| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> |
| <title>Coverage Report</title> |
| <link title="Style" type="text/css" rel="stylesheet" href="css/main.css"/> |
| <script type="text/javascript" src="js/popup.js"></script> |
| </head> |
| <body> |
| <h5>Coverage Report - org.apache.shiro.authc.credential.HashedCredentialsMatcher</h5> |
| <div class="separator"> </div> |
| <table class="report"> |
| <thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead> |
| <tr><td><a href="org.apache.shiro.authc.credential.HashedCredentialsMatcher.html">HashedCredentialsMatcher</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">81%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:81px"><span class="text">43/53</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">68%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:68px"><span class="text">11/16</span></div></div></td></tr></table></td><td class="value"><span class="hidden">1.588235294117647;</span>1.588</td></tr> |
| |
| </table> |
| <div class="separator"> </div> |
| <table cellspacing="0" cellpadding="0" class="src"> |
| <tr> <td class="numLine"> 1</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/*</span></pre></td></tr> |
| <tr> <td class="numLine"> 2</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Licensed to the Apache Software Foundation (ASF) under one</span></pre></td></tr> |
| <tr> <td class="numLine"> 3</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * or more contributor license agreements. See the NOTICE file</span></pre></td></tr> |
| <tr> <td class="numLine"> 4</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * distributed with this work for additional information</span></pre></td></tr> |
| <tr> <td class="numLine"> 5</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * regarding copyright ownership. The ASF licenses this file</span></pre></td></tr> |
| <tr> <td class="numLine"> 6</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to you under the Apache License, Version 2.0 (the</span></pre></td></tr> |
| <tr> <td class="numLine"> 7</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * "License"); you may not use this file except in compliance</span></pre></td></tr> |
| <tr> <td class="numLine"> 8</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * with the License. You may obtain a copy of the License at</span></pre></td></tr> |
| <tr> <td class="numLine"> 9</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 10</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * http://www.apache.org/licenses/LICENSE-2.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 11</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 12</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Unless required by applicable law or agreed to in writing,</span></pre></td></tr> |
| <tr> <td class="numLine"> 13</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * software distributed under the License is distributed on an</span></pre></td></tr> |
| <tr> <td class="numLine"> 14</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</span></pre></td></tr> |
| <tr> <td class="numLine"> 15</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * KIND, either express or implied. See the License for the</span></pre></td></tr> |
| <tr> <td class="numLine"> 16</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * specific language governing permissions and limitations</span></pre></td></tr> |
| <tr> <td class="numLine"> 17</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * under the License.</span></pre></td></tr> |
| <tr> <td class="numLine"> 18</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 19</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">package</span> org.apache.shiro.authc.credential;</pre></td></tr> |
| <tr> <td class="numLine"> 20</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 21</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.AuthenticationInfo;</pre></td></tr> |
| <tr> <td class="numLine"> 22</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.AuthenticationToken;</pre></td></tr> |
| <tr> <td class="numLine"> 23</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.authc.SaltedAuthenticationInfo;</pre></td></tr> |
| <tr> <td class="numLine"> 24</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.codec.Base64;</pre></td></tr> |
| <tr> <td class="numLine"> 25</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.codec.Hex;</pre></td></tr> |
| <tr> <td class="numLine"> 26</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.crypto.hash.AbstractHash;</pre></td></tr> |
| <tr> <td class="numLine"> 27</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.crypto.hash.Hash;</pre></td></tr> |
| <tr> <td class="numLine"> 28</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.crypto.hash.SimpleHash;</pre></td></tr> |
| <tr> <td class="numLine"> 29</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.apache.shiro.util.StringUtils;</pre></td></tr> |
| <tr> <td class="numLine"> 30</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 31</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 32</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * A {@code HashedCredentialMatcher} provides support for hashing of supplied {@code AuthenticationToken} credentials</span></pre></td></tr> |
| <tr> <td class="numLine"> 33</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * before being compared to those in the {@code AuthenticationInfo} from the data store.</span></pre></td></tr> |
| <tr> <td class="numLine"> 34</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 35</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Credential hashing is one of the most common security techniques when safeguarding a user's private credentials</span></pre></td></tr> |
| <tr> <td class="numLine"> 36</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * (passwords, keys, etc). Most developers never want to store their users' credentials in plain form, viewable by</span></pre></td></tr> |
| <tr> <td class="numLine"> 37</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * anyone, so they often hash the users' credentials before they are saved in the data store.</span></pre></td></tr> |
| <tr> <td class="numLine"> 38</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 39</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This class (and its subclasses) function as follows:</span></pre></td></tr> |
| <tr> <td class="numLine"> 40</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 41</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>Hash the {@code AuthenticationToken} credentials supplied by the user during their login.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 42</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>Compare this hashed value directly with the {@code AuthenticationInfo} credentials stored in the system</span></pre></td></tr> |
| <tr> <td class="numLine"> 43</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * (the stored account credentials are expected to already be in hashed form).</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 44</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>If these two values are {@link #equals(Object, Object) equal}, the submitted credentials match, otherwise</span></pre></td></tr> |
| <tr> <td class="numLine"> 45</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * they do not.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 46</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 47</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h2>Salting and Multiple Hash Iterations</h2></span></pre></td></tr> |
| <tr> <td class="numLine"> 48</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Because simple hashing is usually not good enough for secure applications, this class also supports 'salting'</span></pre></td></tr> |
| <tr> <td class="numLine"> 49</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * and multiple hash iterations. Please read this excellent</span></pre></td></tr> |
| <tr> <td class="numLine"> 50</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a> to learn about</span></pre></td></tr> |
| <tr> <td class="numLine"> 51</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * salting and multiple iterations and why you might want to use them. (Note of sections 5</span></pre></td></tr> |
| <tr> <td class="numLine"> 52</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * &quot;Why add salt?&quot; and 6 "Hardening against the attacker's attack"). We should also note here that all of</span></pre></td></tr> |
| <tr> <td class="numLine"> 53</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Shiro's Hash implementations (for example, {@link org.apache.shiro.crypto.hash.Md5Hash Md5Hash},</span></pre></td></tr> |
| <tr> <td class="numLine"> 54</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.crypto.hash.Sha1Hash Sha1Hash}, etc) support salting and multiple hash iterations via</span></pre></td></tr> |
| <tr> <td class="numLine"> 55</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * overloaded constructors.</span></pre></td></tr> |
| <tr> <td class="numLine"> 56</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h4>Real World Case Study</h4></span></pre></td></tr> |
| <tr> <td class="numLine"> 57</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * In April 2010, some public Atlassian Jira and Confluence</span></pre></td></tr> |
| <tr> <td class="numLine"> 58</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * installations (Apache Software Foundation, Codehaus, etc) were the target of account attacks and user accounts</span></pre></td></tr> |
| <tr> <td class="numLine"> 59</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * were compromised. The reason? Jira and Confluence at the time did not salt user passwords and attackers were</span></pre></td></tr> |
| <tr> <td class="numLine"> 60</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * able to use dictionary attacks to compromise user accounts (Atlassian has since</span></pre></td></tr> |
| <tr> <td class="numLine"> 61</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html"></span></pre></td></tr> |
| <tr> <td class="numLine"> 62</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * fixed the problem</a> of course).</span></pre></td></tr> |
| <tr> <td class="numLine"> 63</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 64</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The lesson?</span></pre></td></tr> |
| <tr> <td class="numLine"> 65</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 66</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <b>ALWAYS, ALWAYS, ALWAYS SALT USER PASSWORDS!</b></span></pre></td></tr> |
| <tr> <td class="numLine"> 67</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 68</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h3>Salting</h3></span></pre></td></tr> |
| <tr> <td class="numLine"> 69</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Prior to Shiro 1.1, salts could be obtained based on the end-user submitted</span></pre></td></tr> |
| <tr> <td class="numLine"> 70</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link AuthenticationToken AuthenticationToken} via the now-deprecated</span></pre></td></tr> |
| <tr> <td class="numLine"> 71</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getSalt(org.apache.shiro.authc.AuthenticationToken) getSalt(AuthenticationToken)} method. This however</span></pre></td></tr> |
| <tr> <td class="numLine"> 72</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * could constitute a security hole since ideally salts should never be obtained based on what a user can submit.</span></pre></td></tr> |
| <tr> <td class="numLine"> 73</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * User-submitted salt mechanisms are <em>much</em> more susceptible to dictionary attacks and <b>SHOULD NOT</b> be</span></pre></td></tr> |
| <tr> <td class="numLine"> 74</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * used in secure systems. Instead salts should ideally be a secure randomly-generated number that is generated when</span></pre></td></tr> |
| <tr> <td class="numLine"> 75</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the user account is created. The secure number should never be disseminated to the user and always kept private</span></pre></td></tr> |
| <tr> <td class="numLine"> 76</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * by the application.</span></pre></td></tr> |
| <tr> <td class="numLine"> 77</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h4>Shiro 1.1</h4></span></pre></td></tr> |
| <tr> <td class="numLine"> 78</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * As of Shiro 1.1, it is expected that any salt used to hash the submitted credentials will be obtained from the</span></pre></td></tr> |
| <tr> <td class="numLine"> 79</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * stored account information (represented as an {@link AuthenticationInfo AuthenticationInfo} instance). This is much</span></pre></td></tr> |
| <tr> <td class="numLine"> 80</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * more secure because the salt value remains private to the application (Shiro will never store this value).</span></pre></td></tr> |
| <tr> <td class="numLine"> 81</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 82</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * To enable this, {@code Realm}s should return {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} instances</span></pre></td></tr> |
| <tr> <td class="numLine"> 83</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * during authentication. {@code HashedCredentialsMatcher} implementations will then use the provided</span></pre></td></tr> |
| <tr> <td class="numLine"> 84</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt credentialsSalt} for hashing. To avoid</span></pre></td></tr> |
| <tr> <td class="numLine"> 85</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * security risks,</span></pre></td></tr> |
| <tr> <td class="numLine"> 86</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <b>it is highly recommended that any existing {@code Realm} implementations that support hashed credentials are</span></pre></td></tr> |
| <tr> <td class="numLine"> 87</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * updated to return {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} instances as soon as possible</b>.</span></pre></td></tr> |
| <tr> <td class="numLine"> 88</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h4>Shiro 1.0 Backwards Compatibility</h4></span></pre></td></tr> |
| <tr> <td class="numLine"> 89</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Because of the identified security risk, {@code Realm} implementations that support credentials hashing should</span></pre></td></tr> |
| <tr> <td class="numLine"> 90</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * be updated to return {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} instances as</span></pre></td></tr> |
| <tr> <td class="numLine"> 91</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * soon as possible.</span></pre></td></tr> |
| <tr> <td class="numLine"> 92</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 93</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If this is not possible for some reason, this class will retain 1.0 backwards-compatible behavior of obtaining</span></pre></td></tr> |
| <tr> <td class="numLine"> 94</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the salt via the now-deprecated {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)} method. This</span></pre></td></tr> |
| <tr> <td class="numLine"> 95</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * method will only be invoked if a {@code Realm} <em>does not</em> return</span></pre></td></tr> |
| <tr> <td class="numLine"> 96</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link SaltedAuthenticationInfo SaltedAutenticationInfo} instances and {@link #isHashSalted() hashSalted} is</span></pre></td></tr> |
| <tr> <td class="numLine"> 97</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code true}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 98</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * But please note that the {@link #isHashSalted() hashSalted} property and the</span></pre></td></tr> |
| <tr> <td class="numLine"> 99</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)} methods will be removed before the Shiro 2.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 100</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * release.</span></pre></td></tr> |
| <tr> <td class="numLine"> 101</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h3>Multiple Hash Iterations</h3></span></pre></td></tr> |
| <tr> <td class="numLine"> 102</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If you hash your users' credentials multiple times before persisting to the data store, you will also need to</span></pre></td></tr> |
| <tr> <td class="numLine"> 103</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * set this class's {@link #setHashIterations(int) hashIterations} property. See the</span></pre></td></tr> |
| <tr> <td class="numLine"> 104</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://www.owasp.org/index.php/Hashing_Java" _target="blank">Hashing Java article</a>'s</span></pre></td></tr> |
| <tr> <td class="numLine"> 105</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack"></span></pre></td></tr> |
| <tr> <td class="numLine"> 106</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * &quot;Hardening against the attacker's attack&quot;</a> section to learn more about why you might want to use</span></pre></td></tr> |
| <tr> <td class="numLine"> 107</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * multiple hash iterations.</span></pre></td></tr> |
| <tr> <td class="numLine"> 108</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <h2>MD5 &amp; SHA-1 Notice</h2></span></pre></td></tr> |
| <tr> <td class="numLine"> 109</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://en.wikipedia.org/wiki/MD5">MD5</a> and</span></pre></td></tr> |
| <tr> <td class="numLine"> 110</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <a href="http://en.wikipedia.org/wiki/SHA_hash_functions">SHA-1</a> algorithms are now known to be vulnerable to</span></pre></td></tr> |
| <tr> <td class="numLine"> 111</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * compromise and/or collisions (read the linked pages for more). While most applications are ok with either of these</span></pre></td></tr> |
| <tr> <td class="numLine"> 112</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * two, if your application mandates high security, use the SHA-256 (or higher) hashing algorithms and their</span></pre></td></tr> |
| <tr> <td class="numLine"> 113</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * supporting {@code CredentialsMatcher} implementations.</span></pre></td></tr> |
| <tr> <td class="numLine"> 114</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 115</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see org.apache.shiro.crypto.hash.Md5Hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 116</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see org.apache.shiro.crypto.hash.Sha1Hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 117</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @see org.apache.shiro.crypto.hash.Sha256Hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 118</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 0.9</span></pre></td></tr> |
| <tr> <td class="numLine"> 119</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 120</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">class</span> HashedCredentialsMatcher <span class="keyword">extends</span> SimpleCredentialsMatcher {</pre></td></tr> |
| <tr> <td class="numLine"> 121</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 122</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 123</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 124</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 125</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> String hashAlgorithm;</pre></td></tr> |
| <tr> <td class="numLine"> 126</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">int</span> hashIterations;</pre></td></tr> |
| <tr> <td class="numLine"> 127</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">boolean</span> hashSalted;</pre></td></tr> |
| <tr> <td class="numLine"> 128</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">boolean</span> storedCredentialsHexEncoded;</pre></td></tr> |
| <tr> <td class="numLine"> 129</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 130</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 131</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * JavaBeans-compatibile no-arg constructor intended for use in IoC/Dependency Injection environments. If you</span></pre></td></tr> |
| <tr> <td class="numLine"> 132</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * use this constructor, you <em>MUST</em> also additionally set the</span></pre></td></tr> |
| <tr> <td class="numLine"> 133</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #setHashAlgorithmName(String) hashAlgorithmName} property.</span></pre></td></tr> |
| <tr> <td class="numLine"> 134</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 135</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">public</span> HashedCredentialsMatcher() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 136</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.hashAlgorithm = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 137</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.hashSalted = <span class="keyword">false</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 138</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.hashIterations = 1;</pre></td></tr> |
| <tr> <td class="numLineCover"> 139</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.storedCredentialsHexEncoded = <span class="keyword">true</span>; <span class="comment">//false means Base64-encoded</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 140</td> <td class="nbHitsCovered"> 21</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 141</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 142</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 143</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Creates an instance using the specified {@link #getHashAlgorithmName() hashAlgorithmName} to hash submitted</span></pre></td></tr> |
| <tr> <td class="numLine"> 144</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * credentials.</span></pre></td></tr> |
| <tr> <td class="numLine"> 145</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param hashAlgorithmName the {@code Hash} {@link org.apache.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName}</span></pre></td></tr> |
| <tr> <td class="numLine"> 146</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to use when performing hashes for credentials matching.</span></pre></td></tr> |
| <tr> <td class="numLine"> 147</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 148</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 149</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> HashedCredentialsMatcher(String hashAlgorithmName) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 150</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> <span class="keyword">this</span>();</pre></td></tr> |
| <tr> <td class="numLineCover"> 151</td> <td class="nbHitsUncovered"><a title="Line 151: Conditional coverage 50% (1/2)."> 3</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 151: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (!StringUtils.hasText(hashAlgorithmName) ) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 152</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">throw</span> <span class="keyword">new</span> IllegalArgumentException(<span class="string">"hashAlgorithmName cannot be null or empty."</span>);</span></pre></td></tr> |
| <tr> <td class="numLine"> 153</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 154</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.hashAlgorithm = hashAlgorithmName;</pre></td></tr> |
| <tr> <td class="numLineCover"> 155</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 156</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 157</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 158</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the {@code Hash} {@link org.apache.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use</span></pre></td></tr> |
| <tr> <td class="numLine"> 159</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * when performing hashes for credentials matching.</span></pre></td></tr> |
| <tr> <td class="numLine"> 160</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 161</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the {@code Hash} {@link org.apache.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use</span></pre></td></tr> |
| <tr> <td class="numLine"> 162</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * when performing hashes for credentials matching.</span></pre></td></tr> |
| <tr> <td class="numLine"> 163</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 164</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 165</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> String getHashAlgorithmName() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 166</td> <td class="nbHitsCovered"> 40</td> <td class="src"><pre class="src"> <span class="keyword">return</span> hashAlgorithm;</pre></td></tr> |
| <tr> <td class="numLine"> 167</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 168</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 169</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 170</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Sets the {@code Hash} {@link org.apache.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName} to use</span></pre></td></tr> |
| <tr> <td class="numLine"> 171</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * when performing hashes for credentials matching.</span></pre></td></tr> |
| <tr> <td class="numLine"> 172</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 173</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param hashAlgorithmName the {@code Hash} {@link org.apache.shiro.crypto.hash.Hash#getAlgorithmName() algorithmName}</span></pre></td></tr> |
| <tr> <td class="numLine"> 174</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to use when performing hashes for credentials matching.</span></pre></td></tr> |
| <tr> <td class="numLine"> 175</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 176</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 177</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> setHashAlgorithmName(String hashAlgorithmName) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 178</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.hashAlgorithm = hashAlgorithmName;</pre></td></tr> |
| <tr> <td class="numLineCover"> 179</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 180</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 181</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 182</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns {@code true} if the system's stored credential hash is Hex encoded, {@code false} if it</span></pre></td></tr> |
| <tr> <td class="numLine"> 183</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * is Base64 encoded.</span></pre></td></tr> |
| <tr> <td class="numLine"> 184</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 185</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Default value is {@code true} for convenience - all of Shiro's {@link Hash Hash#toString()}</span></pre></td></tr> |
| <tr> <td class="numLine"> 186</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * implementations return Hex encoded values by default, making this class's use with those implementations</span></pre></td></tr> |
| <tr> <td class="numLine"> 187</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * easier.</span></pre></td></tr> |
| <tr> <td class="numLine"> 188</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 189</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return {@code true} if the system's stored credential hash is Hex encoded, {@code false} if it</span></pre></td></tr> |
| <tr> <td class="numLine"> 190</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * is Base64 encoded. Default is {@code true}</span></pre></td></tr> |
| <tr> <td class="numLine"> 191</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 192</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">boolean</span> isStoredCredentialsHexEncoded() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 193</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> <span class="keyword">return</span> storedCredentialsHexEncoded;</pre></td></tr> |
| <tr> <td class="numLine"> 194</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 195</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 196</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 197</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Sets the indicator if this system's stored credential hash is Hex encoded or not.</span></pre></td></tr> |
| <tr> <td class="numLine"> 198</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 199</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * A value of {@code true} will cause this class to decode the system credential from Hex, a</span></pre></td></tr> |
| <tr> <td class="numLine"> 200</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * value of {@code false} will cause this class to decode the system credential from Base64.</span></pre></td></tr> |
| <tr> <td class="numLine"> 201</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 202</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Unless overridden via this method, the default value is {@code true} for convenience - all of Shiro's</span></pre></td></tr> |
| <tr> <td class="numLine"> 203</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link Hash Hash#toString()} implementations return Hex encoded values by default, making this class's use with</span></pre></td></tr> |
| <tr> <td class="numLine"> 204</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * those implementations easier.</span></pre></td></tr> |
| <tr> <td class="numLine"> 205</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 206</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param storedCredentialsHexEncoded the indicator if this system's stored credential hash is Hex</span></pre></td></tr> |
| <tr> <td class="numLine"> 207</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * encoded or not ('not' automatically implying it is Base64 encoded).</span></pre></td></tr> |
| <tr> <td class="numLine"> 208</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 209</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> setStoredCredentialsHexEncoded(<span class="keyword">boolean</span> storedCredentialsHexEncoded) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 210</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">this</span>.storedCredentialsHexEncoded = storedCredentialsHexEncoded;</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 211</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> }</span></pre></td></tr> |
| <tr> <td class="numLine"> 212</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 213</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 214</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing,</span></pre></td></tr> |
| <tr> <td class="numLine"> 215</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code false} if it should not be salted.</span></pre></td></tr> |
| <tr> <td class="numLine"> 216</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 217</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If enabled, the salt used will be obtained via the {@link #getSalt(AuthenticationToken) getSalt} method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 218</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 219</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The default value is {@code false}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 220</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 221</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return {@code true} if a submitted {@code AuthenticationToken}'s credentials should be salted when hashing,</span></pre></td></tr> |
| <tr> <td class="numLine"> 222</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code false} if it should not be salted.</span></pre></td></tr> |
| <tr> <td class="numLine"> 223</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @deprecated since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}</span></pre></td></tr> |
| <tr> <td class="numLine"> 224</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its</span></pre></td></tr> |
| <tr> <td class="numLine"> 225</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.</span></pre></td></tr> |
| <tr> <td class="numLine"> 226</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return</span></pre></td></tr> |
| <tr> <td class="numLine"> 227</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code SaltedAuthenticationInfo} instances, but <b>it is highly recommended that {@code Realm} implementations</span></pre></td></tr> |
| <tr> <td class="numLine"> 228</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}</span></pre></td></tr> |
| <tr> <td class="numLine"> 229</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * instances as soon as possible</b>.</span></pre></td></tr> |
| <tr> <td class="numLine"> 230</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 231</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This is because salts should always be obtained from the stored account information and</span></pre></td></tr> |
| <tr> <td class="numLine"> 232</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for</span></pre></td></tr> |
| <tr> <td class="numLine"> 233</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user</span></pre></td></tr> |
| <tr> <td class="numLine"> 234</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * are almost impossible to break. This method will be removed in Shiro 2.0.</span></pre></td></tr> |
| <tr> <td class="numLine"> 235</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 236</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @Deprecated</pre></td></tr> |
| <tr> <td class="numLine"> 237</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">boolean</span> isHashSalted() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 238</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">return</span> hashSalted;</pre></td></tr> |
| <tr> <td class="numLine"> 239</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 240</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 241</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 242</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Sets whether or not to salt a submitted {@code AuthenticationToken}'s credentials when hashing.</span></pre></td></tr> |
| <tr> <td class="numLine"> 243</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 244</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If enabled, the salt used will be obtained via the {@link #getSalt(org.apache.shiro.authc.AuthenticationToken) getCredentialsSalt} method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 245</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </p></span></pre></td></tr> |
| <tr> <td class="numLine"> 246</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The default value is {@code false}.</span></pre></td></tr> |
| <tr> <td class="numLine"> 247</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 248</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param hashSalted whether or not to salt a submitted {@code AuthenticationToken}'s credentials when hashing.</span></pre></td></tr> |
| <tr> <td class="numLine"> 249</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @deprecated since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}</span></pre></td></tr> |
| <tr> <td class="numLine"> 250</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its</span></pre></td></tr> |
| <tr> <td class="numLine"> 251</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.</span></pre></td></tr> |
| <tr> <td class="numLine"> 252</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return</span></pre></td></tr> |
| <tr> <td class="numLine"> 253</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code SaltedAuthenticationInfo} instances, but <b>it is highly recommended that {@code Realm} implementations</span></pre></td></tr> |
| <tr> <td class="numLine"> 254</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}</span></pre></td></tr> |
| <tr> <td class="numLine"> 255</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * instances as soon as possible</b>.</span></pre></td></tr> |
| <tr> <td class="numLine"> 256</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 257</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This is because salts should always be obtained from the stored account information and</span></pre></td></tr> |
| <tr> <td class="numLine"> 258</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for</span></pre></td></tr> |
| <tr> <td class="numLine"> 259</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user</span></pre></td></tr> |
| <tr> <td class="numLine"> 260</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * are almost impossible to break. This method will be removed in Shiro 2.0.</span></pre></td></tr> |
| <tr> <td class="numLine"> 261</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 262</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @Deprecated</pre></td></tr> |
| <tr> <td class="numLine"> 263</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> setHashSalted(<span class="keyword">boolean</span> hashSalted) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 264</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.hashSalted = hashSalted;</pre></td></tr> |
| <tr> <td class="numLineCover"> 265</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 266</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 267</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 268</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before</span></pre></td></tr> |
| <tr> <td class="numLine"> 269</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * comparing to the credentials stored in the system.</span></pre></td></tr> |
| <tr> <td class="numLine"> 270</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 271</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Unless overridden, the default value is {@code 1}, meaning a normal hash execution will occur.</span></pre></td></tr> |
| <tr> <td class="numLine"> 272</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 273</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before</span></pre></td></tr> |
| <tr> <td class="numLine"> 274</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * comparing to the credentials stored in the system.</span></pre></td></tr> |
| <tr> <td class="numLine"> 275</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 276</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">int</span> getHashIterations() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 277</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">return</span> hashIterations;</pre></td></tr> |
| <tr> <td class="numLine"> 278</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 279</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 280</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 281</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Sets the number of times a submitted {@code AuthenticationToken}'s credentials will be hashed before comparing</span></pre></td></tr> |
| <tr> <td class="numLine"> 282</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to the credentials stored in the system.</span></pre></td></tr> |
| <tr> <td class="numLine"> 283</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 284</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Unless overridden, the default value is {@code 1}, meaning a normal single hash execution will occur.</span></pre></td></tr> |
| <tr> <td class="numLine"> 285</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 286</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If this argument is less than 1 (i.e. 0 or negative), the default value of 1 is applied. There must always be</span></pre></td></tr> |
| <tr> <td class="numLine"> 287</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * at least 1 hash iteration (otherwise there would be no hash).</span></pre></td></tr> |
| <tr> <td class="numLine"> 288</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 289</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param hashIterations the number of times to hash a submitted {@code AuthenticationToken}'s credentials.</span></pre></td></tr> |
| <tr> <td class="numLine"> 290</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 291</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> setHashIterations(<span class="keyword">int</span> hashIterations) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 292</td> <td class="nbHitsUncovered"><a title="Line 292: Conditional coverage 0% (0/2)."> 0</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 292: Conditional coverage 0% (0/2)."> <span class="keyword">if</span> (hashIterations < 1) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 293</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">this</span>.hashIterations = 1;</span></pre></td></tr> |
| <tr> <td class="numLine"> 294</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> } <span class="keyword">else</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 295</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">this</span>.hashIterations = hashIterations;</span></pre></td></tr> |
| <tr> <td class="numLine"> 296</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 297</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> }</span></pre></td></tr> |
| <tr> <td class="numLine"> 298</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 299</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 300</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns a salt value used to hash the token's credentials.</span></pre></td></tr> |
| <tr> <td class="numLine"> 301</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 302</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This default implementation merely returns {@code token.getPrincipal()}, effectively using the user's</span></pre></td></tr> |
| <tr> <td class="numLine"> 303</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * identity (username, user id, etc) as the salt, a most common technique. If you wish to provide the</span></pre></td></tr> |
| <tr> <td class="numLine"> 304</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication token's salt another way, you may override this method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 305</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 306</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the AuthenticationToken submitted during the authentication attempt.</span></pre></td></tr> |
| <tr> <td class="numLine"> 307</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return a salt value to use to hash the authentication token's credentials.</span></pre></td></tr> |
| <tr> <td class="numLine"> 308</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @deprecated since Shiro 1.1. Hash salting is now expected to be based on if the {@link AuthenticationInfo}</span></pre></td></tr> |
| <tr> <td class="numLine"> 309</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * returned from the {@code Realm} is a {@link SaltedAuthenticationInfo} instance and its</span></pre></td></tr> |
| <tr> <td class="numLine"> 310</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.authc.SaltedAuthenticationInfo#getCredentialsSalt() getCredentialsSalt()} method returns a non-null value.</span></pre></td></tr> |
| <tr> <td class="numLine"> 311</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This method and the 1.0 behavior still exists for backwards compatibility if the {@code Realm} does not return</span></pre></td></tr> |
| <tr> <td class="numLine"> 312</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code SaltedAuthenticationInfo} instances, but <b>it is highly recommended that {@code Realm} implementations</span></pre></td></tr> |
| <tr> <td class="numLine"> 313</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * that support hashed credentials start returning {@link SaltedAuthenticationInfo SaltedAuthenticationInfo}</span></pre></td></tr> |
| <tr> <td class="numLine"> 314</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * instances as soon as possible</b>.<p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 315</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This is because salts should always be obtained from the stored account information and</span></pre></td></tr> |
| <tr> <td class="numLine"> 316</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for</span></pre></td></tr> |
| <tr> <td class="numLine"> 317</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user</span></pre></td></tr> |
| <tr> <td class="numLine"> 318</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * are almost impossible to break. This method will be removed in Shiro 2.0.</span></pre></td></tr> |
| <tr> <td class="numLine"> 319</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 320</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @Deprecated</pre></td></tr> |
| <tr> <td class="numLine"> 321</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> Object getSalt(AuthenticationToken token) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 322</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> token.getPrincipal();</pre></td></tr> |
| <tr> <td class="numLine"> 323</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 324</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 325</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 326</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns a {@link Hash Hash} instance representing the already-hashed AuthenticationInfo credentials stored in the system.</span></pre></td></tr> |
| <tr> <td class="numLine"> 327</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 328</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This method reconstructs a {@link Hash Hash} instance based on a {@code info.getCredentials} call,</span></pre></td></tr> |
| <tr> <td class="numLine"> 329</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * but it does <em>not</em> hash that value - it is expected that method call will return an already-hashed value.</span></pre></td></tr> |
| <tr> <td class="numLine"> 330</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 331</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation's reconstruction effort functions as follows:</span></pre></td></tr> |
| <tr> <td class="numLine"> 332</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 333</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>Convert {@code account.getCredentials()} to a byte array via the {@link #toBytes toBytes} method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 334</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>If {@code account.getCredentials()} was originally a String or char[] before {@code toBytes} was</span></pre></td></tr> |
| <tr> <td class="numLine"> 335</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * called, check for encoding:</span></pre></td></tr> |
| <tr> <td class="numLine"> 336</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>If {@link #storedCredentialsHexEncoded storedCredentialsHexEncoded}, Hex decode that byte array, otherwise</span></pre></td></tr> |
| <tr> <td class="numLine"> 337</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Base64 decode the byte array</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 338</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <li>Set the byte[] array directly on the {@code Hash} implementation and return it.</li></span></pre></td></tr> |
| <tr> <td class="numLine"> 339</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * </ol></span></pre></td></tr> |
| <tr> <td class="numLine"> 340</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 341</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param info the AuthenticationInfo from which to retrieve the credentials which assumed to be in already-hashed form.</span></pre></td></tr> |
| <tr> <td class="numLine"> 342</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return a {@link Hash Hash} instance representing the given AuthenticationInfo's stored credentials.</span></pre></td></tr> |
| <tr> <td class="numLine"> 343</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 344</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> Object getCredentials(AuthenticationInfo info) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 345</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> Object credentials = info.getCredentials();</pre></td></tr> |
| <tr> <td class="numLine"> 346</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 347</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">byte</span>[] storedBytes = toBytes(credentials);</pre></td></tr> |
| <tr> <td class="numLine"> 348</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 349</td> <td class="nbHitsCovered"><a title="Line 349: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> 20</a></td> <td class="src"><pre class="src"> <a title="Line 349: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> <span class="keyword">if</span> (credentials <span class="keyword">instanceof</span> String || credentials <span class="keyword">instanceof</span> <span class="keyword">char</span>[]) {</a></pre></td></tr> |
| <tr> <td class="numLine"> 350</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//account.credentials were a char[] or String, so</span></pre></td></tr> |
| <tr> <td class="numLine"> 351</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//we need to do text decoding first:</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 352</td> <td class="nbHitsUncovered"><a title="Line 352: Conditional coverage 50% (1/2)."> 11</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 352: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (isStoredCredentialsHexEncoded()) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 353</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> storedBytes = Hex.decode(storedBytes);</pre></td></tr> |
| <tr> <td class="numLine"> 354</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> } <span class="keyword">else</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 355</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> storedBytes = Base64.decode(storedBytes);</span></pre></td></tr> |
| <tr> <td class="numLine"> 356</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 357</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 358</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> AbstractHash hash = newHashInstance();</pre></td></tr> |
| <tr> <td class="numLineCover"> 359</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> hash.setBytes(storedBytes);</pre></td></tr> |
| <tr> <td class="numLineCover"> 360</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">return</span> hash;</pre></td></tr> |
| <tr> <td class="numLine"> 361</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 362</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 363</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 364</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This implementation first hashes the {@code token}'s credentials, potentially using a</span></pre></td></tr> |
| <tr> <td class="numLine"> 365</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code salt} if the {@code info} argument is a</span></pre></td></tr> |
| <tr> <td class="numLine"> 366</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link org.apache.shiro.authc.SaltedAuthenticationInfo SaltedAuthenticationInfo}. It then compares the hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 367</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * against the {@code AuthenticationInfo}'s</span></pre></td></tr> |
| <tr> <td class="numLine"> 368</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link #getCredentials(org.apache.shiro.authc.AuthenticationInfo) already-hashed credentials}. This method</span></pre></td></tr> |
| <tr> <td class="numLine"> 369</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * returns {@code true} if those two values are {@link #equals(Object, Object) equal}, {@code false} otherwise.</span></pre></td></tr> |
| <tr> <td class="numLine"> 370</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 371</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the {@code AuthenticationToken} submitted during the authentication attempt.</span></pre></td></tr> |
| <tr> <td class="numLine"> 372</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param info the {@code AuthenticationInfo} stored in the system matching the token principal</span></pre></td></tr> |
| <tr> <td class="numLine"> 373</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return {@code true} if the provided token credentials hash match to the stored account credentials hash,</span></pre></td></tr> |
| <tr> <td class="numLine"> 374</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code false} otherwise</span></pre></td></tr> |
| <tr> <td class="numLine"> 375</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 376</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 377</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @Override</pre></td></tr> |
| <tr> <td class="numLine"> 378</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">boolean</span> doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 379</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> Object tokenHashedCredentials = hashProvidedCredentials(token, info);</pre></td></tr> |
| <tr> <td class="numLineCover"> 380</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> Object accountCredentials = getCredentials(info);</pre></td></tr> |
| <tr> <td class="numLineCover"> 381</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">return</span> equals(tokenHashedCredentials, accountCredentials);</pre></td></tr> |
| <tr> <td class="numLine"> 382</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 383</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 384</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 385</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Hash the provided {@code token}'s credentials using the salt stored with the account if the</span></pre></td></tr> |
| <tr> <td class="numLine"> 386</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code info} instance is an {@code instanceof} {@link SaltedAuthenticationInfo SaltedAuthenticationInfo} (see</span></pre></td></tr> |
| <tr> <td class="numLine"> 387</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the class-level JavaDoc for why this is the preferred approach).</span></pre></td></tr> |
| <tr> <td class="numLine"> 388</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p/></span></pre></td></tr> |
| <tr> <td class="numLine"> 389</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * If the {@code info} instance is <em>not</em></span></pre></td></tr> |
| <tr> <td class="numLine"> 390</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * an {@code instanceof} {@code SaltedAuthenticationInfo}, the logic will fall back to Shiro 1.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 391</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * backwards-compatible logic: it will first check to see {@link #isHashSalted() isHashSalted} and if so, will try</span></pre></td></tr> |
| <tr> <td class="numLine"> 392</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * to acquire the salt from {@link #getSalt(AuthenticationToken) getSalt(AuthenticationToken)}. See the class-level</span></pre></td></tr> |
| <tr> <td class="numLine"> 393</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * JavaDoc for why this is not recommended. This 'fallback' logic exists only for backwards-compatibility.</span></pre></td></tr> |
| <tr> <td class="numLine"> 394</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@code Realm}s should be updated as soon as possible to return {@code SaltedAuthenticationInfo} instances</span></pre></td></tr> |
| <tr> <td class="numLine"> 395</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * if account credentials salting is enabled (highly recommended for password-based systems).</span></pre></td></tr> |
| <tr> <td class="numLine"> 396</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 397</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param token the submitted authentication token from which its credentials will be hashed</span></pre></td></tr> |
| <tr> <td class="numLine"> 398</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param info the stored account data, potentially used to acquire a salt</span></pre></td></tr> |
| <tr> <td class="numLine"> 399</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the token credentials hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 400</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 401</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 402</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> Object hashProvidedCredentials(AuthenticationToken token, AuthenticationInfo info) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 403</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> Object salt = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 404</td> <td class="nbHitsCovered"><a title="Line 404: Conditional coverage 100% (2/2)."> 20</a></td> <td class="src"><pre class="src"> <a title="Line 404: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (info <span class="keyword">instanceof</span> SaltedAuthenticationInfo) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 405</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> salt = ((SaltedAuthenticationInfo) info).getCredentialsSalt();</pre></td></tr> |
| <tr> <td class="numLine"> 406</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> } <span class="keyword">else</span> {</pre></td></tr> |
| <tr> <td class="numLine"> 407</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//retain 1.0 backwards compatibility:</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 408</td> <td class="nbHitsCovered"><a title="Line 408: Conditional coverage 100% (2/2)."> 2</a></td> <td class="src"><pre class="src"> <a title="Line 408: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (isHashSalted()) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 409</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> salt = getSalt(token);</pre></td></tr> |
| <tr> <td class="numLine"> 410</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 411</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 412</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">return</span> hashProvidedCredentials(token.getCredentials(), salt, getHashIterations());</pre></td></tr> |
| <tr> <td class="numLine"> 413</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 414</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 415</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 416</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns the {@link #getHashAlgorithmName() hashAlgorithmName} property, but will throw an</span></pre></td></tr> |
| <tr> <td class="numLine"> 417</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link IllegalStateException} if it has not been set.</span></pre></td></tr> |
| <tr> <td class="numLine"> 418</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 419</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the required {@link #getHashAlgorithmName() hashAlgorithmName} property</span></pre></td></tr> |
| <tr> <td class="numLine"> 420</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @throws IllegalStateException if the property has not been set prior to calling this method.</span></pre></td></tr> |
| <tr> <td class="numLine"> 421</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @since 1.1</span></pre></td></tr> |
| <tr> <td class="numLine"> 422</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 423</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> String assertHashAlgorithmName() <span class="keyword">throws</span> IllegalStateException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 424</td> <td class="nbHitsCovered"> 40</td> <td class="src"><pre class="src"> String hashAlgorithmName = getHashAlgorithmName();</pre></td></tr> |
| <tr> <td class="numLineCover"> 425</td> <td class="nbHitsUncovered"><a title="Line 425: Conditional coverage 50% (1/2)."> 40</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 425: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (hashAlgorithmName == <span class="keyword">null</span>) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 426</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> String msg = <span class="string">"Required 'hashAlgorithmName' property has not been set. This is required to execute "</span> +</span></pre></td></tr> |
| <tr> <td class="numLine"> 427</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="string">"the hashing algorithm."</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 428</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">throw</span> <span class="keyword">new</span> IllegalStateException(msg);</span></pre></td></tr> |
| <tr> <td class="numLine"> 429</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 430</td> <td class="nbHitsCovered"> 40</td> <td class="src"><pre class="src"> <span class="keyword">return</span> hashAlgorithmName;</pre></td></tr> |
| <tr> <td class="numLine"> 431</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 432</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 433</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 434</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Hashes the provided credentials a total of {@code hashIterations} times, using the given salt. The hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 435</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * implementation/algorithm used is based on the {@link #getHashAlgorithmName() hashAlgorithmName} property.</span></pre></td></tr> |
| <tr> <td class="numLine"> 436</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 437</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param credentials the submitted authentication token's credentials to hash</span></pre></td></tr> |
| <tr> <td class="numLine"> 438</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param salt the value to salt the hash, or {@code null} if a salt will not be used.</span></pre></td></tr> |
| <tr> <td class="numLine"> 439</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param hashIterations the number of times to hash the credentials. At least one hash will always occur though,</span></pre></td></tr> |
| <tr> <td class="numLine"> 440</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * even if this argument is 0 or negative.</span></pre></td></tr> |
| <tr> <td class="numLine"> 441</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the hashed value of the provided credentials, according to the specified salt and hash iterations.</span></pre></td></tr> |
| <tr> <td class="numLine"> 442</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 443</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> Hash hashProvidedCredentials(Object credentials, Object salt, <span class="keyword">int</span> hashIterations) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 444</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> String hashAlgorithmName = assertHashAlgorithmName();</pre></td></tr> |
| <tr> <td class="numLineCover"> 445</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">new</span> SimpleHash(hashAlgorithmName, credentials, salt, hashIterations);</pre></td></tr> |
| <tr> <td class="numLine"> 446</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 447</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 448</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 449</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Returns a new, <em>uninitialized</em> instance, without its byte array set. Used as a utility method in the</span></pre></td></tr> |
| <tr> <td class="numLine"> 450</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * {@link SimpleCredentialsMatcher#getCredentials(org.apache.shiro.authc.AuthenticationInfo) getCredentials(AuthenticationInfo)} implementation.</span></pre></td></tr> |
| <tr> <td class="numLine"> 451</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 452</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return a new, <em>uninitialized</em> instance, without its byte array set.</span></pre></td></tr> |
| <tr> <td class="numLine"> 453</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 454</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">protected</span> AbstractHash newHashInstance() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 455</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> String hashAlgorithmName = assertHashAlgorithmName();</pre></td></tr> |
| <tr> <td class="numLineCover"> 456</td> <td class="nbHitsCovered"> 20</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">new</span> SimpleHash(hashAlgorithmName);</pre></td></tr> |
| <tr> <td class="numLine"> 457</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 458</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 459</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| </table> |
| |
| <div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1 on 3/4/16 6:04 PM.</div> |
| </body> |
| </html> |
