/**
* If hashing is enabled, this method is called from login() prior to password validation.
*
* Subclasses may override it to provide customized password hashing, for example by adding
* user-specific information or salting.
*
* The default version calculates the hash based on the following options:
*
* hashAlgorithm: The digest algorithm to use.
* hashEncoding: The format used to store the hashes (base64 or hex)
* hashCharset: The encoding used to convert the password to bytes
*
* for hashing.
*
* digestCallback: The class name of the digest callback implementation that includes
* pre/post digest content like salts.
*
* It will return null if the hash fails for any reason, which will in turn
* cause validatePassword() to fail.
*
* @param \AppserverIo\Lang\String $name Ignored in default version
* @param \AppserverIo\Lang\String $password The password string to be hashed
*
* @return \AppserverIo\Lang\String The hashed password
* @throws \AppserverIo\Appserver\ServletEngine\Security\SecurityException Is thrown if there is a failure to load the digestCallback
*/
protected function createPasswordHash(string $name, string $password)
{
// initialize the callback
$callback = null;
// query whether or not we've a callback configured
if ($this->params->exists(ParamKeys::DIGEST_CALLBACK)) {
try {
// load the callback class name and create a new callback instance
$callbackClassName = $this->params->get(ParamKeys::DIGEST_CALLBACK);
$callback = new $callbackClassName();
// initialize the callback
$tmp = new HashMap($this->params->toIndexedArray());
$tmp->add(SharedStateKeys::LOGIN_NAME, $name);
$tmp->add(SharedStateKeys::LOGIN_PASSWORD, $password);
$callback->init($tmp);
} catch (\Exception $e) {
throw new SecurityException("Failed to load DigestCallback");
}
}
// hash and return the password
return Util::createPasswordHash($this->hashAlgorithm, $this->hashEncoding, $this->hashCharset, $name, $password, $callback);
}
