001package com.nimbusds.openid.connect.provider.spi.secrets; 002 003 004import java.util.Date; 005 006import com.nimbusds.oauth2.sdk.auth.Secret; 007 008 009/** 010 * Decoded secret. 011 */ 012public class DecodedSecret extends Secret { 013 014 015 /** 016 * Verifier for hashed secrets. 017 */ 018 private final SecretVerifier verifier; 019 020 021 /** 022 * The encoded (stored) value, {@code null} if not specified. 023 */ 024 private final String encodedValue; 025 026 027 /** 028 * Private constructor. 029 */ 030 private DecodedSecret(final String decodedValue, 031 final Date expDate, 032 final SecretVerifier verifier, 033 final String encodedValue) { 034 super(decodedValue, expDate); 035 this.verifier = verifier; 036 this.encodedValue = encodedValue; 037 } 038 039 040 /** 041 * Returns a new decoded secret with the specified expiration date. 042 * 043 * @param expDate The expiration date, {@code null} if not specified. 044 * 045 * @return The new decoded secret. 046 */ 047 public DecodedSecret withExpiration(final Date expDate) { 048 if (getValue() != null) { 049 return new DecodedSecret(getValue(), expDate, null, encodedValue); 050 } else { 051 DecodedSecret decodedSecret = new DecodedSecret("erase", expDate, verifier, encodedValue); 052 decodedSecret.erase(); 053 return decodedSecret; 054 } 055 } 056 057 058 /** 059 * Returns the encoded (stored) value. 060 * 061 * @return The encoded value, {@code null} if not specified. 062 */ 063 public String getEncodedValue() { 064 return encodedValue; 065 } 066 067 068 /** 069 * Returns a new decoded secret associating the specified encoded 070 * (stored) value with it. 071 * 072 * @param encodedValue The encoded (stored) value, {@code null} if not 073 * specified. 074 * 075 * @return The new decoded secret. 076 */ 077 public DecodedSecret withEncodedValue(final String encodedValue) { 078 079 if (getValue() != null) { 080 return new DecodedSecret(getValue(), getExpirationDate(), null, encodedValue); 081 } else { 082 DecodedSecret decodedSecret = new DecodedSecret("erase", getExpirationDate(), verifier, encodedValue); 083 decodedSecret.erase(); 084 return decodedSecret; 085 } 086 } 087 088 089 @Override 090 public boolean equals(Object o) { 091 092 if (verifier != null && o instanceof Secret) { 093 return verifier.verify((Secret) o); 094 } 095 096 return super.equals(o); 097 } 098 099 100 /** 101 * Creates a new decoded plain secret. 102 * 103 * @param plainValue The plain secret value. Must not be empty or 104 * {@code null}. 105 * 106 * @return The decoded secret. 107 */ 108 public static DecodedSecret createForPlainSecret(final String plainValue) { 109 110 if (plainValue == null || plainValue.trim().isEmpty()) { 111 throw new IllegalArgumentException("The plain secret value must not be null or empty"); 112 } 113 114 return new DecodedSecret(plainValue, null, null, null); 115 } 116 117 118 /** 119 * Creates a new decoded hashed secret. 120 * 121 * @param verifier Verifier to check secrets against the hash. Must not 122 * be {@code null}. 123 * 124 * @return The decoded secret. 125 */ 126 public static DecodedSecret createForHashedSecret(final SecretVerifier verifier) { 127 128 if (verifier == null) { 129 throw new IllegalArgumentException("The secret verifier must not be null"); 130 } 131 132 DecodedSecret decodedSecret = new DecodedSecret("erase", null, verifier, null); 133 decodedSecret.erase(); 134 return decodedSecret; 135 } 136}