/*

  * Licensed to the Apache Software Foundation (ASF) under one

  * or more contributor license agreements.  See the NOTICE file

  * distributed with this work for additional information

  * regarding copyright ownership.  The ASF licenses this file

  * to you under the Apache License, Version 2.0 (the

  * "License"); you may not use this file except in compliance

  * with the License.  You may obtain a copy of the License at

  *

  * http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing,

  * software distributed under the License is distributed on an

  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  * KIND, either express or implied.  See the License for the

  * specific language governing permissions and limitations

  * under the License.

  */

 package org.apache.shiro.crypto.hash;

 /**

  * A {@code HashService} hashes input sources utilizing a particular hashing strategy.

  * <p/>

  * A {@code HashService} sits at a higher architectural level than Shiro's simple {@link Hash} classes:  it allows

  * for salting and iteration-related strategies to be configured and internalized in a

  * single component that can be re-used in multiple places in the application.

  * <p/>

  * For example, for the most secure hashes, it is highly recommended to use a randomly generated salt, potentially

  * paired with an configuration-specific private salt, in addition to using multiple hash iterations.

  * <p/>

  * While one can do this easily enough using Shiro's {@link Hash} implementations directly, this direct approach could

  * quickly lead to copy-and-paste behavior.  For example, consider this logic which might need to repeated in an

  * application:

  * <pre>

  * int numHashIterations = ...

  * ByteSource privateSalt = ...

  * ByteSource randomSalt = {@link org.apache.shiro.crypto.RandomNumberGenerator randomNumberGenerator}.nextBytes();

  * ByteSource combined = combine(privateSalt, randomSalt);

  * Hash hash = Sha512Hash(source, combined, numHashIterations);

  * save(hash);

  * </pre>

  * In this example, often only the input source will change during runtime, while the hashing strategy (how salts

  * are generated or acquired, how many hash iterations will be performed, etc) usually remain consistent.  A HashService

  * internalizes this logic so the above becomes simply this:

  * <pre>

  * HashRequest request = new HashRequest.Builder().source(source).build();

  * Hash result = hashService.hash(request);

  * save(result);

  * </pre>

  *

  * @since 1.2

  */

 public interface HashService {

     /**

      * Computes a hash based on the given request.

      *

      * <h3>Salt Notice</h3>

      *

      * If a salt accompanies the return value

      * (i.e. <code>returnedHash.{@link org.apache.shiro.crypto.hash.Hash#getSalt() getSalt()} != null</code>), this

      * same exact salt <b><em>MUST</em></b> be presented back to the {@code HashService} if hash

      * comparison/verification will be performed at a later time (for example, for password hash or file checksum

      * comparison).

      * <p/>

      * For additional security, the {@code HashService}'s internal implementation may use more complex salting

      * strategies than what would be achieved by computing a {@code Hash} manually.

      * <p/>

      * In summary, if a {@link HashService} returns a salt in a returned Hash, it is expected that the same salt

      * will be provided to the same {@code HashService} instance.

      *

      * @param request the request to process

      * @return the hashed data

      * @see Hash#getSalt()

      */

     Hash computeHash(HashRequest request);

 }