001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.crypto.hash; 020 021import org.apache.shiro.lang.util.ByteSource; 022import org.apache.shiro.lang.util.SimpleByteSource; 023 024import java.util.Map; 025import java.util.Optional; 026import java.util.concurrent.ConcurrentHashMap; 027 028import static java.util.Objects.requireNonNull; 029 030/** 031 * A {@code HashRequest} is composed of data that will be used by a {@link HashService} to compute a hash (aka 032 * 'digest'). While you can instantiate a concrete {@code HashRequest} class directly, most will find using the 033 * {@link HashRequest.Builder} more convenient. 034 * 035 * @see HashRequest.Builder 036 * @since 1.2 037 */ 038public interface HashRequest { 039 040 /** 041 * Returns the source data that will be hashed by a {@link HashService}. For example, this might be a 042 * {@code ByteSource} representation of a password, or file, etc. 043 * 044 * @return the source data that will be hashed by a {@link HashService}. 045 */ 046 ByteSource getSource(); 047 048 /** 049 * Returns a salt to be used by the {@link HashService} during hash computation, or {@code null} if no salt is 050 * provided as part of the request. 051 * <p/> 052 * Note that a {@code null} value does not necessarily mean a salt won't be used at all - it just 053 * means that the request didn't include one. The servicing {@link HashService} is free to provide a salting 054 * strategy for a request, even if the request did not specify one. 055 * 056 * @return a salt to be used by the {@link HashService} during hash computation, or {@code null} if no salt is 057 * provided as part of the request. 058 */ 059 Optional<ByteSource> getSalt(); 060 061 /** 062 * Returns the name of the hash algorithm the {@code HashService} should use when computing the {@link Hash}, or 063 * {@code null} if the default algorithm configuration of the {@code HashService} should be used. A non-null value 064 * overrides the {@code HashService}'s configuration for a single request. 065 * <p/> 066 * Note that a {@code HashService} is free to ignore this value if it determines that the algorithm is not 067 * sufficient to meet a desired level of security. 068 * 069 * @return the name of the hash algorithm the {@code HashService} should use when computing the {@link Hash}, or 070 * {@code null} if the default algorithm configuration of the {@code HashService} should be used. 071 */ 072 Optional<String> getAlgorithmName(); 073 074 /** 075 * Returns various parameters for the requested hash. 076 * 077 * <p>If the map is empty for a specific parameter, the implementation must select the default.</p> 078 * 079 * <p>Implementations should provide a nested {@code .Parameters} class with {@code public static final String}s 080 * for convenience.</p> 081 * 082 * <p>Example parameters the number of requested hash iterations (does not apply to bcrypt), 083 * memory and cpu constrains, etc. 084 * Please find their specific names in the implementation’s nested {@code .Parameters} class.</p> 085 * 086 * @return the parameters for the requested hash to be used when computing the final {@code Hash} result. 087 * @throws NullPointerException if any of the values is {@code null}. 088 */ 089 Map<String, Object> getParameters(); 090 091 /** 092 * A Builder class representing the Builder design pattern for constructing {@link HashRequest} instances. 093 * 094 * @see SimpleHashRequest 095 * @since 1.2 096 */ 097 class Builder { 098 099 private ByteSource source; 100 private ByteSource salt = SimpleByteSource.empty(); 101 private final Map<String, Object> parameters = new ConcurrentHashMap<>(); 102 private String algorithmName; 103 104 /** 105 * Default no-arg constructor. 106 */ 107 public Builder() { 108 } 109 110 /** 111 * Sets the source data that will be hashed by a {@link HashService}. For example, this might be a 112 * {@code ByteSource} representation of a password, or file, etc. 113 * 114 * @param source the source data that will be hashed by a {@link HashService}. 115 * @return this {@code Builder} instance for method chaining. 116 * @see HashRequest#getSource() 117 * @see #setSource(Object) 118 */ 119 public Builder setSource(ByteSource source) { 120 this.source = source; 121 return this; 122 } 123 124 /** 125 * Sets the source data that will be hashed by a {@link HashService}. 126 * <p/> 127 * This is a convenience alternative to {@link #setSource(ByteSource)}: it will attempt to convert the 128 * argument into a {@link ByteSource} instance using Shiro's default conversion heuristics 129 * (as defined by {@link ByteSource.Util#isCompatible(Object) ByteSource.Util.isCompatible}. If the object 130 * cannot be heuristically converted to a {@code ByteSource}, an {@code IllegalArgumentException} will be 131 * thrown. 132 * 133 * @param source the byte-backed source data that will be hashed by a {@link HashService}. 134 * @return this {@code Builder} instance for method chaining. 135 * @throws IllegalArgumentException if the argument cannot be heuristically converted to a {@link ByteSource} 136 * instance. 137 * @see HashRequest#getSource() 138 * @see #setSource(ByteSource) 139 */ 140 public Builder setSource(Object source) throws IllegalArgumentException { 141 this.source = ByteSource.Util.bytes(source); 142 return this; 143 } 144 145 /** 146 * Sets a salt to be used by the {@link HashService} during hash computation. 147 * <p/> 148 * <b>NOTE</b>: not calling this method does not necessarily mean a salt won't be used at all - it just 149 * means that the request didn't include a salt. The servicing {@link HashService} is free to provide a salting 150 * strategy for a request, even if the request did not specify one. You can always check the result 151 * {@code Hash} {@link Hash#getSalt() getSalt()} method to see what the actual 152 * salt was (if any), which may or may not match this request salt. 153 * 154 * @param salt a salt to be used by the {@link HashService} during hash computation 155 * @return this {@code Builder} instance for method chaining. 156 * @see HashRequest#getSalt() 157 */ 158 public Builder setSalt(ByteSource salt) { 159 this.salt = salt; 160 return this; 161 } 162 163 /** 164 * Sets a salt to be used by the {@link HashService} during hash computation. 165 * <p/> 166 * This is a convenience alternative to {@link #setSalt(ByteSource)}: it will attempt to convert the 167 * argument into a {@link ByteSource} instance using Shiro's default conversion heuristics 168 * (as defined by {@link ByteSource.Util#isCompatible(Object) ByteSource.Util.isCompatible}. If the object 169 * cannot be heuristically converted to a {@code ByteSource}, an {@code IllegalArgumentException} will be 170 * thrown. 171 * 172 * @param salt a salt to be used by the {@link HashService} during hash computation. 173 * @return this {@code Builder} instance for method chaining. 174 * @throws IllegalArgumentException if the argument cannot be heuristically converted to a {@link ByteSource} 175 * instance. 176 * @see #setSalt(ByteSource) 177 * @see HashRequest#getSalt() 178 */ 179 public Builder setSalt(Object salt) throws IllegalArgumentException { 180 this.salt = ByteSource.Util.bytes(salt); 181 return this; 182 } 183 184 public Builder addParameter(String parameterName, Object parameterValue) { 185 this.parameters.put(parameterName, requireNonNull(parameterValue)); 186 return this; 187 } 188 189 public Builder withParameters(Map<String, Object> parameters) { 190 this.parameters.clear(); 191 this.parameters.putAll(requireNonNull(parameters)); 192 return this; 193 } 194 195 /** 196 * Sets the name of the hash algorithm the {@code HashService} should use when computing the {@link Hash}. 197 * Not calling this method or setting it to {@code null} indicates the the default algorithm configuration of 198 * the {@code HashService} should be used. A non-null value 199 * overrides the {@code HashService}'s configuration for a single request. 200 * <p/> 201 * Note that a {@code HashService} is free to ignore this value if it determines that the algorithm is not 202 * sufficient to meet a desired level of security. You can always check the result 203 * {@code Hash} {@link Hash#getAlgorithmName() getAlgorithmName()} method to see what the actual 204 * algorithm was, which may or may not match this request salt. 205 * 206 * @param algorithmName the name of the hash algorithm the {@code HashService} should use when computing the 207 * {@link Hash}, or {@code null} if the default algorithm configuration of the 208 * {@code HashService} should be used. 209 * @return this {@code Builder} instance for method chaining. 210 * @see HashRequest#getAlgorithmName() 211 */ 212 public Builder setAlgorithmName(String algorithmName) { 213 this.algorithmName = algorithmName; 214 return this; 215 } 216 217 /** 218 * Builds a {@link HashRequest} instance reflecting the specified configuration. 219 * 220 * @return a {@link HashRequest} instance reflecting the specified configuration. 221 */ 222 public HashRequest build() { 223 return new SimpleHashRequest(this.algorithmName, this.source, this.salt, this.parameters); 224 } 225 } 226}