1   package com.atlassian.seraph.service.rememberme;
2   
3   import org.apache.commons.codec.binary.Base64;
4   
5   import java.security.SecureRandom;
6   
7   /**
8    * A default implementation of {@link RememberMeTokenGenerator}  that should be enough for most apps
9    * <p/>
10   * It uses {@link SecureRandom} to generate a base64 encoded 512 bit string.
11   */
12  public class DefaultRememberMeTokenGenerator implements RememberMeTokenGenerator
13  {
14      private static SecureRandom RANDOM;
15      private static int HOW_MANY_BYTES = 64; // 512 random bits == 64 bytes
16  
17      static
18      {
19          RANDOM = new SecureRandom();
20          RANDOM.nextBytes(new byte[1]); // force self-seeding
21      }
22  
23      public RememberMeToken generateToken(final String userName)
24      {
25          final byte[] randomBytes = Base64.encodeBase64(getRandomBytes(HOW_MANY_BYTES));
26          final String base64 = new String(randomBytes);
27          return DefaultRememberMeToken.builder(base64).setUserName(userName).build();
28      }
29  
30      private byte[] getRandomBytes(int nBytes)
31      {
32          byte[] buffer = new byte[nBytes];
33          synchronized (RANDOM)
34          {
35              RANDOM.nextBytes(buffer);
36          }
37          return buffer;
38      }
39  
40  }