/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.crypto.hash;
import org.apache.shiro.util.ByteSource;
/**
* A {@code HashRequest} is composed of data that will be used by a {@link HashService} to compute a hash (aka
* 'digest'). While you can instantiate a concrete {@code HashRequest} class directly, most will find using the
* {@link HashRequest.Builder} more convenient.
*
* @see HashRequest.Builder
* @since 1.2
*/
public interface HashRequest {
/**
* Returns the source data that will be hashed by a {@link HashService}. For example, this might be a
* {@code ByteSource} representation of a password, or file, etc.
*
* @return the source data that will be hashed by a {@link HashService}.
*/
ByteSource getSource();
/**
* Returns a salt to be used by the {@link HashService} during hash computation, or {@code null} if no salt is
* provided as part of the request.
* <p/>
* Note that a {@code null} value does not necessarily mean a salt won't be used at all - it just
* means that the request didn't include one. The servicing {@link HashService} is free to provide a salting
* strategy for a request, even if the request did not specify one.
*
* @return a salt to be used by the {@link HashService} during hash computation, or {@code null} if no salt is
* provided as part of the request.
*/
ByteSource getSalt();
/**
* Returns the number of requested hash iterations to be performed when computing the final {@code Hash} result.
* A non-positive (0 or less) indicates that the {@code HashService}'s default iteration configuration should
* be used. A positive value overrides the {@code HashService}'s configuration for a single request.
* <p/>
* Note that a {@code HashService} is free to ignore this number if it determines the number is not sufficient
* to meet a desired level of security.
*
* @return the number of requested hash iterations to be performed when computing the final {@code Hash} result.
*/
int getIterations();
/**
* Returns the name of the hash algorithm the {@code HashService} should use when computing the {@link Hash}, or
* {@code null} if the default algorithm configuration of the {@code HashService} should be used. A non-null value
* overrides the {@code HashService}'s configuration for a single request.
* <p/>
* Note that a {@code HashService} is free to ignore this value if it determines that the algorithm is not
* sufficient to meet a desired level of security.
*
* @return the name of the hash algorithm the {@code HashService} should use when computing the {@link Hash}, or
* {@code null} if the default algorithm configuration of the {@code HashService} should be used.
*/
String getAlgorithmName();
/**
* A Builder class representing the Builder design pattern for constructing {@link HashRequest} instances.
*
* @see SimpleHashRequest
* @since 1.2
*/
public static class Builder {
private ByteSource source;
private ByteSource salt;
private int iterations;
private String algorithmName;
/**
* Default no-arg constructor.
*/
public Builder() {
this.iterations = 0;
}
/**
* Sets the source data that will be hashed by a {@link HashService}. For example, this might be a
* {@code ByteSource} representation of a password, or file, etc.
*
* @param source the source data that will be hashed by a {@link HashService}.
* @return this {@code Builder} instance for method chaining.
* @see HashRequest#getSource()
* @see #setSource(Object)
*/
public Builder setSource(ByteSource source) {
this.source = source;
return this;
}
/**
* Sets the source data that will be hashed by a {@link HashService}.
* <p/>
* This is a convenience alternative to {@link #setSource(ByteSource)}: it will attempt to convert the
* argument into a {@link ByteSource} instance using Shiro's default conversion heuristics
* (as defined by {@link ByteSource.Util#isCompatible(Object) ByteSource.Util.isCompatible}. If the object
* cannot be heuristically converted to a {@code ByteSource}, an {@code IllegalArgumentException} will be
* thrown.
*
* @param source the byte-backed source data that will be hashed by a {@link HashService}.
* @return this {@code Builder} instance for method chaining.
* @throws IllegalArgumentException if the argument cannot be heuristically converted to a {@link ByteSource}
* instance.
* @see HashRequest#getSource()
* @see #setSource(ByteSource)
*/
public Builder setSource(Object source) throws IllegalArgumentException {
this.source = ByteSource.Util.bytes(source);
return this;
}
/**
* Sets a salt to be used by the {@link HashService} during hash computation.
* <p/>
* <b>NOTE</b>: not calling this method does not necessarily mean a salt won't be used at all - it just
* means that the request didn't include a salt. The servicing {@link HashService} is free to provide a salting
* strategy for a request, even if the request did not specify one. You can always check the result
* {@code Hash} {@link Hash#getSalt() getSalt()} method to see what the actual
* salt was (if any), which may or may not match this request salt.
*
* @param salt a salt to be used by the {@link HashService} during hash computation
* @return this {@code Builder} instance for method chaining.
* @see HashRequest#getSalt()
*/
public Builder setSalt(ByteSource salt) {
this.salt = salt;
return this;
}
/**
* Sets a salt to be used by the {@link HashService} during hash computation.
* <p/>
* This is a convenience alternative to {@link #setSalt(ByteSource)}: it will attempt to convert the
* argument into a {@link ByteSource} instance using Shiro's default conversion heuristics
* (as defined by {@link ByteSource.Util#isCompatible(Object) ByteSource.Util.isCompatible}. If the object
* cannot be heuristically converted to a {@code ByteSource}, an {@code IllegalArgumentException} will be
* thrown.
*
* @param salt a salt to be used by the {@link HashService} during hash computation.
* @return this {@code Builder} instance for method chaining.
* @throws IllegalArgumentException if the argument cannot be heuristically converted to a {@link ByteSource}
* instance.
* @see #setSalt(ByteSource)
* @see HashRequest#getSalt()
*/
public Builder setSalt(Object salt) throws IllegalArgumentException {
this.salt = ByteSource.Util.bytes(salt);
return this;
}
/**
* Sets the number of requested hash iterations to be performed when computing the final {@code Hash} result.
* Not calling this method or setting a non-positive value (0 or less) indicates that the {@code HashService}'s
* default iteration configuration should be used. A positive value overrides the {@code HashService}'s
* configuration for a single request.
* <p/>
* Note that a {@code HashService} is free to ignore this number if it determines the number is not sufficient
* to meet a desired level of security. You can always check the result
* {@code Hash} {@link Hash#getIterations() getIterations()} method to see what the actual
* number of iterations was, which may or may not match this request salt.
*
* @param iterations the number of requested hash iterations to be performed when computing the final
* {@code Hash} result.
* @return this {@code Builder} instance for method chaining.
* @see HashRequest#getIterations()
*/
public Builder setIterations(int iterations) {
this.iterations = iterations;
return this;
}
/**
* Sets the name of the hash algorithm the {@code HashService} should use when computing the {@link Hash}.
* Not calling this method or setting it to {@code null} indicates the the default algorithm configuration of
* the {@code HashService} should be used. A non-null value
* overrides the {@code HashService}'s configuration for a single request.
* <p/>
* Note that a {@code HashService} is free to ignore this value if it determines that the algorithm is not
* sufficient to meet a desired level of security. You can always check the result
* {@code Hash} {@link Hash#getAlgorithmName() getAlgorithmName()} method to see what the actual
* algorithm was, which may or may not match this request salt.
*
* @param algorithmName the name of the hash algorithm the {@code HashService} should use when computing the
* {@link Hash}, or {@code null} if the default algorithm configuration of the
* {@code HashService} should be used.
* @return this {@code Builder} instance for method chaining.
* @see HashRequest#getAlgorithmName()
*/
public Builder setAlgorithmName(String algorithmName) {
this.algorithmName = algorithmName;
return this;
}
/**
* Builds a {@link HashRequest} instance reflecting the specified configuration.
*
* @return a {@link HashRequest} instance reflecting the specified configuration.
*/
public HashRequest build() {
return new SimpleHashRequest(this.algorithmName, this.source, this.salt, this.iterations);
}
}
}