Created
September 21, 2016 12:42
-
-
Save gerv/ae34362b720c24a6907435ebde7a6678 to your computer and use it in GitHub Desktop.
Test harness to show distribution of top nybble for serial number generation code from WoSign
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.math.BigInteger; | |
import java.security.SecureRandom; | |
class WoSignSerialNumberTest { | |
public static void main(String[] args) { | |
int[] nibbles = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; | |
for (int i = 0; i < 100000; i++) | |
{ | |
String serial = createSerialNumber(); | |
int topNibble = Integer.parseInt(serial.substring(0, 1), 16); | |
nibbles[topNibble] = nibbles[topNibble] + 1; | |
} | |
for (int j = 0; j < 16; j++) { | |
System.out.println(j + ": " + nibbles[j]); | |
} | |
} | |
// This is the code supplied by WoSign, with added comments by gerv | |
public static String createSerialNumber() { | |
String serialString = ""; | |
while(true) { | |
// gerv: generate a random number of 128 bits from SecureRandom | |
BigInteger serialNumber = new BigInteger(128, new SecureRandom()); | |
// gerv: returns hex representation of 128-bit number, but doesn't pad | |
serialString = serialNumber.toString(16); | |
// gerv: Checks that number is 32 hex digits (so function produces no output which would start 0x0) | |
if (serialString.length() == 32) { | |
break; | |
} | |
} | |
// gerv: commented out as there was no need to make this line work | |
// logger.debug(" Generating 32 bits certificate sequence number: "+ serialString + " len=" + serialString.length()); | |
return serialString.toUpperCase(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment