You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/12/06 14:48:50 UTC

shiro git commit: Added private salt option to password Hasher

Repository: shiro
Updated Branches:
  refs/heads/master 6d738af36 -> 9cc88cb60


Added private salt option to password Hasher


Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/9cc88cb6
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/9cc88cb6
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/9cc88cb6

Branch: refs/heads/master
Commit: 9cc88cb60aec982ee06b08a857997b0147c0a0e7
Parents: 6d738af
Author: Joshua Raymond <hi...@gmail.com>
Authored: Sat Oct 29 00:32:50 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Wed Nov 23 10:37:10 2016 -0500

----------------------------------------------------------------------
 .../org/apache/shiro/tools/hasher/Hasher.java   | 39 +++++++++++++++++---
 1 file changed, 34 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/shiro/blob/9cc88cb6/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
----------------------------------------------------------------------
diff --git a/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java b/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
index a19d7af..d9fca9d 100644
--- a/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
+++ b/tools/hasher/src/main/java/org/apache/shiro/tools/hasher/Hasher.java
@@ -23,13 +23,16 @@ import org.apache.commons.cli.CommandLineParser;
 import org.apache.commons.cli.HelpFormatter;
 import org.apache.commons.cli.Option;
 import org.apache.commons.cli.Options;
-import org.apache.commons.cli.PosixParser;
+import org.apache.commons.cli.DefaultParser;
 import org.apache.shiro.authc.credential.DefaultPasswordService;
 import org.apache.shiro.codec.Base64;
 import org.apache.shiro.codec.Hex;
 import org.apache.shiro.crypto.SecureRandomNumberGenerator;
 import org.apache.shiro.crypto.UnknownAlgorithmException;
-import org.apache.shiro.crypto.hash.SimpleHash;
+import org.apache.shiro.crypto.hash.DefaultHashService;
+import org.apache.shiro.crypto.hash.Hash;
+import org.apache.shiro.crypto.hash.HashRequest;
+import org.apache.shiro.crypto.hash.SimpleHashRequest;
 import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory;
 import org.apache.shiro.crypto.hash.format.HashFormat;
 import org.apache.shiro.crypto.hash.format.HashFormatFactory;
@@ -77,6 +80,8 @@ public final class Hasher {
     private static final Option SALT_GEN = new Option("gs", "gensalt", false, "generate and use a random salt. Defaults to true when password hashing, false otherwise.");
     private static final Option NO_SALT_GEN = new Option("ngs", "nogensalt", false, "do NOT generate and use a random salt (valid during password hashing).");
     private static final Option SALT_GEN_SIZE = new Option("gss", "gensaltsize", true, "the number of salt bits (not bytes!) to generate.  Defaults to 128.");
+    private static final Option PRIVATE_SALT = new Option("ps", "privatesalt", true, "use the specified private salt.  <arg> is plaintext.");
+    private static final Option PRIVATE_SALT_BYTES = new Option("psb", "privatesaltbytes", true, "use the specified private salt bytes.  <arg> is hex or base64 encoded text.");
 
     private static final String SALT_MUTEX_MSG = createMutexMessage(SALT, SALT_BYTES);
 
@@ -92,12 +97,13 @@ public final class Hasher {
 
     public static void main(String[] args) {
 
-        CommandLineParser parser = new PosixParser();
+        CommandLineParser parser = new DefaultParser();
 
         Options options = new Options();
         options.addOption(HELP).addOption(DEBUG).addOption(ALGORITHM).addOption(ITERATIONS);
         options.addOption(RESOURCE).addOption(PASSWORD).addOption(PASSWORD_NC);
         options.addOption(SALT).addOption(SALT_BYTES).addOption(SALT_GEN).addOption(SALT_GEN_SIZE).addOption(NO_SALT_GEN);
+        options.addOption(PRIVATE_SALT).addOption(PRIVATE_SALT_BYTES);
         options.addOption(FORMAT);
 
         boolean debug = false;
@@ -110,6 +116,8 @@ public final class Hasher {
         String saltBytesString = null;
         boolean generateSalt = false;
         int generatedSaltSize = DEFAULT_GENERATED_SALT_SIZE;
+        String privateSaltString = null;
+        String privateSaltBytesString = null;
 
         String formatString = null;
 
@@ -161,6 +169,12 @@ public final class Hasher {
                     throw new IllegalArgumentException("Generated salt size must be a multiple of 8 (e.g. 128, 192, 256, 512, etc).");
                 }
             }
+            if (line.hasOption(PRIVATE_SALT.getOpt())) {
+                privateSaltString = line.getOptionValue(PRIVATE_SALT.getOpt());
+            }
+            if (line.hasOption(PRIVATE_SALT_BYTES.getOpt())) {
+                privateSaltBytesString = line.getOptionValue(PRIVATE_SALT_BYTES.getOpt());
+            }
             if (line.hasOption(FORMAT.getOpt())) {
                 formatString = line.getOptionValue(FORMAT.getOpt());
             }
@@ -209,9 +223,13 @@ public final class Hasher {
                 }
             }
 
-            ByteSource salt = getSalt(saltString, saltBytesString, generateSalt, generatedSaltSize);
+            ByteSource publicSalt = getSalt(saltString, saltBytesString, generateSalt, generatedSaltSize);
+            ByteSource privateSalt = getSalt(privateSaltString, privateSaltBytesString, false, generatedSaltSize);
+            HashRequest hashRequest = new SimpleHashRequest(algorithm, ByteSource.Util.bytes(source), publicSalt, iterations);
 
-            SimpleHash hash = new SimpleHash(algorithm, source, salt, iterations);
+            DefaultHashService hashService = new DefaultHashService();
+            hashService.setPrivateSalt(privateSalt);
+            Hash hash = hashService.computeHash(hashRequest);
 
             if (formatString == null) {
                 //Output format was not specified.  Default to 'shiro1' when password hashing, and 'hex' for
@@ -375,6 +393,17 @@ public final class Hasher {
                 "encoding.  If you prefer to use hex encoding, additionally use the\n" +
                 "-sgh/--saltgeneratedhex option." +
                 "\n\n" +
+                "Specifying a private salt:" +
+                "\n\n" +
+                "You may specify a private salt using the -ps/--privatesalt option followed\n" +
+                "by the private salt value.  If the private salt value is a base64 or hex \n" +
+                "string representing a byte array, you must specify the -psb/--privatesaltbytes\n" +
+                "option to indicate this, otherwise the text value bytes will be used directly." +
+                "\n\n" +
+                "When using -psb/--privatesaltbytes, the -ps/--privatesalt value is expected to\n" +
+                "be a base64-encoded string by default.  If the value is a hex-encoded string,\n" +
+                "you must prefix the string with 0x (zero x) to indicate a hex value." +
+                "\n\n" +
                 "Files, URLs and classpath resources:\n" +
                 "---------------------------------\n" +
                 "If using the -r/--resource option, the <value> represents a resource path.\n" +