fix(utils): Add Secure rand nth function (#933)

nuvla · Aug 12, 2024 · 0a2623b · 0a2623b
1 parent 98b419f
commit 0a2623b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/code/src/com/sixsq/nuvla/server/resources/common/utils.clj b/code/src/com/sixsq/nuvla/server/resources/common/utils.clj
@@ -148,6 +148,10 @@
        (secure-rand-int)
        (+ min))))
 
+(defn secure-rand-nth
+  [coll]
+  (nth coll (secure-rand-int (count coll))))
+
 
 ;;
 ;; utilities for handling common attributes

diff --git a/code/src/com/sixsq/nuvla/server/resources/credential/key_utils.clj b/code/src/com/sixsq/nuvla/server/resources/credential/key_utils.clj
@@ -1,6 +1,7 @@
 (ns com.sixsq.nuvla.server.resources.credential.key-utils
   (:require
     [buddy.hashers :as hashers]
+    [com.sixsq.nuvla.server.resources.common.utils :as u]
     [clojure.string :as str])
   (:import (java.io ByteArrayOutputStream DataOutputStream StringWriter)
            (java.security KeyPairGenerator)
@@ -50,7 +51,7 @@
   "Generates a random string to act as a secret API key and then returns a
    tuple with that string and its digest value."
   []
-  (let [secret (->> (repeatedly #(rand-nth secret-chars))
+  (let [secret (->> (repeatedly #(u/secure-rand-nth secret-chars))
                     (sequence secret-xform)
                     (str/join "."))]
     [secret (digest secret)]))