• Home
• com.yahoo.vespa
• security-utils
• 8.437.12
• source code
• TokenGenerator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.yahoo.security.token.TokenGenerator Maven / Gradle / Ivy

// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.security.token;

import com.yahoo.security.Base62;

import java.security.SecureRandom;

/**
 * 

 * Generates new {@link Token} instances that encapsulate a given number of cryptographically
 * secure random bytes and, with a sufficiently high number of bytes (>= 16), can be expected
 * to be globally unique and computationally infeasible to guess or brute force.
 * 

 * Tokens are returned in a printable and copy/paste-friendly form (Base62) with an optional
 * prefix string.
 * 

 * Example of token string generated with the prefix "itsa_me_mario_" and 32 random bytes:
 * 
 * 
 *     itsa_me_mario_nALfICMyrC4NFagwAkiOdGh80DPS1vSUPprGUKVPLya
 * 
 * 

 * Tokens are considered secret information, and must be treated as such.
 * 
 */
public class TokenGenerator {

    private static final SecureRandom CSPRNG = new SecureRandom();

    public static Token generateToken(TokenDomain domain, String prefix, int nRandomBytes) {
        if (nRandomBytes <= 0) {
            throw new IllegalArgumentException("Token bytes must be a positive integer");
        }
        byte[] tokenRand = new byte[nRandomBytes];
        CSPRNG.nextBytes(tokenRand);
        return new Token(domain, "%s%s".formatted(prefix, Base62.codec().encode(tokenRand)));
    }

}