You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/12/06 14:48:50 UTC
shiro git commit: Added private salt option to password Hasher
Repository: shiro
Updated Branches:
refs/heads/master 6d738af36 -> 9cc88cb60
Added private salt option to password Hasher
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/9cc88cb6
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/9cc88cb6
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/9cc88cb6
Branch: refs/heads/master
Commit: 9cc88cb60aec982ee06b08a857997b0147c0a0e7
Parents: 6d738af
Author: Joshua Raymond <hi...@gmail.com>
Authored: Sat Oct 29 00:32:50 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Wed Nov 23 10:37:10 2016 -0500
----------------------------------------------------------------------
.../org/apache/shiro/tools/hasher/Hasher.java | 39 +++++++++++++++++---
1 file changed, 34 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/9cc88cb6/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
----------------------------------------------------------------------
diff --git a/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java b/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
index a19d7af..d9fca9d 100644
--- a/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
+++ b/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
@@ -23,13 +23,16 @@ import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
-import org.apache.commons.cli.PosixParser;
+import org.apache.commons.cli.DefaultParser;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.codec.Hex;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.UnknownAlgorithmException;
-import org.apache.shiro.crypto.hash.SimpleHash;
+import org.apache.shiro.crypto.hash.DefaultHashService;
+import org.apache.shiro.crypto.hash.Hash;
+import org.apache.shiro.crypto.hash.HashRequest;
+import org.apache.shiro.crypto.hash.SimpleHashRequest;
import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory;
import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
@@ -77,6 +80,8 @@ public final class Hasher {
private static final Option SALT_GEN = new Option("gs", "gensalt", false, "generate and use a random salt. Defaults to true when password hashing, false otherwise.");
private static final Option NO_SALT_GEN = new Option("ngs", "nogensalt", false, "do NOT generate and use a random salt (valid during password hashing).");
private static final Option SALT_GEN_SIZE = new Option("gss", "gensaltsize", true, "the number of salt bits (not bytes!) to generate. Defaults to 128.");
+ private static final Option PRIVATE_SALT = new Option("ps", "privatesalt", true, "use the specified private salt. <arg> is plaintext.");
+ private static final Option PRIVATE_SALT_BYTES = new Option("psb", "privatesaltbytes", true, "use the specified private salt bytes. <arg> is hex or base64 encoded text.");
private static final String SALT_MUTEX_MSG = createMutexMessage(SALT, SALT_BYTES);
@@ -92,12 +97,13 @@ public final class Hasher {
public static void main(String[] args) {
- CommandLineParser parser = new PosixParser();
+ CommandLineParser parser = new DefaultParser();
Options options = new Options();
options.addOption(HELP).addOption(DEBUG).addOption(ALGORITHM).addOption(ITERATIONS);
options.addOption(RESOURCE).addOption(PASSWORD).addOption(PASSWORD_NC);
options.addOption(SALT).addOption(SALT_BYTES).addOption(SALT_GEN).addOption(SALT_GEN_SIZE).addOption(NO_SALT_GEN);
+ options.addOption(PRIVATE_SALT).addOption(PRIVATE_SALT_BYTES);
options.addOption(FORMAT);
boolean debug = false;
@@ -110,6 +116,8 @@ public final class Hasher {
String saltBytesString = null;
boolean generateSalt = false;
int generatedSaltSize = DEFAULT_GENERATED_SALT_SIZE;
+ String privateSaltString = null;
+ String privateSaltBytesString = null;
String formatString = null;
@@ -161,6 +169,12 @@ public final class Hasher {
throw new IllegalArgumentException("Generated salt size must be a multiple of 8 (e.g. 128, 192, 256, 512, etc).");
}
}
+ if (line.hasOption(PRIVATE_SALT.getOpt())) {
+ privateSaltString = line.getOptionValue(PRIVATE_SALT.getOpt());
+ }
+ if (line.hasOption(PRIVATE_SALT_BYTES.getOpt())) {
+ privateSaltBytesString = line.getOptionValue(PRIVATE_SALT_BYTES.getOpt());
+ }
if (line.hasOption(FORMAT.getOpt())) {
formatString = line.getOptionValue(FORMAT.getOpt());
}
@@ -209,9 +223,13 @@ public final class Hasher {
}
}
- ByteSource salt = getSalt(saltString, saltBytesString, generateSalt, generatedSaltSize);
+ ByteSource publicSalt = getSalt(saltString, saltBytesString, generateSalt, generatedSaltSize);
+ ByteSource privateSalt = getSalt(privateSaltString, privateSaltBytesString, false, generatedSaltSize);
+ HashRequest hashRequest = new SimpleHashRequest(algorithm, ByteSource.Util.bytes(source), publicSalt, iterations);
- SimpleHash hash = new SimpleHash(algorithm, source, salt, iterations);
+ DefaultHashService hashService = new DefaultHashService();
+ hashService.setPrivateSalt(privateSalt);
+ Hash hash = hashService.computeHash(hashRequest);
if (formatString == null) {
//Output format was not specified. Default to 'shiro1' when password hashing, and 'hex' for
@@ -375,6 +393,17 @@ public final class Hasher {
"encoding. If you prefer to use hex encoding, additionally use the\n" +
"-sgh/--saltgeneratedhex option." +
"\n\n" +
+ "Specifying a private salt:" +
+ "\n\n" +
+ "You may specify a private salt using the -ps/--privatesalt option followed\n" +
+ "by the private salt value. If the private salt value is a base64 or hex \n" +
+ "string representing a byte array, you must specify the -psb/--privatesaltbytes\n" +
+ "option to indicate this, otherwise the text value bytes will be used directly." +
+ "\n\n" +
+ "When using -psb/--privatesaltbytes, the -ps/--privatesalt value is expected to\n" +
+ "be a base64-encoded string by default. If the value is a hex-encoded string,\n" +
+ "you must prefix the string with 0x (zero x) to indicate a hex value." +
+ "\n\n" +
"Files, URLs and classpath resources:\n" +
"---------------------------------\n" +
"If using the -r/--resource option, the <value> represents a resource path.\n" +