Prevent timing attacks against hash check.

[gigi.git] / src / org / cacert / gigi / util / RandomToken.java

diff --git a/src/org/cacert/gigi/util/RandomToken.java b/src/org/cacert/gigi/util/RandomToken.java
index 8e83bb90aab8943b559ef5c450f6cfb762565d47..b84ee0372e7a08f1c36aca99464fc63dedce7d80 100644 (file)
--- a/src/org/cacert/gigi/util/RandomToken.java
+++ b/src/org/cacert/gigi/util/RandomToken.java
@@ -4,19 +4,22 @@ import java.security.SecureRandom;
 
 public class RandomToken {
        static SecureRandom sr = new SecureRandom();
+
        public static String generateToken(int length) {
                StringBuffer token = new StringBuffer();
                for (int i = 0; i < length; i++) {
                        int rand = sr.nextInt(26 * 2 + 10);
                        if (rand < 10) {
-                               token.append('0' + rand);
+                               token.append((char) ('0' + rand));
+                               continue;
                        }
                        rand -= 10;
                        if (rand < 26) {
-                               token.append('a' + rand);
+                               token.append((char) ('a' + rand));
+                               continue;
                        }
                        rand -= 26;
-                       token.append('A' + rand);
+                       token.append((char) ('A' + rand));
                }
                return token.toString();
        }