Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a secure random string generator for par URN generator #258

Open
wants to merge 1 commit into
base: 3.0.0
Choose a base branch
from
Open

Add a secure random string generator for par URN generator #258

wants to merge 1 commit into from

Conversation

Akila94
Copy link
Member

@Akila94 Akila94 commented Jan 9, 2025
edited
Loading

Add a secure random string generator for par URN generator

  • This PR updates the random string generator from RandomStringUtils.randomAlphanumeric(32) to RandomStringUtils.random(32, 0, 0, true, true, null, new SecureRandom()); which is more secure than the first one.

  • Using RandomStringUtils.randomAlphanumeric(32) from Apache Commons Lang is not considered secure for cryptographic purposes, as the underlying random number generator (java.util.Random) is not cryptographically secure.

  • This PR incorporates the SecureRandom() randomizer of java.security package in order to make the random string generation secure and unpredictable.

Issue link: #257

Doc Issue:

Applicable Labels: OB3 Accelerator

Development Checklist

  1. Built complete solution with pull request in place.
  2. Ran checkstyle plugin with pull request in place.
  3. Ran Findbugs plugin with pull request in place.
  4. Ran FindSecurityBugs plugin and verified report.
  5. Formatted code according to WSO2 code style.
  6. Have you verify the PR does't commit any keys, passwords, tokens, usernames, or other secrets?
  7. Migration scripts written (if applicable).
  8. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

  1. Written unit tests.
  2. Documented test scenarios(link available in guides).
  3. Written automation tests (link available in guides).
  4. Verified tests in multiple database environments (if applicable).
  5. Verified tests in multiple deployed specifications (if applicable).
  6. Tested with OBBI enabled (if applicable).
  7. Tested with specification regulatory conformance suites (if applicable).

Automation Test Details

Test Suite Test Script IDs
Integration Suite TCXXXXX, TCXXXX

Conformance Tests Details

Test Suite Name Test Suite Version Scenarios Result
Security Suite VX.X Foo, Bar Passed

Resources

Knowledge Base: https://sites.google.com/wso2.com/open-banking/

Guides: https://sites.google.com/wso2.com/open-banking/developer-guides

@Akila94 Akila94 force-pushed the add-secure-random-generator branch from e83a8b8 to 1afb45c Compare January 9, 2025 10:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imesh94 imesh94 imesh94 approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Akila94 @imesh94