All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.helidon.security.spi.DigestProvider Maven / Gradle / Ivy

There is a newer version: 4.1.4
Show newest version
/*
 * Copyright (c) 2021 Oracle and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package io.helidon.security.spi;

import io.helidon.common.reactive.Single;
import io.helidon.config.Config;

/**
 * Provider that can create digests of bytes, and then verify them.
 * The digest may be a signature, HMAC or similar.
 *
 * @param  type of the custom configuration object
 * @see io.helidon.security.Security#digest(String, byte[])
 * @see io.helidon.security.Security#verifyDigest(String, byte[], String)
 */
public interface DigestProvider extends SecurityProvider {
    /**
     * Create digest support from configuration.
     *
     * @param config config located on the node of the specific digest {@code config} node
     * @return digest support to digest/verify
     */
    DigestSupport digest(Config config);

    /**
     * Create digest support from configuration object.
     *
     * @param providerConfig configuring a specific digest
     * @return digest support to digest/verify
     */
    DigestSupport digest(T providerConfig);

    /**
     * Function to generate a digest from bytes.
     */
    @FunctionalInterface
    interface DigestFunction {
        /**
         * Create digest.
         *
         * @param data data to digest
         * @param preHashed whether the data is already a hash ({@code true}), or the raw data ({@code false})
         * @return future with the digest string (signature, HMAC)
         */
        Single apply(byte[] data, Boolean preHashed);
    }

    /**
     * Function to verify a digest string.
     */
    @FunctionalInterface
    interface VerifyFunction {
        /**
         * Verify digest.
         *
         * @param data data that was digested
         * @param preHashed whether the data is already a hash
         * @param digest original digest of the data (signature, HMAC)
         * @return future with the result of verification
         */
        Single apply(byte[] data, Boolean preHashed, String digest);
    }

    /**
     * Digest support created for each named digest configuration, used by {@link io.helidon.security.Security}
     * for {@link io.helidon.security.Security#digest(String, byte[])}
     * and {@link io.helidon.security.Security#verifyDigest(String, byte[], String)} methods.
     */
    class DigestSupport {
        private final DigestFunction digestFunction;
        private final VerifyFunction verifyFunction;

        /**
         * Digest support based on the two functions.
         *
         * @param digestFunction digest function
         * @param verifyFunction verify function
         */
        protected DigestSupport(DigestFunction digestFunction,
                                VerifyFunction verifyFunction) {
            this.digestFunction = digestFunction;
            this.verifyFunction = verifyFunction;
        }

        /**
         * Create a new support based on digest and verify functions.
         *
         * @param digestFunction digest function
         * @param verifyFunction verify function
         * @return new digest support
         */
        public static DigestSupport create(DigestFunction digestFunction,
                                           VerifyFunction verifyFunction) {
            return new DigestSupport(digestFunction, verifyFunction);
        }

        /**
         * Generates a signature or an HMAC.
         * @param bytes bytes to sign
         * @param preHashed whether the bytes are pre-hashed
         * @return future with the digest (signature or HMAC)
         */
        public Single digest(byte[] bytes, boolean preHashed) {
            return digestFunction.apply(bytes, preHashed);
        }

        /**
         * Verifies a signature or an HMAC.
         *
         * @param bytes bytes to verify
         * @param preHashed whether the bytes are pre-hashed
         * @param digest digest obtained from a third-part
         * @return future with {@code true} if the digest is valid, {@code false} if not valid, and an error if not
         *  a supported digest
         */
        public Single verify(byte[] bytes, boolean preHashed, String digest) {
            return verifyFunction.apply(bytes, preHashed, digest);
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy