org.apache.nifi.security.util.crypto

Class AbstractSecureHasher

java.lang.Object

org.apache.nifi.security.util.crypto.AbstractSecureHasher

All Implemented Interfaces:

SecureHasher

Direct Known Subclasses:

Argon2SecureHasher, BcryptSecureHasher, PBKDF2SecureHasher, ScryptSecureHasher

public abstract class AbstractSecureHasher
extends Object
implements SecureHasher

Field Summary

Fields

Modifier and Type	Field and Description
private static org.slf4j.Logger	logger
protected int	saltLength
private static byte[]	STATIC_SALT
(package private) static Integer	UPPER_BOUNDARY
private boolean	usingStaticSalt

Constructor Summary

Constructors

Constructor and Description
AbstractSecureHasher()

Method Summary

Modifier and Type	Method and Description
(package private) abstract boolean	acceptsEmptyInput() Returns true if the algorithm can accept empty (non-null) inputs.
(package private) abstract String	getAlgorithmName() Returns the algorithm-specific name for logging and messages.
(package private) abstract int	getDefaultSaltLength() Returns the algorithm-specific default salt length in bytes.
(package private) abstract int	getMaxSaltLength() Returns the algorithm-specific maximum salt length in bytes.
(package private) abstract int	getMinSaltLength() Returns the algorithm-specific minimum salt length in bytes.
(package private) byte[]	getSalt() Returns a salt to use.
(package private) abstract byte[]	hash(byte[] input) Returns the algorithm-specific calculated hash for the input and generates or retrieves the salt according to the configured salt length.
(package private) abstract byte[]	hash(byte[] input, byte[] salt) Returns the algorithm-specific calculated hash for the input and salt.
String	hashBase64(String input) Returns a String representation of the hash in Base 64-encoded format.
String	hashBase64(String input, String salt) Returns a String representation of the hash in Base 64-encoded format.
String	hashHex(String input) Returns a String representation of the hash in hex-encoded format.
String	hashHex(String input, String salt) Returns a String representation of the hash in hex-encoded format.
byte[]	hashRaw(byte[] input) Returns a byte[] representation of SecureHasher.hash(input).
byte[]	hashRaw(byte[] input, byte[] salt) Returns a byte[] representation of SecureHasher.hash(input).
protected void	initializeSalt(Integer saltLength) Verifies the salt length is valid for this algorithm and if a static salt should be used.
boolean	isSaltLengthValid(Integer saltLength) Returns whether the provided salt length (saltLength) is within boundaries.
boolean	isUsingStaticSalt() Returns true if this instance is configured to use a static salt.
private String	validateInput(String input) Returns the valid input String (if the algorithm accepts empty input, changes null to ""; if not, throws IllegalArgumentException).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

saltLength

protected int saltLength

usingStaticSalt

private boolean usingStaticSalt

STATIC_SALT

private static final byte[] STATIC_SALT

UPPER_BOUNDARY

static final Integer UPPER_BOUNDARY

Constructor Detail

AbstractSecureHasher

public AbstractSecureHasher()

Method Detail

initializeSalt

protected void initializeSalt(Integer saltLength)

Verifies the salt length is valid for this algorithm and if a static salt should be used.

Parameters:

saltLength - the salt length in bytes

isSaltLengthValid

public boolean isSaltLengthValid(Integer saltLength)

Returns whether the provided salt length (saltLength) is within boundaries. The lower bound >= (usually) 8 and the upper bound <= (usually) Integer.MAX_VALUE. This method is not static because it depends on the instantiation of the algorithm-specific concrete class.

Parameters:

saltLength - the salt length in bytes

Returns:

true if saltLength is within boundaries

getDefaultSaltLength

abstract int getDefaultSaltLength()

Returns the algorithm-specific default salt length in bytes.

Returns:

the default salt length

getMinSaltLength

abstract int getMinSaltLength()

Returns the algorithm-specific minimum salt length in bytes.

Returns:

the min salt length

getMaxSaltLength

abstract int getMaxSaltLength()

Returns the algorithm-specific maximum salt length in bytes.

Returns:

the max salt length

isUsingStaticSalt

public boolean isUsingStaticSalt()

Returns true if this instance is configured to use a static salt.

Returns:

true if all hashes will be generated using a static salt

getSalt

byte[] getSalt()

Returns a salt to use. If using a static salt (see isUsingStaticSalt()), this return value will be identical across every invocation. If using a dynamic salt, it will be saltLength bytes of a securely-generated random value.

Returns:

the salt value

getAlgorithmName

abstract String getAlgorithmName()

Returns the algorithm-specific name for logging and messages.

Returns:

the algorithm name

acceptsEmptyInput

abstract boolean acceptsEmptyInput()

Returns true if the algorithm can accept empty (non-null) inputs.

Returns:

the true if "" is allowable input

hashHex

public String hashHex(String input)

Returns a String representation of the hash in hex-encoded format.

Specified by:

hashHex in interface SecureHasher

Parameters:

input - the non-empty input

Returns:

the hex-encoded hash

hashHex

public String hashHex(String input,
                      String salt)

Returns a String representation of the hash in hex-encoded format.

Specified by:

hashHex in interface SecureHasher

Parameters:

input - the non-empty input

salt - the provided salt

Returns:

the hex-encoded hash

hashBase64

public String hashBase64(String input)

Returns a String representation of the hash in Base 64-encoded format.

Specified by:

hashBase64 in interface SecureHasher

Parameters:

input - the non-empty input

Returns:

the Base 64-encoded hash

hashBase64

public String hashBase64(String input,
                         String salt)

Returns a String representation of the hash in Base 64-encoded format.

Specified by:

hashBase64 in interface SecureHasher

Parameters:

input - the non-empty input

salt - the provided salt

Returns:

the Base 64-encoded hash

hashRaw

public byte[] hashRaw(byte[] input)

Returns a byte[] representation of SecureHasher.hash(input).

Specified by:

hashRaw in interface SecureHasher

Parameters:

input - the input

Returns:

the hash

hashRaw

public byte[] hashRaw(byte[] input,
                      byte[] salt)

Returns a byte[] representation of SecureHasher.hash(input).

Specified by:

hashRaw in interface SecureHasher

Parameters:

input - the input

salt - the provided salt

Returns:

the hash

validateInput

private String validateInput(String input)

Returns the valid input String (if the algorithm accepts empty input, changes null to ""; if not, throws IllegalArgumentException).

Parameters:

input - the input to validate

Returns:

a valid input string

hash

abstract byte[] hash(byte[] input)

Returns the algorithm-specific calculated hash for the input and generates or retrieves the salt according to the configured salt length.

Parameters:

input - the input in raw bytes

Returns:

the hash in raw bytes

hash

abstract byte[] hash(byte[] input,
                     byte[] salt)

Returns the algorithm-specific calculated hash for the input and salt.

Parameters:

input - the input in raw bytes

salt - the provided salt

Returns:

the hash in raw bytes