public class Token extends Object
Copyright © 2017 Carlos Macasaet.
Modifier | Constructor and Description |
---|---|
protected |
Token(byte version,
Instant timestamp,
IvParameterSpec initializationVector,
byte[] cipherText,
byte[] hmac) |
Modifier and Type | Method and Description |
---|---|
protected static Token |
fromBytes(byte[] bytes) |
static Token |
fromString(String string)
Deserialise a Base64 URL Fernet token string.
|
static Token |
generate(Random random,
Key key,
byte[] payload)
Generate a new Fernet token.
|
static Token |
generate(Random random,
Key key,
String plainText)
Convenience method to generate a new Fernet token with a string payload.
|
protected static IvParameterSpec |
generateInitializationVector(Random random) |
protected static byte[] |
generateInitializationVectorBytes(Random random) |
protected byte[] |
getCipherText() |
protected Base64.Encoder |
getEncoder() |
protected byte[] |
getHmac() |
IvParameterSpec |
getInitializationVector() |
Instant |
getTimestamp() |
byte |
getVersion() |
boolean |
isValidSignature(Key key)
Recompute the HMAC signature of the token with the stored shared secret key.
|
String |
serialise() |
String |
toString() |
<T> T |
validateAndDecrypt(Collection<? extends Key> keys,
Validator<T> validator)
Check the validity of this token against a collection of keys.
|
protected byte[] |
validateAndDecrypt(Key key,
Instant earliestValidInstant,
Instant latestValidInstant) |
<T> T |
validateAndDecrypt(Key key,
Validator<T> validator)
Check the validity of this token.
|
void |
writeTo(OutputStream outputStream)
Write the raw bytes of this token to the specified output stream.
|
protected Token(byte version, Instant timestamp, IvParameterSpec initializationVector, byte[] cipherText, byte[] hmac)
protected static Token fromBytes(byte[] bytes) throws IllegalTokenException
IllegalTokenException
public static Token fromString(String string) throws IllegalTokenException
Key
.string
- the Base 64 URL encoding of a token in the form Version | Timestamp | IV | Ciphertext | HMACIllegalTokenException
- if the input string cannot be a valid token irrespective of key or timestamppublic static Token generate(Random random, Key key, String plainText)
random
- a source of entropy for your applicationkey
- the secret key for encrypting plainText and signing the tokenplainText
- the payload to embed in the tokenpublic static Token generate(Random random, Key key, byte[] payload)
random
- a source of entropy for your applicationkey
- the secret key for encrypting payload and signing the tokenpayload
- the unencrypted data to embed in the tokenpublic <T> T validateAndDecrypt(Key key, Validator<T> validator) throws TokenValidationException
key
- the secret key against which to validate the tokenvalidator
- an object that encapsulates the validation parameters (e.g. TTL)TokenValidationException
- if key was NOT used to generate this tokenpublic <T> T validateAndDecrypt(Collection<? extends Key> keys, Validator<T> validator) throws TokenValidationException
keys
- the active keys which may have been used to generate tokenvalidator
- an object that encapsulates the validation parameters (e.g. TTL)TokenValidationException
- if none of the keys were used to generate this tokenprotected byte[] validateAndDecrypt(Key key, Instant earliestValidInstant, Instant latestValidInstant) throws TokenValidationException
TokenValidationException
public String serialise()
public void writeTo(OutputStream outputStream) throws IOException
outputStream
- the targetIOException
- if data cannot be written to the underlying streampublic byte getVersion()
public Instant getTimestamp()
public IvParameterSpec getInitializationVector()
protected static IvParameterSpec generateInitializationVector(Random random)
protected static byte[] generateInitializationVectorBytes(Random random)
public boolean isValidSignature(Key key)
key
- the shared secret key against which to validate the tokenprotected Base64.Encoder getEncoder()
protected byte[] getCipherText()
protected byte[] getHmac()
Copyright © 2017. All rights reserved.