/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.util.security;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.Queue;
import java.util.concurrent.ConcurrentLinkedQueue;
import org.apache.tomcat.util.res.StringManager;
A thread safe wrapper around MessageDigest
that does not make use of ThreadLocal and - broadly - only creates enough MessageDigest objects to satisfy the concurrency requirements. /**
* A thread safe wrapper around {@link MessageDigest} that does not make use
* of ThreadLocal and - broadly - only creates enough MessageDigest objects
* to satisfy the concurrency requirements.
*/
public class ConcurrentMessageDigest {
private static final StringManager sm = StringManager.getManager(ConcurrentMessageDigest.class);
private static final String MD5 = "MD5";
private static final String SHA1 = "SHA-1";
private static final Map<String,Queue<MessageDigest>> queues =
new HashMap<>();
private ConcurrentMessageDigest() {
// Hide default constructor for this utility class
}
static {
try {
// Init commonly used algorithms
init(MD5);
init(SHA1);
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException(sm.getString("concurrentMessageDigest.noDigest"), e);
}
}
public static byte[] digestMD5(byte[]... input) {
return digest(MD5, input);
}
public static byte[] digestSHA1(byte[]... input) {
return digest(SHA1, input);
}
public static byte[] digest(String algorithm, byte[]... input) {
return digest(algorithm, 1, input);
}
public static byte[] digest(String algorithm, int iterations, byte[]... input) {
Queue<MessageDigest> queue = queues.get(algorithm);
if (queue == null) {
throw new IllegalStateException(sm.getString("concurrentMessageDigest.noDigest"));
}
MessageDigest md = queue.poll();
if (md == null) {
try {
md = MessageDigest.getInstance(algorithm);
} catch (NoSuchAlgorithmException e) {
// Ignore. Impossible if init() has been successfully called
// first.
throw new IllegalStateException(sm.getString("concurrentMessageDigest.noDigest"), e);
}
}
// Round 1
for (byte[] bytes : input) {
md.update(bytes);
}
byte[] result = md.digest();
// Subsequent rounds
if (iterations > 1) {
for (int i = 1; i < iterations; i++) {
md.update(result);
result = md.digest();
}
}
queue.add(md);
return result;
}
Ensures that digest(String, byte[][])
will support the specified algorithm. This method must be called and return successfully before using digest(String, byte[][])
. Params: - algorithm – The message digest algorithm to be supported
Throws: - NoSuchAlgorithmException – If the algorithm is not supported by the
JVM
/**
* Ensures that {@link #digest(String, byte[][])} will support the specified
* algorithm. This method <b>must</b> be called and return successfully
* before using {@link #digest(String, byte[][])}.
*
* @param algorithm The message digest algorithm to be supported
*
* @throws NoSuchAlgorithmException If the algorithm is not supported by the
* JVM
*/
public static void init(String algorithm) throws NoSuchAlgorithmException {
synchronized (queues) {
if (!queues.containsKey(algorithm)) {
MessageDigest md = MessageDigest.getInstance(algorithm);
Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
queue.add(md);
queues.put(algorithm, queue);
}
}
}
}