: <-----
084: * RandomGUID can be called one of two ways -- with the basic java Random
085: * number generator or a cryptographically strong random generator
086: * (SecureRandom). The choice is offered because the secure random
087: * generator takes about 3.5 times longer to generate its random numbers
088: * and this performance hit may not be worth the added security
089: * especially considering the basic generator is seeded with a
090: * cryptographically strong random seed.
091: *
092: * Seeding the basic generator in this way effectively decouples
093: * the random numbers from the time component making it virtually impossible
094: * to predict the random number component even if one had absolute knowledge
095: * of the System time. Thanks to Ashutosh Narhari for the suggestion
096: * of using the static method to prime the basic random generator.
097: *
098: * Using the secure random option, this class compies with the statistical
099: * random number generator tests specified in FIPS 140-2, Security
100: * Requirements for Cryptographic Modules, secition 4.9.1.
101: *
102: * I converted all the pieces of the seed to a String before handing
103: * it over to the MD5 hash so that you could print it out to make
104: * sure it contains the data you expect to see and to give a nice
105: * warm fuzzy. If you need better performance, you may want to stick
106: * to byte[] arrays.
107: *
108: * I believe that it is important that the algorithm for
109: * generating random GUIDs be open for inspection and modification.
110: * This class is free for all uses.
111: *
112: *
113: * - Marc
114: */
115:
116: public class RandomGUID extends Object {
117: protected final org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
118: .getLog(getClass());
119:
120: public String valueBeforeMD5 = "";
121: public String valueAfterMD5 = "";
122: private static Random myRand;
123: private static SecureRandom mySecureRand;
124:
125: private static String s_id;
126: private static final int PAD_BELOW = 0x10;
127: private static final int TWO_BYTES = 0xFF;
128:
129: /*
130: * Static block to take care of one time secureRandom seed.
131: * It takes a few seconds to initialize SecureRandom. You might
132: * want to consider removing this static block or replacing
133: * it with a "time since first loaded" seed to reduce this time.
134: * This block will run only once per JVM instance.
135: */
136:
137: static {
138: mySecureRand = new SecureRandom();
139: long secureInitializer = mySecureRand.nextLong();
140: myRand = new Random(secureInitializer);
141: try {
142: s_id = InetAddress.getLocalHost().toString();
143: } catch (UnknownHostException e) {
144: e.printStackTrace();
145: }
146:
147: }
148:
149: /*
150: * Default constructor. With no specification of security option,
151: * this constructor defaults to lower security, high performance.
152: */
153: public RandomGUID() {
154: getRandomGUID(false);
155: }
156:
157: /*
158: * Constructor with security option. Setting secure true
159: * enables each random number generated to be cryptographically
160: * strong. Secure false defaults to the standard Random function seeded
161: * with a single cryptographically strong random number.
162: */
163: public RandomGUID(boolean secure) {
164: getRandomGUID(secure);
165: }
166:
167: /*
168: * Method to generate the random GUID
169: */
170: private void getRandomGUID(boolean secure) {
171: MessageDigest md5 = null;
172: StringBuffer sbValueBeforeMD5 = new StringBuffer(128);
173:
174: try {
175: md5 = MessageDigest.getInstance("MD5");
176: } catch (NoSuchAlgorithmException e) {
177: logger.error("Error: " + e);
178: }
179:
180: try {
181: long time = System.currentTimeMillis();
182: long rand = 0;
183:
184: if (secure) {
185: rand = mySecureRand.nextLong();
186: } else {
187: rand = myRand.nextLong();
188: }
189:
190: // This StringBuffer can be a long as you need; the MD5
191: // hash will always return 128 bits. You can change
192: // the seed to include anything you want here.
193: // You could even stream a file through the MD5 making
194: // the odds of guessing it at least as great as that
195: // of guessing the contents of the file!
196: sbValueBeforeMD5.append(s_id);
197: sbValueBeforeMD5.append(":");
198: sbValueBeforeMD5.append(Long.toString(time));
199: sbValueBeforeMD5.append(":");
200: sbValueBeforeMD5.append(Long.toString(rand));
201:
202: valueBeforeMD5 = sbValueBeforeMD5.toString();
203: md5.update(valueBeforeMD5.getBytes());
204:
205: byte[] array = md5.digest();
206: StringBuffer sb = new StringBuffer(32);
207: for (int j = 0; j < array.length; ++j) {
208: int b = array[j] & TWO_BYTES;
209: if (b < PAD_BELOW) {
210: sb.append('0');
211: }
212: sb.append(Integer.toHexString(b));
213: }
214:
215: valueAfterMD5 = sb.toString();
216:
217: } catch (Exception e) {
218: logger.error("Error:" + e);
219: }
220: }
221:
222: /*
223: * Convert to the standard format for GUID
224: * (Useful for SQL Server UniqueIdentifiers, etc.)
225: * Example: C2FEEEAC-CFCD-11D1-8B05-00600806D9B6
226: */
227: public String toString() {
228: String raw = valueAfterMD5.toUpperCase();
229: StringBuffer sb = new StringBuffer(64);
230: sb.append(raw.substring(0, 8));
231: sb.append("-");
232: sb.append(raw.substring(8, 12));
233: sb.append("-");
234: sb.append(raw.substring(12, 16));
235: sb.append("-");
236: sb.append(raw.substring(16, 20));
237: sb.append("-");
238: sb.append(raw.substring(20));
239:
240: return sb.toString();
241: }
242:
243: /*
244: // Demonstraton and self test of class
245: public static void main(String args[]) {
246: for (int i=0; i< 100; i++) {
247: RandomGUID myGUID = new RandomGUID();
248: System.out.println("Seeding String=" + myGUID.valueBeforeMD5);
249: System.out.println("rawGUID=" + myGUID.valueAfterMD5);
250: System.out.println("RandomGUID=" + myGUID.toString());
251: }
252: }
253: */
254:
255: }
|