Examples of org.apache.shiro.crypto.hash.Sha1Hash

• org.apache.shiro.crypto.hash.Sha1Hash
  Generates an SHA-1 Hash (Secure Hash Standard, NIST FIPS 180-1) from a given input source with an optional salt and hash iterations.

  See the {@link AbstractHash AbstractHash} parent class JavaDoc for a detailed explanation of Hashingtechniques and how the overloaded constructors function. @author Les Hazlewood @since 0.9

     * Creates a new <em>uninitialized</em> {@link Sha1Hash Sha1Hash} instance, without it's byte array set.
     *
     * @return a new <em>uninitialized</em> {@link Sha1Hash Sha1Hash} instance, without it's byte array set.
     */
    protected AbstractHash newHashInstance() {
        return new Sha1Hash();
    }

    /**
     * This implementation merely returns
     * <code>new {@link Sha1Hash#Sha1Hash(Object, Object, int) Sha1Hash(credentials,salt,hashIterations)}</code>.
     */
    protected Hash hashProvidedCredentials(Object credentials, Object salt, int hashIterations) {
        return new Sha1Hash(credentials, salt, hashIterations);
    }

    public Class<? extends HashedCredentialsMatcher> getMatcherClass() {
        return Sha1CredentialsMatcher.class;
    }

    public AbstractHash hash(Object credentials) {
        return new Sha1Hash(credentials);
    }

    public Class<? extends HashedCredentialsMatcher> getMatcherClass() {
        return Sha1CredentialsMatcher.class;
    }

    public AbstractHash hash(Object credentials) {
        return new Sha1Hash(credentials);
    }

        //use SHA-1 hashing in this test:
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);

        //simulate a user account with a SHA-1 hashed and salted password:
        ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
        Object hashedPassword = new Sha1Hash("password", salt);
        SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName");

        //simulate a username/password (plaintext) token created in response to a login attempt:
        AuthenticationToken token = new UsernamePasswordToken("username", "password");

        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);

        //simulate an account with SHA-1 hashed password (no salt)
        final String username = "username";
        final String password = "password";
        final Object hashedPassword = new Sha1Hash(password).getBytes();
        AuthenticationInfo account = new AuthenticationInfo() {
            public PrincipalCollection getPrincipals() {
                return new SimplePrincipalCollection(username, "realmName");
            }

        //simulate an account with SHA-1 hashed password, using the username as the salt
        //(BAD IDEA, but backwards-compatible):
        final String username = "username";
        final String password = "password";
        final Object hashedPassword = new Sha1Hash(password, username).getBytes();
        AuthenticationInfo account = new AuthenticationInfo() {
            public PrincipalCollection getPrincipals() {
                return new SimplePrincipalCollection(username, "realmName");
            }

     * hashCode expire time limit, 1 hour
     */
    public static final int HASH_EXPIRE_TIME_MILLISEC = 3600*1000;

    public static String generateResetHash(String loginId) {
        return new Sha1Hash(loginId, new SecureRandomNumberGenerator().nextBytes(), 1).toHex();
    }