8

I need to access SecureRandom Java Object from Javascript. My ultimate goal is to grab 4 bytes from PRNG and convert it to Javascript integer variable. According to http://download.oracle.com/javase/1.4.2/docs/api/java/security/SecureRandom.html, the following two lines of Java code are supposed to do grab 4 random bytes:

byte bytes[] = new byte[4];
random.nextBytes(bytes);

My problems is that I don't know how to 1) allocate byte array suitable for passing to Java method 2) parse that array into integer afterwards

So far I have managed to getSeed() method which returns an array of random bytes. When I render HTML code provided below in Firefox it shows "[B@16f70a4", which appears to be a pointer or something.

<script>
var sprng = new java.security.SecureRandom();
random = sprng.getSeed(4);
document.write(random + "<br/>\n");
</script>

This makes me think that I succeed to instantiate and access Java class, but have a problem with type conversion.

Can anyone please help me to write allocateJavaByteArray(N) and convertJavaByteArrayToInt(N) to let the following code work:

var sprng = new java.security.SecureRandom();
var nextBytes = allocateJavaByteArray(4);
srng.nextBytes(nextBytes);
var nextInt = convertJavaByteArrayToInt(4);

Thank you in advance.

abb
  • 684
  • 6
  • 15
  • What sort of weird context are you in that you can get at Java runtime from a ` – Pointy Oct 01 '10 at 12:11
  • I have tested it in Firefox 3.0 on Ubuntu. See also http://docstore.mik.ua/orelly/webprog/jscript/ch22_03.htm – abb Oct 01 '10 at 12:23
  • find a good JSON encoding class for java and pass only JSON as any data for javascript. BTW - I don't get how You put java in – naugtur Oct 01 '10 at 13:04
  • Unless you prefer to stay in denial, please consider checking the link I gave above and/or running the piece of Javascript code I have provided in the OP in a Mozilla-based browser. It does not work in IE though. – abb Oct 01 '10 at 22:40
  • Old question, I know, but did you happen to get a solution? I'm having the same problem... – Altealice Mar 28 '11 at 10:22
  • The cleanest solution appears to be to create Java applet and invoke its method from JavaScript. Other approaches are non-portable. I have posted the original question when I needed to give a customer a recommendation on how to fix the problem. But the customer has chosen to accept the security risk because they didn't want to complicate the application, so I did not prepare any PoC code. When you say you have the same problem -- is it exactly the same (you need good PRNG) or you need to convert the arrays? – abb Mar 28 '11 at 10:41

4 Answers4

2

You could implement convertJavaByteArrayToInt like this:

function convertJavaByteArrayToInt(bytes) {
  var r = 0;
  for (var i = 0; i < bytes.length; i++) {
    r += (bytes[i] & 0xff) << (8 * i);
  }
  return r;
}

allocateJavaByteArray is difficult to implement, because we cannot get the Class of byte. So it's not possible to use java.lang.reflect.Array.newInstance to create a byte[] instance. But here is a tricky implementation:

function allocateJavaByteArray(n) {
  var r = "";
  for (var i = 0; i < n; i++) {
    r += "0";
  }
  return new java.lang.String(r).getBytes();
}

updated: It seems that above code not worked in FireFox 3.6. Here is another allocateJavaByteArray implementation, have a try:

function allocateJavaByteArray(n) {
  var r = new java.io.ByteArrayOutputStream(4);
  for (var i = 0; i < n; i++) {
    r.write(0);
  }
  return r.toByteArray();
}
baotuo
  • 64
  • 4
  • Thanks. I have tried your code: http://pastebin.com/UW59urTW . Unfortunately convertJavaByteArrayToInt() returns 0. I don't know if it is a conversion problem or perhaps SPRNG invocation is incorrect. – abb Jun 01 '11 at 07:41
  • change **convertJavaByteArrayToInt(4)** to **convertJavaByteArrayToInt(nextBytes)** , you will get what you want. – baotuo Jun 01 '11 at 08:35
  • Same difference, I still getting 0.I try it on Firefox 3.6.17 on Ubuntu. On what browser/platform you have it working? – abb Jun 07 '11 at 15:37
  • There appears to be a problem with array allocation. If I try to get its length, I get "public netscape.javascript.JSException(int,java.lang.Object)" instead of expected 4. Any clue why? Here is the updated code: http://pastebin.com/fFr9rwqz – abb Jun 07 '11 at 15:44
  • I test it by FF4.01/MacOSX. Everything is OK. – baotuo Jun 08 '11 at 08:50
  • I have updated the answer and have passed the test in FireFox3.6/MacOSX. Try it. – baotuo Jun 08 '11 at 14:55
0

Java string is the only thing that will pass Java->JS or JS->Java without headache.

byte[] or any arry will be seen in JS as JSObject.


var sprng = new java.security.SecureRandom();

is

var foo= new java.package.SomeClass();

does work in Netscape/Mozilla/FF

It needs access to classes, so any java standard class or you need to load a jar and then access the class.


to orginal question:

  1. create applet whith utility method:

    public String someStringEncodedValue(){ return 1+"|"+2; }

  2. include applet into the page with unique id

  3. JS find applet using unique id

  4. call method

  5. parse string ( split by | )

0

Normally you'd generate the random number on the server and pass it in the Request to the jsp.

Tony Ennis
  • 12,000
  • 7
  • 52
  • 73
0

You could simply generate a random integer in the first place, like this:

var nextInt = sprng.nextInt();
andrewmu
  • 14,276
  • 4
  • 39
  • 37
  • what is the typescript service type for byte? https://stackoverflow.com/questions/74467236/react-typescript-api-type-for-java-byte-image-png – mattsmith5 Nov 16 '22 at 21:32