From 6afaca2ace51e823a7109e07b20e0c402333ba57 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 13:23:47 +0000 Subject: [PATCH] Introduced protections against predictable RNG abuse --- .../java/com/genersoft/iot/vmp/conf/redis/RedisRpcConfig.java | 3 ++- .../iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java | 3 ++- .../java/com/genersoft/iot/vmp/jt1078/cmd/JT1078Template.java | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/genersoft/iot/vmp/conf/redis/RedisRpcConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/redis/RedisRpcConfig.java index b762838c..ce28a35f 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/redis/RedisRpcConfig.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/redis/RedisRpcConfig.java @@ -7,6 +7,7 @@ import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcMessage; import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcRequest; import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcResponse; import com.genersoft.iot.vmp.service.redisMsg.control.RedisRpcController; +import java.security.SecureRandom; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; @@ -31,7 +32,7 @@ public class RedisRpcConfig implements MessageListener { public final static String REDIS_REQUEST_CHANNEL_KEY = "WVP_REDIS_REQUEST_CHANNEL_KEY"; - private final Random random = new Random(); + private final Random random = new SecureRandom(); @Autowired private UserSetting userSetting; diff --git a/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java b/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java index 2de1e913..9e451f86 100644 --- a/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java +++ b/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java @@ -26,6 +26,7 @@ package com.genersoft.iot.vmp.gb28181.auth; import gov.nist.core.InternalErrorHandler; +import java.security.SecureRandom; import lombok.extern.slf4j.Slf4j; import javax.sip.address.URI; @@ -83,7 +84,7 @@ public class DigestServerAuthenticationHelper { */ private String generateNonce() { long time = Instant.now().toEpochMilli(); - Random rand = new Random(); + Random rand = new SecureRandom(); long pad = rand.nextLong(); String nonceString = Long.valueOf(time).toString() + Long.valueOf(pad).toString(); diff --git a/src/main/java/com/genersoft/iot/vmp/jt1078/cmd/JT1078Template.java b/src/main/java/com/genersoft/iot/vmp/jt1078/cmd/JT1078Template.java index c55c6276..cee48264 100644 --- a/src/main/java/com/genersoft/iot/vmp/jt1078/cmd/JT1078Template.java +++ b/src/main/java/com/genersoft/iot/vmp/jt1078/cmd/JT1078Template.java @@ -3,6 +3,7 @@ package com.genersoft.iot.vmp.jt1078.cmd; import com.genersoft.iot.vmp.jt1078.proc.entity.Cmd; import com.genersoft.iot.vmp.jt1078.proc.response.*; import com.genersoft.iot.vmp.jt1078.session.SessionManager; +import java.security.SecureRandom; import java.util.Random; @@ -13,7 +14,7 @@ import java.util.Random; */ public class JT1078Template { - private final Random random = new Random(); + private final Random random = new SecureRandom(); private static final String H9101 = "9101"; private static final String H9102 = "9102";