Revert AlphanumericRandomStringService hack for seed generation.

chenkins · chenkins · commit 715091ab38cd · 2025-02-25T11:30:06.000+01:00
diff --git a/hub/src/main/java/ch/iterate/hub/crypto/uvf/UvfMetadataPayload.java b/hub/src/main/java/ch/iterate/hub/crypto/uvf/UvfMetadataPayload.java
@@ -15,7 +15,6 @@
 import org.openapitools.jackson.nullable.JsonNullableModule;
 
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.text.ParseException;
@@ -99,13 +98,10 @@ public String toJSON() throws JsonProcessingException {
 
     public static UvfMetadataPayload create() {
         final String kid = Base64URL.encode(new AlphanumericRandomStringService(4).random()).toString();
-        // TODO hashDirectoryId String/byte[]? byte[] -> UTF-8 -> byte[] not 1:1! See UvfMetadataPayloadTest -> we should use byte array directly going into hashDirectoryId -> do we need to write own CryptoDirectory?
-//        final byte[] rawSeed = new byte[32];
-//        FastSecureRandomProvider.get().provide().nextBytes(rawSeed);
-//        final byte[] kdfSalt = new byte[32];
-//        FastSecureRandomProvider.get().provide().nextBytes(kdfSalt);
-        final byte[] rawSeed = new AlphanumericRandomStringService(4).random().getBytes(StandardCharsets.UTF_8);
-        final byte[] kdfSalt = new AlphanumericRandomStringService(4).random().getBytes(StandardCharsets.UTF_8);
+        final byte[] rawSeed = new byte[32];
+        FastSecureRandomProvider.get().provide().nextBytes(rawSeed);
+        final byte[] kdfSalt = new byte[32];
+        FastSecureRandomProvider.get().provide().nextBytes(kdfSalt);
         return new UvfMetadataPayload()
                 .withFileFormat("AES-256-GCM-32k")
                 .withNameFormat("AES-SIV-512-B64URL")
diff --git a/hub/src/test/java/ch/iterate/hub/crypto/uvf/UvfMetadataPayloadTest.java b/hub/src/test/java/ch/iterate/hub/crypto/uvf/UvfMetadataPayloadTest.java
@@ -12,8 +12,6 @@
 import ch.cyberduck.core.exception.BackgroundException;
 
 import org.cryptomator.cryptolib.api.UVFMasterkey;
-import org.cryptomator.cryptolib.common.ECKeyPair;
-import org.cryptomator.cryptolib.common.P384KeyPair;
 import org.junit.jupiter.api.Test;
 
 import java.nio.charset.StandardCharsets;
@@ -26,7 +24,6 @@
 import java.util.HashMap;
 import java.util.UUID;
 
-import ch.iterate.hub.crypto.UserKeys;
 import ch.iterate.hub.crypto.exceptions.NotECKeyException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.nimbusds.jose.JOSEException;
@@ -36,7 +33,6 @@
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.util.Base64URL;
 
-import static ch.iterate.hub.crypto.KeyHelper.decodeKeyPair;
 import static ch.iterate.hub.crypto.KeyHelper.decodePrivateKey;
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -159,7 +155,7 @@ public void decryptWithRecoveryKey() throws ParseException, JOSEException, NoSuc
     }
 
     @Test
-    public void testWorkaround(){
+    public void testWorkaround() {
         // example of byte array -> UTF-8 -> byte array not working
         final byte[] rootDirId = Base64.getDecoder().decode("L3CoPPdXaaDgrM5YhBujn2t2LFTE5XjYUzC1htzk6tY=");
         assertFalse(Arrays.equals(rootDirId, new String(rootDirId, StandardCharsets.UTF_8).getBytes(StandardCharsets.UTF_8)));
