Class AbstractHash

java.lang.Object
org.apache.shiro.lang.codec.CodecSupport
org.apache.shiro.crypto.hash.AbstractHash
All Implemented Interfaces:
Serializable, Hash, org.apache.shiro.lang.util.ByteSource
@Deprecated public abstract class AbstractHash extends org.apache.shiro.lang.codec.CodecSupport implements Hash, Serializable
Deprecated.
in Shiro 1.1 in favor of using the concrete SimpleHash implementation directly.
Provides a base for all Shiro Hash algorithms with support for salts and multiple hash iterations.

Read http://www.owasp.org/index.php/Hashing_Java for a good article on the benefits of hashing, including what a 'salt' is as well as why it and multiple hash iterations can be useful.

This class and its subclasses support hashing with additional capabilities of salting and multiple iterations via overloaded constructors.

Since:
0.9
See Also:

  • Nested Class Summary

    Nested classes/interfaces inherited from interface org.apache.shiro.lang.util.ByteSource

    org.apache.shiro.lang.util.ByteSource.Util

  • Field Summary

    Fields inherited from class org.apache.shiro.lang.codec.CodecSupport

    PREFERRED_ENCODING

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractHash()
    Deprecated.
    Creates an new instance without any of its properties set (no hashing is performed).
    AbstractHash(Object source)
    Deprecated.
    Creates a hash of the specified source with no salt using a single hash iteration.
    AbstractHash(Object source, Object salt)
    Deprecated.
    Creates a hash of the specified source using the given salt using a single hash iteration.
    AbstractHash(Object source, Object salt, int hashIterations)
    Deprecated.
    Creates a hash of the specified source using the given salt a total of hashIterations times.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object o)
    Deprecated.
    Returns true if the specified object is a Hash and its byte array is identical to this Hash's byte array, false otherwise.
    abstract String
    getAlgorithmName()
    Deprecated.
    Implemented by subclasses, this specifies the MessageDigest algorithm name to use when performing the hash.
    byte[]
    getBytes()
    Deprecated.
     
    protected MessageDigest
    getDigest(String algorithmName)
    Deprecated.
    Returns the JDK MessageDigest instance to use for executing the hash.
    protected byte[]
    hash(byte[] bytes)
    Deprecated.
    Hashes the specified byte array without a salt for a single iteration.
    protected byte[]
    hash(byte[] bytes, byte[] salt)
    Deprecated.
    Hashes the specified byte array using the given salt for a single iteration.
    protected byte[]
    hash(byte[] bytes, byte[] salt, int hashIterations)
    Deprecated.
    Hashes the specified byte array using the given salt for the specified number of iterations.
    int
    hashCode()
    Deprecated.
    Simply returns toHex().hashCode();
    void
    setBytes(byte[] alreadyHashedBytes)
    Deprecated.
    Sets the raw bytes stored by this hash instance.
    String
    toBase64()
    Deprecated.
    Returns a Base64-encoded string of the underlying byte array.
    String
    toHex()
    Deprecated.
    Returns a hex-encoded string of the underlying byte array.
    String
    toString()
    Deprecated.
    Simple implementation that merely returns toHex().

    Methods inherited from class org.apache.shiro.lang.codec.CodecSupport

    isByteSource, objectToBytes, objectToString, toBytes, toBytes, toBytes, toBytes, toBytes, toBytes, toBytes, toChars, toChars, toString, toString, toString

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    Methods inherited from interface org.apache.shiro.lang.util.ByteSource

    isEmpty

    Methods inherited from interface org.apache.shiro.crypto.hash.Hash

    getIterations, getSalt, matchesPassword

  • Constructor Details

    • AbstractHash

      public AbstractHash()
      Deprecated.
      Creates an new instance without any of its properties set (no hashing is performed).

      Because all constructors in this class (except this one) hash the source constructor argument, this default, no-arg constructor is useful in scenarios when you have a byte array that you know is already hashed and just want to set the bytes in their raw form directly on an instance. After instantiating the instance with this default, no-arg constructor, you can then immediately call setBytes to have a fully-initialized instance.

    • AbstractHash

      public AbstractHash(Object source) throws org.apache.shiro.lang.codec.CodecException
      Deprecated.
      Creates a hash of the specified source with no salt using a single hash iteration.

      It is a convenience constructor that merely executes this( source, null, 1);.

      Please see the AbstractHash(Object,Object,int) constructor for the types of Objects that may be passed into this constructor, as well as how to support further types.

      Parameters:
      source - the object to be hashed.
      Throws:
      org.apache.shiro.lang.codec.CodecException - if the specified source cannot be converted into a byte array (byte[]).

    • AbstractHash

      public AbstractHash(Object source, Object salt) throws org.apache.shiro.lang.codec.CodecException
      Deprecated.
      Creates a hash of the specified source using the given salt using a single hash iteration.

      It is a convenience constructor that merely executes this( source, salt, 1);.

      Please see the AbstractHash(Object,Object,int) constructor for the types of Objects that may be passed into this constructor, as well as how to support further types.

      Parameters:
      source - the source object to be hashed.
      salt - the salt to use for the hash
      Throws:
      org.apache.shiro.lang.codec.CodecException - if either constructor argument cannot be converted into a byte array.

    • AbstractHash

      public AbstractHash(Object source, Object salt, int hashIterations) throws org.apache.shiro.lang.codec.CodecException
      Deprecated.
      Creates a hash of the specified source using the given salt a total of hashIterations times.

      By default, this class only supports Object method arguments of type byte[], char[], String, File, or InputStream. If either argument is anything other than these types a CodecException will be thrown.

      If you want to be able to hash other object types, or use other salt types, you need to override the toBytes(Object) method to support those specific types. Your other option is to convert your arguments to one of the default three supported types first before passing them in to this constructor}.

      Parameters:
      source - the source object to be hashed.
      salt - the salt to use for the hash
      hashIterations - the number of times the source argument hashed for attack resiliency.
      Throws:
      org.apache.shiro.lang.codec.CodecException - if either Object constructor argument cannot be converted into a byte array.

  • Method Details

    • getAlgorithmName

      public abstract String getAlgorithmName()
      Deprecated.
      Implemented by subclasses, this specifies the MessageDigest algorithm name to use when performing the hash.
      Specified by:
      getAlgorithmName in interface Hash
      Returns:
      the MessageDigest algorithm name to use when performing the hash.

    • getBytes

      public byte[] getBytes()
      Deprecated.
      Specified by:
      getBytes in interface org.apache.shiro.lang.util.ByteSource

    • setBytes

      public void setBytes(byte[] alreadyHashedBytes)
      Deprecated.
      Sets the raw bytes stored by this hash instance.

      The bytes are kept in raw form - they will not be hashed/changed. This is primarily a utility method for constructing a Hash instance when the hashed value is already known.

      Parameters:
      alreadyHashedBytes - the raw already-hashed bytes to store in this instance.

    • getDigest

      protected MessageDigest getDigest(String algorithmName) throws org.apache.shiro.crypto.UnknownAlgorithmException
      Deprecated.
      Returns the JDK MessageDigest instance to use for executing the hash.
      Parameters:
      algorithmName - the algorithm to use for the hash, provided by subclasses.
      Returns:
      the MessageDigest object for the specified algorithm.
      Throws:
      org.apache.shiro.crypto.UnknownAlgorithmException - if the specified algorithm name is not available.

    • hash

      protected byte[] hash(byte[] bytes)
      Deprecated.
      Hashes the specified byte array without a salt for a single iteration.
      Parameters:
      bytes - the bytes to hash.
      Returns:
      the hashed bytes.

    • hash

      protected byte[] hash(byte[] bytes, byte[] salt)
      Deprecated.
      Hashes the specified byte array using the given salt for a single iteration.
      Parameters:
      bytes - the bytes to hash
      salt - the salt to use for the initial hash
      Returns:
      the hashed bytes

    • hash

      protected byte[] hash(byte[] bytes, byte[] salt, int hashIterations) throws org.apache.shiro.crypto.UnknownAlgorithmException
      Deprecated.
      Hashes the specified byte array using the given salt for the specified number of iterations.
      Parameters:
      bytes - the bytes to hash
      salt - the salt to use for the initial hash
      hashIterations - the number of times the the bytes will be hashed (for attack resiliency).
      Returns:
      the hashed bytes.
      Throws:
      org.apache.shiro.crypto.UnknownAlgorithmException - if the algorithmName is not available.

    • toHex

      public String toHex()
      Deprecated.
      Returns a hex-encoded string of the underlying byte array.

      This implementation caches the resulting hex string so multiple calls to this method remain efficient. However, calling setBytes will null the cached value, forcing it to be recalculated the next time this method is called.

      Specified by:
      toHex in interface org.apache.shiro.lang.util.ByteSource
      Returns:
      a hex-encoded string of the underlying byte array.

    • toBase64

      public String toBase64()
      Deprecated.
      Returns a Base64-encoded string of the underlying byte array.

      This implementation caches the resulting Base64 string so multiple calls to this method remain efficient. However, calling setBytes will null the cached value, forcing it to be recalculated the next time this method is called.

      Specified by:
      toBase64 in interface org.apache.shiro.lang.util.ByteSource
      Returns:
      a Base64-encoded string of the underlying byte array.

    • toString

      public String toString()
      Deprecated.
      Simple implementation that merely returns toHex().
      Overrides:
      toString in class Object
      Returns:
      the toHex() value.

    • equals

      public boolean equals(Object o)
      Deprecated.
      Returns true if the specified object is a Hash and its byte array is identical to this Hash's byte array, false otherwise.
      Overrides:
      equals in class Object
      Parameters:
      o - the object (Hash) to check for equality.
      Returns:
      true if the specified object is a Hash and its byte array is identical to this Hash's byte array, false otherwise.

    • hashCode

      public int hashCode()
      Deprecated.
      Simply returns toHex().hashCode();
      Overrides:
      hashCode in class Object
      Returns:
      toHex().hashCode()