1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 module hunt.shiro.crypto.hash.HashService; 20 21 import hunt.shiro.crypto.hash.Hash; 22 import hunt.shiro.crypto.hash.HashRequest; 23 24 /** 25 * A {@code HashService} hashes input sources utilizing a particular hashing strategy. 26 * <p/> 27 * A {@code HashService} sits at a higher architectural level than Shiro's simple {@link Hash} classes: it allows 28 * for salting and iteration-related strategies to be configured and internalized in a 29 * single component that can be re-used in multiple places in the application. 30 * <p/> 31 * For example, for the most secure hashes, it is highly recommended to use a randomly generated salt, potentially 32 * paired with an configuration-specific private salt, in addition to using multiple hash iterations. 33 * <p/> 34 * While one can do this easily enough using Shiro's {@link Hash} implementations directly, this direct approach could 35 * quickly lead to copy-and-paste behavior. For example, consider this logic which might need to repeated in an 36 * application: 37 * <pre> 38 * int numHashIterations = ... 39 * ByteSource privateSalt = ... 40 * ByteSource randomSalt = {@link hunt.shiro.crypto.RandomNumberGenerator randomNumberGenerator}.nextBytes(); 41 * ByteSource combined = combine(privateSalt, randomSalt); 42 * Hash hash = Sha512Hash(source, combined, numHashIterations); 43 * save(hash); 44 * </pre> 45 * In this example, often only the input source will change during runtime, while the hashing strategy (how salts 46 * are generated or acquired, how many hash iterations will be performed, etc) usually remain consistent. A HashService 47 * internalizes this logic so the above becomes simply this: 48 * <pre> 49 * HashRequest request = new HashRequest.Builder().source(source).build(); 50 * Hash result = hashService.hash(request); 51 * save(result); 52 * </pre> 53 * 54 */ 55 interface HashService { 56 57 /** 58 * Computes a hash based on the given request. 59 * 60 * <h3>Salt Notice</h3> 61 * 62 * If a salt accompanies the return value 63 * (i.e. <code>returnedHash.{@link hunt.shiro.crypto.hash.Hash#getSalt() getSalt()} !is null</code>), this 64 * same exact salt <b><em>MUST</em></b> be presented back to the {@code HashService} if hash 65 * comparison/verification will be performed at a later time (for example, for password hash or file checksum 66 * comparison). 67 * <p/> 68 * For additional security, the {@code HashService}'s internal implementation may use more complex salting 69 * strategies than what would be achieved by computing a {@code Hash} manually. 70 * <p/> 71 * In summary, if a {@link HashService} returns a salt in a returned Hash, it is expected that the same salt 72 * will be provided to the same {@code HashService} instance. 73 * 74 * @param request the request to process 75 * @return the hashed data 76 * @see Hash#getSalt() 77 */ 78 Hash computeHash(HashRequest request); 79 }