Add secure mode hash method

Dan Richelson · Dan Richelson · commit 5c6220823656 · 2016-08-03T11:37:01.000-07:00
diff --git a/src/main/java/com/launchdarkly/client/LDClient.java b/src/main/java/com/launchdarkly/client/LDClient.java
@@ -4,13 +4,19 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonPrimitive;
+import org.apache.commons.codec.binary.Hex;
 import org.apache.http.annotation.ThreadSafe;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.Closeable;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.net.URL;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.Future;
@@ -26,11 +32,14 @@
 @ThreadSafe
 public class LDClient implements Closeable {
   private static final Logger logger = LoggerFactory.getLogger(LDClient.class);
+  private static final String HMAC_ALGORITHM = "HmacSHA256";
+  protected static final String CLIENT_VERSION = getClientVersion();
+
   private final LDConfig config;
+  private final String apiKey;
   private final FeatureRequestor requestor;
   private final EventProcessor eventProcessor;
   private UpdateProcessor updateProcessor;
-  protected static final String CLIENT_VERSION = getClientVersion();
 
   /**
    * Creates a new client instance that connects to LaunchDarkly with the default configuration. In most
@@ -51,6 +60,7 @@ public LDClient(String apiKey) {
    */
   public LDClient(String apiKey, LDConfig config) {
     this.config = config;
+    this.apiKey = apiKey;
     this.requestor = createFeatureRequestor(apiKey, config);
     this.eventProcessor = createEventProcessor(apiKey, config);
 
@@ -368,6 +378,25 @@ public boolean isOffline() {
     return config.offline;
   }
 
+  /**
+   * For more info: <a href=https://github.com/launchdarkly/js-client#secure-mode>https://github.com/launchdarkly/js-client#secure-mode</a>
+   * @param user The User to be hashed along with the api key
+   * @return the hash, or null if the hash could not be calculated.
+     */
+  public String secureModeHash(LDUser user) {
+    if (user == null || user.getKeyAsString().isEmpty()) {
+      return null;
+    }
+    try {
+      Mac mac = Mac.getInstance(HMAC_ALGORITHM);
+      mac.init(new SecretKeySpec(apiKey.getBytes(), HMAC_ALGORITHM));
+      return Hex.encodeHexString(mac.doFinal(user.getKeyAsString().getBytes("UTF8")));
+    } catch (InvalidKeyException | UnsupportedEncodingException | NoSuchAlgorithmException e) {
+      logger.error("Could not generate secure mode hash", e);
+    }
+    return null;
+  }
+
   private static String getClientVersion() {
     Class clazz = LDConfig.class;
     String className = clazz.getSimpleName() + ".class";
diff --git a/src/test/java/com/launchdarkly/client/LDClientTest.java b/src/test/java/com/launchdarkly/client/LDClientTest.java
@@ -341,6 +341,16 @@ public void testPollingWait() throws Exception {
     verifyAll();
   }
 
+  @Test
+  public void testSecureModeHash() {
+    LDConfig config = new LDConfig.Builder()
+            .offline(true)
+            .build();
+    LDClient client = new LDClient("secret", config);
+    LDUser user = new LDUser.Builder("Message").build();
+    assertEquals("aa747c502a898200f9e4fa21bac68136f886a0e27aec70ba06daf2e2a5cb5597", client.secureModeHash(user));
+  }
+
   private void assertDefaultValueIsReturned() {
     boolean result = client.boolVariation("test", new LDUser("test.key"), true);
     assertEquals(true, result);
