Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.crypto.hash;
020
021import java.util.Map;
022import static org.apache.shiro.crypto.hash.SimpleHashProvider.Parameters;
023
024/**
025 * A {@code HashService} hashes input sources utilizing a particular hashing strategy.
026 * <p/>
027 * A {@code HashService} sits at a higher architectural level than Shiro's simple {@link Hash} classes:  it allows
028 * for salting and iteration-related strategies to be configured and internalized in a
029 * single component that can be reused in multiple places in the application.
030 * <p/>
031 * For example, for the most secure hashes, it is highly recommended to use a randomly generated salt, potentially
032 * paired with an configuration-specific private salt, in addition to using multiple hash iterations.
033 * <p/>
034 * While one can do this easily enough using Shiro's {@link Hash} implementations directly, this direct approach could
035 * quickly lead to copy-and-paste behavior.  For example, consider this logic which might need to repeated in an
036 * application:
037 * <pre>
038 * int numHashIterations = ...
039 * ByteSource privateSalt = ...
040 * ByteSource randomSalt = {@link org.apache.shiro.crypto.RandomNumberGenerator randomNumberGenerator}.nextBytes();
041 * ByteSource combined = combine(privateSalt, randomSalt);
042 * Hash hash = Sha512Hash(source, combined, numHashIterations);
043 * save(hash);
044 * </pre>
045 * In this example, often only the input source will change during runtime, while the hashing strategy (how salts
046 * are generated or acquired, how many hash iterations will be performed, etc.) usually remain consistent.  A HashService
047 * internalizes this logic so the above becomes simply this:
048 * <pre>
049 * HashRequest request = new HashRequest.Builder().source(source).build();
050 * Hash result = hashService.hash(request);
051 * save(result);
052 * </pre>
053 *
054 * @since 1.2
055 */
056public interface HashService {
057
058    /**
059     * Computes a hash based on the given request.
060     *
061     * <h3>Salt Notice</h3>
062     * <p>
063     * If a salt accompanies the return value
064     * (i.e. <code>returnedHash.{@link org.apache.shiro.crypto.hash.Hash#getSalt() getSalt()} != null</code>), this
065     * same exact salt <b><em>MUST</em></b> be presented back to the {@code HashService} if hash
066     * comparison/verification will be performed at a later time (for example, for password hash or file checksum
067     * comparison).
068     * <p/>
069     * For additional security, the {@code HashService}'s internal implementation may use more complex salting
070     * strategies than what would be achieved by computing a {@code Hash} manually.
071     * <p/>
072     * In summary, if a {@link HashService} returns a salt in a returned Hash, it is expected that the same salt
073     * will be provided to the same {@code HashService} instance.
074     *
075     * @param request the request to process
076     * @return the hashed data
077     * @see Hash#getSalt()
078     */
079    Hash computeHash(HashRequest request);
080
081    /**
082     * @return Default algorithm name for this hash service
083     * @since 2.0
084     */
085    String getDefaultAlgorithmName();
086
087    /**
088     * Returns the various parameters that will be used when computing hashes.
089     * This method exists primarily to support Shiro 1.x password hashing
090     * strategies what may need salts, iteration counts, or other parameters.
091     * <br><br>
092     * Each hashing algorithm may expect different parameters to be present in the returned map,
093     * or ignore the parameters altogether.
094     *
095     * @see HashRequest#getParameters()
096     * @see Parameters
097     *
098     * @return the various parameters that will be used when computing hashes.
099     */
100    default Map<String, Object> getParameters() {
101        return Map.of();
102    }
103
104    /**
105     * Sets the various parameters that will be used when computing hashes.
106     * <br><br>
107     * For example, if Shiro 1.x password hashing strategies are being used, this method
108     * may be used to supply salts, iteration counts, or other parameters.
109     * <br><br>
110     * Each hashing algorithm may expect different parameters to be present in the provided map,
111     * or ignore the parameters altogether.
112     * Shiro 2.x built-in hashing algorithms will ignore these parameters, which is why
113     * the method is defined with an empty default implementation.
114     * @see Parameters
115     *
116     * @param parameters the various parameters that will be used when computing hashes.
117     */
118    default void setParameters(Map<String, Object> parameters) { }
119}