Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.shiro.tools.hasher; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.cli.DefaultParser; import org.apache.shiro.authc.credential.DefaultPasswordService; import org.apache.shiro.codec.Base64; import org.apache.shiro.codec.Hex; import org.apache.shiro.crypto.SecureRandomNumberGenerator; import org.apache.shiro.crypto.UnknownAlgorithmException; import org.apache.shiro.crypto.hash.DefaultHashService; import org.apache.shiro.crypto.hash.Hash; import org.apache.shiro.crypto.hash.HashRequest; import org.apache.shiro.crypto.hash.SimpleHashRequest; import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory; import org.apache.shiro.crypto.hash.format.HashFormat; import org.apache.shiro.crypto.hash.format.HashFormatFactory; import org.apache.shiro.crypto.hash.format.HexFormat; import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat; import org.apache.shiro.io.ResourceUtils; import org.apache.shiro.util.ByteSource; import org.apache.shiro.util.JavaEnvironment; import org.apache.shiro.util.StringUtils; import java.io.File; import java.io.IOException; import java.util.Arrays; /** * Commandline line utility to hash data such as strings, passwords, resources (files, urls, etc). * <p/> * Usage: * <pre> * java -jar shiro-tools-hasher<em>-version</em>-cli.jar * </pre> * This will print out all supported options with documentation. * * @since 1.2 */ public final class Hasher { private static final String HEX_PREFIX = "0x"; private static final String DEFAULT_ALGORITHM_NAME = "MD5"; private static final String DEFAULT_PASSWORD_ALGORITHM_NAME = DefaultPasswordService.DEFAULT_HASH_ALGORITHM; private static final int DEFAULT_GENERATED_SALT_SIZE = 128; private static final int DEFAULT_NUM_ITERATIONS = 1; private static final int DEFAULT_PASSWORD_NUM_ITERATIONS = DefaultPasswordService.DEFAULT_HASH_ITERATIONS; private static final Option ALGORITHM = new Option("a", "algorithm", true, "hash algorithm name. Defaults to SHA-256 when password hashing, MD5 otherwise."); private static final Option DEBUG = new Option("d", "debug", false, "show additional error (stack trace) information."); private static final Option FORMAT = new Option("f", "format", true, "hash output format. Defaults to 'shiro1' when password hashing, 'hex' otherwise. See below for more information."); private static final Option HELP = new Option("help", "help", false, "show this help message."); private static final Option ITERATIONS = new Option("i", "iterations", true, "number of hash iterations. Defaults to " + DEFAULT_PASSWORD_NUM_ITERATIONS + " when password hashing, 1 otherwise."); private static final Option PASSWORD = new Option("p", "password", false, "hash a password (disable typing echo)"); private static final Option PASSWORD_NC = new Option("pnc", "pnoconfirm", false, "hash a password (disable typing echo) but disable password confirmation prompt."); private static final Option RESOURCE = new Option("r", "resource", false, "read and hash the resource located at <value>. See below for more information."); private static final Option SALT = new Option("s", "salt", true, "use the specified salt. <arg> is plaintext."); private static final Option SALT_BYTES = new Option("sb", "saltbytes", true, "use the specified salt bytes. <arg> is hex or base64 encoded text."); private static final Option SALT_GEN = new Option("gs", "gensalt", false, "generate and use a random salt. Defaults to true when password hashing, false otherwise."); private static final Option NO_SALT_GEN = new Option("ngs", "nogensalt", false, "do NOT generate and use a random salt (valid during password hashing)."); private static final Option SALT_GEN_SIZE = new Option("gss", "gensaltsize", true, "the number of salt bits (not bytes!) to generate. Defaults to 128."); private static final Option PRIVATE_SALT = new Option("ps", "privatesalt", true, "use the specified private salt. <arg> is plaintext."); private static final Option PRIVATE_SALT_BYTES = new Option("psb", "privatesaltbytes", true, "use the specified private salt bytes. <arg> is hex or base64 encoded text."); private static final String SALT_MUTEX_MSG = createMutexMessage(SALT, SALT_BYTES); private static final HashFormatFactory HASH_FORMAT_FACTORY = new DefaultHashFormatFactory(); static { ALGORITHM.setArgName("name"); SALT_GEN_SIZE.setArgName("numBits"); ITERATIONS.setArgName("num"); SALT.setArgName("sval"); SALT_BYTES.setArgName("encTxt"); } public static void main(String[] args) { CommandLineParser parser = new DefaultParser(); Options options = new Options(); options.addOption(HELP).addOption(DEBUG).addOption(ALGORITHM).addOption(ITERATIONS); options.addOption(RESOURCE).addOption(PASSWORD).addOption(PASSWORD_NC); options.addOption(SALT).addOption(SALT_BYTES).addOption(SALT_GEN).addOption(SALT_GEN_SIZE) .addOption(NO_SALT_GEN); options.addOption(PRIVATE_SALT).addOption(PRIVATE_SALT_BYTES); options.addOption(FORMAT); boolean debug = false; String algorithm = null; //user unspecified int iterations = 0; //0 means unspecified by the end-user boolean resource = false; boolean password = false; boolean passwordConfirm = true; String saltString = null; String saltBytesString = null; boolean generateSalt = false; int generatedSaltSize = DEFAULT_GENERATED_SALT_SIZE; String privateSaltString = null; String privateSaltBytesString = null; String formatString = null; char[] passwordChars = null; try { CommandLine line = parser.parse(options, args); if (line.hasOption(HELP.getOpt())) { printHelpAndExit(options, null, debug, 0); } if (line.hasOption(DEBUG.getOpt())) { debug = true; } if (line.hasOption(ALGORITHM.getOpt())) { algorithm = line.getOptionValue(ALGORITHM.getOpt()); } if (line.hasOption(ITERATIONS.getOpt())) { iterations = getRequiredPositiveInt(line, ITERATIONS); } if (line.hasOption(PASSWORD.getOpt())) { password = true; generateSalt = true; } if (line.hasOption(RESOURCE.getOpt())) { resource = true; } if (line.hasOption(PASSWORD_NC.getOpt())) { password = true; generateSalt = true; passwordConfirm = false; } if (line.hasOption(SALT.getOpt())) { saltString = line.getOptionValue(SALT.getOpt()); } if (line.hasOption(SALT_BYTES.getOpt())) { saltBytesString = line.getOptionValue(SALT_BYTES.getOpt()); } if (line.hasOption(NO_SALT_GEN.getOpt())) { generateSalt = false; } if (line.hasOption(SALT_GEN.getOpt())) { generateSalt = true; } if (line.hasOption(SALT_GEN_SIZE.getOpt())) { generateSalt = true; generatedSaltSize = getRequiredPositiveInt(line, SALT_GEN_SIZE); if (generatedSaltSize % 8 != 0) { throw new IllegalArgumentException( "Generated salt size must be a multiple of 8 (e.g. 128, 192, 256, 512, etc)."); } } if (line.hasOption(PRIVATE_SALT.getOpt())) { privateSaltString = line.getOptionValue(PRIVATE_SALT.getOpt()); } if (line.hasOption(PRIVATE_SALT_BYTES.getOpt())) { privateSaltBytesString = line.getOptionValue(PRIVATE_SALT_BYTES.getOpt()); } if (line.hasOption(FORMAT.getOpt())) { formatString = line.getOptionValue(FORMAT.getOpt()); } String sourceValue; Object source; if (password) { passwordChars = readPassword(passwordConfirm); source = passwordChars; } else { String[] remainingArgs = line.getArgs(); if (remainingArgs == null || remainingArgs.length != 1) { printHelpAndExit(options, null, debug, -1); } assert remainingArgs != null; sourceValue = toString(remainingArgs); if (resource) { if (!ResourceUtils.hasResourcePrefix(sourceValue)) { source = toFile(sourceValue); } else { source = ResourceUtils.getInputStreamForPath(sourceValue); } } else { source = sourceValue; } } if (algorithm == null) { if (password) { algorithm = DEFAULT_PASSWORD_ALGORITHM_NAME; } else { algorithm = DEFAULT_ALGORITHM_NAME; } } if (iterations < DEFAULT_NUM_ITERATIONS) { //Iterations were not specified. Default to 350,000 when password hashing, and 1 for everything else: if (password) { iterations = DEFAULT_PASSWORD_NUM_ITERATIONS; } else { iterations = DEFAULT_NUM_ITERATIONS; } } ByteSource publicSalt = getSalt(saltString, saltBytesString, generateSalt, generatedSaltSize); ByteSource privateSalt = getSalt(privateSaltString, privateSaltBytesString, false, generatedSaltSize); HashRequest hashRequest = new SimpleHashRequest(algorithm, ByteSource.Util.bytes(source), publicSalt, iterations); DefaultHashService hashService = new DefaultHashService(); hashService.setPrivateSalt(privateSalt); Hash hash = hashService.computeHash(hashRequest); if (formatString == null) { //Output format was not specified. Default to 'shiro1' when password hashing, and 'hex' for //everything else: if (password) { formatString = Shiro1CryptFormat.class.getName(); } else { formatString = HexFormat.class.getName(); } } HashFormat format = HASH_FORMAT_FACTORY.getInstance(formatString); if (format == null) { throw new IllegalArgumentException("Unrecognized hash format '" + formatString + "'."); } String output = format.format(hash); System.out.println(output); } catch (IllegalArgumentException iae) { exit(iae, debug); } catch (UnknownAlgorithmException uae) { exit(uae, debug); } catch (IOException ioe) { exit(ioe, debug); } catch (Exception e) { printHelpAndExit(options, e, debug, -1); } finally { if (passwordChars != null && passwordChars.length > 0) { for (int i = 0; i < passwordChars.length; i++) { passwordChars[i] = ' '; } } } } private static String createMutexMessage(Option... options) { StringBuilder sb = new StringBuilder(); sb.append("The "); for (int i = 0; i < options.length; i++) { if (i > 0) { sb.append(", "); } Option o = options[0]; sb.append("-").append(o.getOpt()).append("/--").append(o.getLongOpt()); } sb.append(" and generated salt options are mutually exclusive. Only one of them may be used at a time"); return sb.toString(); } private static void exit(Exception e, boolean debug) { printException(e, debug); System.exit(-1); } private static int getRequiredPositiveInt(CommandLine line, Option option) { String iterVal = line.getOptionValue(option.getOpt()); try { return Integer.parseInt(iterVal); } catch (NumberFormatException e) { String msg = "'" + option.getLongOpt() + "' value must be a positive integer."; throw new IllegalArgumentException(msg, e); } } private static ByteSource getSalt(String saltString, String saltBytesString, boolean generateSalt, int generatedSaltSize) { if (saltString != null) { if (generateSalt || (saltBytesString != null)) { throw new IllegalArgumentException(SALT_MUTEX_MSG); } return ByteSource.Util.bytes(saltString); } if (saltBytesString != null) { if (generateSalt) { throw new IllegalArgumentException(SALT_MUTEX_MSG); } String value = saltBytesString; boolean base64 = true; if (saltBytesString.startsWith(HEX_PREFIX)) { //hex: base64 = false; value = value.substring(HEX_PREFIX.length()); } byte[] bytes; if (base64) { bytes = Base64.decode(value); } else { bytes = Hex.decode(value); } return ByteSource.Util.bytes(bytes); } if (generateSalt) { SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator(); int byteSize = generatedSaltSize / 8; //generatedSaltSize is in *bits* - convert to byte size: return generator.nextBytes(byteSize); } //no salt used: return null; } private static void printException(Exception e, boolean debug) { if (e != null) { System.out.println(); if (debug) { System.out.println("Error: "); e.printStackTrace(System.out); System.out.println(e.getMessage()); } else { System.out.println("Error: " + e.getMessage()); System.out.println(); System.out.println("Specify -d or --debug for more information."); } } } private static void printHelp(Options options, Exception e, boolean debug) { HelpFormatter help = new HelpFormatter(); String command = "java -jar shiro-tools-hasher-<version>.jar [options] [<value>]"; String header = "\nPrint a cryptographic hash (aka message digest) of the specified <value>.\n--\nOptions:"; String footer = "\n" + "<value> is optional only when hashing passwords (see below). It is\n" + "required all other times." + "\n\n" + "Password Hashing:\n" + "---------------------------------\n" + "Specify the -p/--password option and DO NOT enter a <value>. You will\n" + "be prompted for a password and characters will not echo as you type." + "\n\n" + "Salting:\n" + "---------------------------------\n" + "Specifying a salt:" + "\n\n" + "You may specify a salt using the -s/--salt option followed by the salt\n" + "value. If the salt value is a base64 or hex string representing a\n" + "byte array, you must specify the -sb/--saltbytes option to indicate this,\n" + "otherwise the text value bytes will be used directly." + "\n\n" + "When using -sb/--saltbytes, the -s/--salt value is expected to be a\n" + "base64-encoded string by default. If the value is a hex-encoded string,\n" + "you must prefix the string with 0x (zero x) to indicate a hex value." + "\n\n" + "Generating a salt:" + "\n\n" + "Use the -sg/--saltgenerated option if you don't want to specify a salt,\n" + "but want a strong random salt to be generated and used during hashing.\n" + "The generated salt size defaults to 128 bits. You may specify\n" + "a different size by using the -sgs/--saltgeneratedsize option followed by\n" + "a positive integer (size is in bits, not bytes)." + "\n\n" + "Because a salt must be specified if computing the\n" + "hash later, generated salts will be printed, defaulting to base64\n" + "encoding. If you prefer to use hex encoding, additionally use the\n" + "-sgh/--saltgeneratedhex option." + "\n\n" + "Specifying a private salt:" + "\n\n" + "You may specify a private salt using the -ps/--privatesalt option followed\n" + "by the private salt value. If the private salt value is a base64 or hex \n" + "string representing a byte array, you must specify the -psb/--privatesaltbytes\n" + "option to indicate this, otherwise the text value bytes will be used directly." + "\n\n" + "When using -psb/--privatesaltbytes, the -ps/--privatesalt value is expected to\n" + "be a base64-encoded string by default. If the value is a hex-encoded string,\n" + "you must prefix the string with 0x (zero x) to indicate a hex value." + "\n\n" + "Files, URLs and classpath resources:\n" + "---------------------------------\n" + "If using the -r/--resource option, the <value> represents a resource path.\n" + "By default this is expected to be a file path, but you may specify\n" + "classpath or URL resources by using the classpath: or url: prefix\n" + "respectively." + "\n\n" + "Some examples:" + "\n\n" + "<command> -r fileInCurrentDirectory.txt\n" + "<command> -r ../../relativePathFile.xml\n" + "<command> -r ~/documents/myfile.pdf\n" + "<command> -r /usr/local/logs/absolutePathFile.log\n" + "<command> -r url:http://foo.com/page.html\n" + "<command> -r classpath:/WEB-INF/lib/something.jar" + "\n\n" + "Output Format:\n" + "---------------------------------\n" + "Specify the -f/--format option followed by either 1) the format ID (as defined\n" + "by the " + DefaultHashFormatFactory.class.getName() + "\n" + "JavaDoc) or 2) the fully qualified " + HashFormat.class.getName() + "\n" + "implementation class name to instantiate and use for formatting.\n\n" + "The default output format is 'shiro1' which is a Modular Crypt Format (MCF)\n" + "that shows all relevant information as a dollar-sign ($) delimited string.\n" + "This format is ideal for use in Shiro's text-based user configuration (e.g.\n" + "shiro.ini or a properties file)."; printException(e, debug); System.out.println(); help.printHelp(command, header, options, null); System.out.println(footer); } private static void printHelpAndExit(Options options, Exception e, boolean debug, int exitCode) { printHelp(options, e, debug); System.exit(exitCode); } private static char[] readPassword(boolean confirm) { if (!JavaEnvironment.isAtLeastVersion16()) { String msg = "Password hashing (prompt without echo) uses the java.io.Console to read passwords " + "safely. This is only available on Java 1.6 platforms and later."; throw new IllegalArgumentException(msg); } java.io.Console console = System.console(); if (console == null) { throw new IllegalStateException( "java.io.Console is not available on the current JVM. Cannot read passwords."); } char[] first = console.readPassword("%s", "Password to hash: "); if (first == null || first.length == 0) { throw new IllegalArgumentException("No password specified."); } if (confirm) { char[] second = console.readPassword("%s", "Password to hash (confirm): "); if (!Arrays.equals(first, second)) { String msg = "Password entries do not match."; throw new IllegalArgumentException(msg); } } return first; } private static File toFile(String path) { String resolved = path; if (path.startsWith("~/") || path.startsWith(("~\\"))) { resolved = path.replaceFirst("\\~", System.getProperty("user.home")); } return new File(resolved); } private static String toString(String[] strings) { int len = strings != null ? strings.length : 0; if (len == 0) { return null; } return StringUtils.toDelimitedString(strings, " "); } }