diff --git a/thunder-core/src/main/java/network/thunder/core/communication/layer/high/payments/messages/LNPaymentAMessage.java b/thunder-core/src/main/java/network/thunder/core/communication/layer/high/payments/messages/LNPaymentAMessage.java index 12bbe364..ae3147c1 100644 --- a/thunder-core/src/main/java/network/thunder/core/communication/layer/high/payments/messages/LNPaymentAMessage.java +++ b/thunder-core/src/main/java/network/thunder/core/communication/layer/high/payments/messages/LNPaymentAMessage.java @@ -3,7 +3,7 @@ import com.google.common.base.Preconditions; import network.thunder.core.communication.layer.high.RevocationHash; -import java.util.Random; +import java.security.SecureRandom; public class LNPaymentAMessage implements LNPayment { @@ -12,7 +12,7 @@ public class LNPaymentAMessage implements LNPayment { public RevocationHash newRevocation; public LNPaymentAMessage (ChannelUpdate channelUpdate, RevocationHash newRevocation) { - this.dice = new Random().nextInt(Integer.MAX_VALUE); + this.dice = new SecureRandom().nextInt(Integer.MAX_VALUE); this.channelStatus = channelUpdate; this.newRevocation = newRevocation; diff --git a/thunder-core/src/main/java/network/thunder/core/communication/layer/low/ping/PingHandler.java b/thunder-core/src/main/java/network/thunder/core/communication/layer/low/ping/PingHandler.java index c83729ab..6e42b583 100644 --- a/thunder-core/src/main/java/network/thunder/core/communication/layer/low/ping/PingHandler.java +++ b/thunder-core/src/main/java/network/thunder/core/communication/layer/low/ping/PingHandler.java @@ -19,6 +19,7 @@ import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPromise; +import java.security.SecureRandom; import java.util.Random; public class PingHandler extends ChannelDuplexHandler { @@ -35,7 +36,7 @@ public class PingHandler extends ChannelDuplexHandler { ChannelHandlerContext ctx; - Random random = new Random(); + Random random = new SecureRandom(); @Override public void channelActive (ChannelHandlerContext ctx) throws Exception { diff --git a/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/gossip/GossipProcessorImpl.java b/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/gossip/GossipProcessorImpl.java index bb57a8ed..fed12509 100644 --- a/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/gossip/GossipProcessorImpl.java +++ b/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/gossip/GossipProcessorImpl.java @@ -12,9 +12,9 @@ import network.thunder.core.etc.Tools; import java.nio.ByteBuffer; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; -import java.util.Random; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -61,7 +61,7 @@ public boolean consumesOutboundMessage (Object object) { @Override public void onLayerActive (MessageExecutor messageExecutor) { - this.randomNumber = new Random().nextInt(); + this.randomNumber = new SecureRandom().nextInt(); this.messageExecutor = messageExecutor; subject.registerObserver(this); diff --git a/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/types/PubkeyIPObject.java b/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/types/PubkeyIPObject.java index 97100750..ffc7a563 100644 --- a/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/types/PubkeyIPObject.java +++ b/thunder-core/src/main/java/network/thunder/core/communication/layer/middle/broadcasting/types/PubkeyIPObject.java @@ -8,6 +8,7 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; +import java.security.SecureRandom; import java.sql.ResultSet; import java.sql.SQLException; import java.util.*; @@ -33,7 +34,7 @@ public PubkeyIPObject (ResultSet set) throws SQLException { public static PubkeyIPObject getRandomObject () { PubkeyIPObject obj = new PubkeyIPObject(); - Random random = new Random(); + Random random = new SecureRandom(); obj.hostname = random.nextInt(255) + "." + random.nextInt(255) + "." + random.nextInt(255) + "." + random.nextInt(255); diff --git a/thunder-core/src/main/java/network/thunder/core/etc/Tools.java b/thunder-core/src/main/java/network/thunder/core/etc/Tools.java index d858b984..5ed25037 100644 --- a/thunder-core/src/main/java/network/thunder/core/etc/Tools.java +++ b/thunder-core/src/main/java/network/thunder/core/etc/Tools.java @@ -36,6 +36,7 @@ import java.nio.ByteBuffer; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.util.*; /** @@ -46,7 +47,7 @@ public class Tools { final protected static char[] hexArray = "0123456789abcdef".toCharArray(); public static int getRandom (int min, int max) { - return new Random().nextInt(max + 1 - min) + min; + return new SecureRandom().nextInt(max + 1 - min) + min; } /** @@ -173,12 +174,12 @@ public static int boolToInt (boolean bool) { } public static T getRandomItemFromList (List list) { - int randomNumber = new Random().nextInt(list.size()); + int randomNumber = new SecureRandom().nextInt(list.size()); return list.get(randomNumber); } public static List getRandomSubList (List input, int subsetSize) { - Random r = new Random(); + Random r = new SecureRandom(); int inputSize = input.size(); for (int i = 0; i < subsetSize; i++) { int indexToSwap = i + r.nextInt(inputSize - i); @@ -353,7 +354,7 @@ public static Script getMultisigInputScript (ECDSASignature client, ECDSASignatu public static byte[] getRandomByte (int amount) { byte[] b = new byte[amount]; - Random r = new Random(); + Random r = new SecureRandom(); r.nextBytes(b); return b; } diff --git a/thunder-core/src/main/java/network/thunder/core/helper/wallet/MockWallet.java b/thunder-core/src/main/java/network/thunder/core/helper/wallet/MockWallet.java index 56bebc25..f8d234bb 100644 --- a/thunder-core/src/main/java/network/thunder/core/helper/wallet/MockWallet.java +++ b/thunder-core/src/main/java/network/thunder/core/helper/wallet/MockWallet.java @@ -7,6 +7,7 @@ import org.bitcoinj.wallet.WalletTransaction; import java.math.BigInteger; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -28,7 +29,7 @@ public MockWallet (NetworkParameters params, int totalOutputs) { super(params); // - Random random = new Random(); + Random random = new SecureRandom(); for (int i = 1; i < 101; i++) { Transaction transaction = new Transaction(Constants.getNetwork()); diff --git a/thunder-core/src/test/java/network/thunder/core/communication/layers/low/AuthenticationHandlerTest.java b/thunder-core/src/test/java/network/thunder/core/communication/layers/low/AuthenticationHandlerTest.java index d8127ab0..a595fbd4 100644 --- a/thunder-core/src/test/java/network/thunder/core/communication/layers/low/AuthenticationHandlerTest.java +++ b/thunder-core/src/test/java/network/thunder/core/communication/layers/low/AuthenticationHandlerTest.java @@ -1,24 +1,25 @@ package network.thunder.core.communication.layers.low; import io.netty.channel.embedded.EmbeddedChannel; +import network.thunder.core.communication.ClientObject; +import network.thunder.core.communication.ServerObject; +import network.thunder.core.communication.layer.ContextFactory; +import network.thunder.core.communication.layer.FailureMessage; import network.thunder.core.communication.layer.Message; import network.thunder.core.communication.layer.ProcessorHandler; import network.thunder.core.communication.layer.low.authentication.messages.AuthenticationMessage; -import network.thunder.core.communication.layer.ContextFactory; -import network.thunder.core.helper.events.LNEventHelper; -import network.thunder.core.communication.layer.FailureMessage; import network.thunder.core.etc.MockContextFactory; import network.thunder.core.etc.MockLNEventHelper; import network.thunder.core.etc.RandomDataMessage; import network.thunder.core.helper.crypto.ECDH; -import network.thunder.core.communication.ClientObject; -import network.thunder.core.communication.ServerObject; +import network.thunder.core.helper.events.LNEventHelper; import org.junit.Before; import org.junit.Test; import java.beans.PropertyVetoException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; +import java.security.SecureRandom; import java.security.Security; import java.sql.SQLException; import java.util.Random; @@ -76,7 +77,7 @@ public void authenticationFail () throws NoSuchProviderException, NoSuchAlgorith byte[] sig = authenticationMessage.signature; byte[] b = new byte[4]; - Random r = new Random(); + Random r = new SecureRandom(); r.nextBytes(b); System.arraycopy(b, 0, sig, 10, 4); diff --git a/thunder-core/src/test/java/network/thunder/core/communication/layers/mid/GossipHandlerTest.java b/thunder-core/src/test/java/network/thunder/core/communication/layers/mid/GossipHandlerTest.java index d43544b7..d85c8137 100644 --- a/thunder-core/src/test/java/network/thunder/core/communication/layers/mid/GossipHandlerTest.java +++ b/thunder-core/src/test/java/network/thunder/core/communication/layers/mid/GossipHandlerTest.java @@ -19,11 +19,11 @@ import org.junit.Test; import java.beans.PropertyVetoException; +import java.security.SecureRandom; import java.sql.SQLException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.Random; import static org.hamcrest.core.IsInstanceOf.instanceOf; import static org.junit.Assert.*; @@ -130,7 +130,7 @@ public void shouldAskForDataAfterInv () throws Exception { ArrayList invList = new ArrayList<>(); for (int i = 0; i < 20; i++) { byte[] b = new byte[20]; - new Random().nextBytes(b); + new SecureRandom().nextBytes(b); invList.add(b); } @@ -227,7 +227,7 @@ private void prepareNodes () { private void prepareNode (ServerObject node) { node.init(); - node.portServer = new Random().nextInt(65555); + node.portServer = new SecureRandom().nextInt(65555); node.hostServer = "localhost"; } diff --git a/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentDBHandlerMock.java b/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentDBHandlerMock.java index 7827c62c..aec8d42b 100644 --- a/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentDBHandlerMock.java +++ b/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentDBHandlerMock.java @@ -1,15 +1,15 @@ package network.thunder.core.etc; -import network.thunder.core.communication.layer.high.ChannelStatus; import network.thunder.core.communication.layer.high.Channel; +import network.thunder.core.communication.layer.high.ChannelStatus; import network.thunder.core.communication.layer.high.RevocationHash; import network.thunder.core.communication.layer.high.payments.PaymentSecret; import network.thunder.core.database.objects.PaymentWrapper; import org.bitcoinj.core.ECKey; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; -import java.util.Random; public class LNPaymentDBHandlerMock extends DBHandlerMock { public static final long INITIAL_AMOUNT_CHANNEL = 10000000; @@ -141,7 +141,7 @@ public byte[] getReceiverOfPayment (PaymentSecret paymentSecret) { @Override public RevocationHash createRevocationHash (Channel channel) { byte[] secret = new byte[20]; - new Random().nextBytes(secret); + new SecureRandom().nextBytes(secret); byte[] secretHash = Tools.hashSecret(secret); RevocationHash hash = new RevocationHash(1, 1, secret, secretHash); return hash; diff --git a/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentMessageFactoryMock.java b/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentMessageFactoryMock.java index fb8b02fe..428df22b 100644 --- a/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentMessageFactoryMock.java +++ b/thunder-core/src/test/java/network/thunder/core/etc/LNPaymentMessageFactoryMock.java @@ -11,13 +11,14 @@ import org.bitcoinj.core.Transaction; import org.bitcoinj.crypto.TransactionSignature; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Random; public class LNPaymentMessageFactoryMock extends MesssageFactoryImpl implements LNPaymentMessageFactory { - Random random = new Random(); + Random random = new SecureRandom(); @Override public LNPaymentAMessage getMessageA (Channel channel, ChannelUpdate statusTemp) { diff --git a/thunder-core/src/test/java/network/thunder/core/etc/RandomDataMessage.java b/thunder-core/src/test/java/network/thunder/core/etc/RandomDataMessage.java index dbec1cf6..3bdd1281 100644 --- a/thunder-core/src/test/java/network/thunder/core/etc/RandomDataMessage.java +++ b/thunder-core/src/test/java/network/thunder/core/etc/RandomDataMessage.java @@ -2,6 +2,7 @@ import network.thunder.core.communication.layer.Message; +import java.security.SecureRandom; import java.util.Arrays; import java.util.Random; @@ -10,7 +11,7 @@ public class RandomDataMessage implements Message { public RandomDataMessage () { //Create some gibberish to parse through them byte[] message = new byte[1024]; - Random r = new Random(); + Random r = new SecureRandom(); r.nextBytes(message); data = message; } diff --git a/thunder-core/src/test/java/network/thunder/core/etc/RevocationHashTest.java b/thunder-core/src/test/java/network/thunder/core/etc/RevocationHashTest.java index 06e6e224..d33926b0 100644 --- a/thunder-core/src/test/java/network/thunder/core/etc/RevocationHashTest.java +++ b/thunder-core/src/test/java/network/thunder/core/etc/RevocationHashTest.java @@ -3,6 +3,7 @@ import network.thunder.core.communication.layer.high.RevocationHash; import org.junit.Test; +import java.security.SecureRandom; import java.util.Random; import static org.junit.Assert.assertFalse; @@ -13,7 +14,7 @@ public class RevocationHashTest { @Test public void shouldFailBecauseOfWrongSecret () throws Exception { byte[] secret = new byte[20]; - Random r = new Random(); + Random r = new SecureRandom(); r.nextBytes(secret); RevocationHash revocationHash = new RevocationHash(10, 10, secret, secret); @@ -23,7 +24,7 @@ public void shouldFailBecauseOfWrongSecret () throws Exception { @Test public void shouldPassBecauseCorrectSecret () throws Exception { byte[] secret = new byte[20]; - Random r = new Random(); + Random r = new SecureRandom(); r.nextBytes(secret); byte[] hash = Tools.hashSecret(secret); @@ -34,7 +35,7 @@ public void shouldPassBecauseCorrectSecret () throws Exception { @Test public void shouldPassBecauseOfNewMaster () throws Exception { byte[] secret = new byte[20]; - Random r = new Random(); + Random r = new SecureRandom(); r.nextBytes(secret); RevocationHash revocationHash = new RevocationHash(0, 0, secret, secret);