#60: use a random UUID directly for request ids

miszobi · miszobi · commit 8f7ecb44241c · 2016-08-30T13:39:04.000+02:00
diff --git a/core/src/main/java/com/onelogin/saml2/util/Util.java b/core/src/main/java/com/onelogin/saml2/util/Util.java
@@ -1345,46 +1345,9 @@ private static SecretKey generateSymmetricKey() throws Exception {
 	 * @return A unique string
 	 */
 	public static String generateUniqueID() {
-		try {
-			Random r = new Random();
-			Integer n = r.nextInt();
-
-			String id = uniqid(n.toString(), true);
-
-			MessageDigest crypt = MessageDigest.getInstance("SHA-1");
-			crypt.reset();
-			crypt.update(id.getBytes());
-			final String uniqueIdSha1 = new BigInteger(1, crypt.digest()).toString(16);
-
-			return UNIQUE_ID_PREFIX + uniqueIdSha1;
-		} catch (Exception e) {
-			throw new RuntimeException("Error executing generateUniqueID: " + e.getMessage(), e);
-		}
+		return UNIQUE_ID_PREFIX + UUID.randomUUID();
 	}
 
-	/**
-	 * Generates random UUID
-	 * 
-	 * @param prefix
-	 *
-	 * @param more_entropy
-	 * 
-	 * @return the random UUID
-	 */
-	public static String uniqid(String prefix, Boolean more_entropy) {
-		if (prefix != null && StringUtils.isEmpty(prefix)) {
-			prefix = StringUtils.EMPTY;
-		}
-
-		if (!more_entropy) {
-			return (String) (prefix + UUID.randomUUID().toString()).substring(
-					0, 13);
-		} else {
-			return (String) (prefix + UUID.randomUUID().toString() + UUID
-					.randomUUID().toString()).substring(0, 23);
-		}
-	}
-	
 	/**
 	 * Interprets a ISO8601 duration value relative to a current time timestamp.
 	 *
diff --git a/core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java b/core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java
@@ -4,6 +4,7 @@
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
 import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
@@ -1893,7 +1894,7 @@ public void testGenerateNameId() throws URISyntaxException, IOException, Certifi
 	public void testGenerateUniqueID() {
 		String s1 = Util.generateUniqueID();
 
-		assertThat(s1, containsString(Util.UNIQUE_ID_PREFIX));
+		assertThat(s1, startsWith(Util.UNIQUE_ID_PREFIX));
 		assertTrue(s1.length() > 40);
 		
 		String s2 = Util.generateUniqueID();
@@ -1903,36 +1904,6 @@ public void testGenerateUniqueID() {
 		assertNotEquals(s2, s3);
 	}
 
-	/**
-	 * Tests the uniqid method
-	 * 
-	 * @see com.onelogin.saml2.util.Util#uniqid
-	 */
-	@Test
-	public void testUniqid() {
-		String id_1 = Util.uniqid(null, false);
-		String id_2 = Util.uniqid(null, false);
-		assertNotEquals(id_1, id_2);
-
-		String id_3 = Util.uniqid(null, true);
-		String id_4 = Util.uniqid(null, true);
-		assertNotEquals(id_3, id_4);
-
-		assertNotEquals(id_1, id_3);
-		assertNotEquals(id_1, id_4);
-		assertNotEquals(id_2, id_3);
-		assertNotEquals(id_2, id_4);
-
-		String id_5 = Util.uniqid(Util.UNIQUE_ID_PREFIX, false);
-		String id_6 = Util.uniqid(Util.UNIQUE_ID_PREFIX, true);
-		assertThat(id_5, containsString(Util.UNIQUE_ID_PREFIX));
-		assertThat(id_6, containsString(Util.UNIQUE_ID_PREFIX));
-		assertNotEquals(id_5, id_6);
-
-		String id_7 = Util.uniqid("", false);
-		assertNotEquals(id_6, id_7);
-	}
-
 	/**
 	 * Tests the parseDuration method
 	 * 
