Class PairwiseSubjectCodec
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
-
- Direct Known Subclasses:
HashBasedPairwiseSubjectCodec
,SIVAESBasedPairwiseSubjectCodec
@ThreadSafe public abstract class PairwiseSubjectCodec extends Object
Encoder and decoder of pairwise subject identifiers. The encoder algorithms must be deterministic, to ensure a given set of inputs always produces an identical pairwise subject identifier.Decoding pairwise subject identifiers is optional, and is implemented by algorithms that supported reversal (typically with encryption-based codecs). Hash-based codecs don't support reversal.
Codec implementations thread-safe.
Related specifications:
- OpenID Connect Core 1.0, section 8.1.
-
-
Constructor Summary
Constructors Constructor Description PairwiseSubjectCodec(byte[] salt)
Creates a new codec for pairwise subject identifiers.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description Map.Entry<SectorID,Subject>
decode(Subject pairwiseSubject)
Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject.abstract Subject
encode(SectorID sectorID, Subject localSub)
Encodes a new pairwise subject identifier from the specified sector identifier and local subject.Subject
encode(URI sectorURI, Subject localSub)
Encodes a new pairwise subject identifier from the specified sector identifier URI and local subject.Provider
getProvider()
Gets the security provider for cryptographic operations.byte[]
getSalt()
Returns the salt.void
setProvider(Provider provider)
Sets the security provider for cryptographic operations.
-
-
-
Constructor Detail
-
PairwiseSubjectCodec
public PairwiseSubjectCodec(byte[] salt)
Creates a new codec for pairwise subject identifiers.- Parameters:
salt
- The salt,null
if not required.
-
-
Method Detail
-
getSalt
public byte[] getSalt()
Returns the salt.- Returns:
- The salt,
null
if not required.
-
getProvider
public Provider getProvider()
Gets the security provider for cryptographic operations.- Returns:
- The security provider,
null
if not specified (implies the default one).
-
setProvider
public void setProvider(Provider provider)
Sets the security provider for cryptographic operations.- Parameters:
provider
- The security provider,null
if not specified (implies the default one).
-
encode
public Subject encode(URI sectorURI, Subject localSub)
Encodes a new pairwise subject identifier from the specified sector identifier URI and local subject.- Parameters:
sectorURI
- The sector identifier URI. Its scheme should be "https", must include a host portion and must not benull
.localSub
- The local subject identifier. Must not benull
.- Returns:
- The pairwise subject identifier.
-
encode
public abstract Subject encode(SectorID sectorID, Subject localSub)
Encodes a new pairwise subject identifier from the specified sector identifier and local subject.- Parameters:
sectorID
- The sector identifier. Must not benull
.localSub
- The local subject identifier. Must not benull
.- Returns:
- The pairwise subject identifier.
-
decode
public Map.Entry<SectorID,Subject> decode(Subject pairwiseSubject) throws InvalidPairwiseSubjectException
Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject. Throws aUnsupportedOperationException
. Codecs that support pairwise subject identifier reversal should override this method.- Parameters:
pairwiseSubject
- The pairwise subject identifier. Must be valid and notnull
.- Returns:
- The matching sector identifier and local subject.
- Throws:
InvalidPairwiseSubjectException
- If the pairwise subject is invalid.
-
-