Package com.nimbusds.oauth2.sdk.auth

Class Secret

java.lang.Object
com.nimbusds.oauth2.sdk.auth.Secret
All Implemented Interfaces:
Serializable
Direct Known Subclasses:
CodeVerifier
@Immutable public class Secret extends Object implements Serializable
Secret. The secret value should be erased when no longer in use.
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    DEFAULT_BYTE_LENGTH
    The default byte length of generated secrets.

  • Constructor Summary

    Constructors
    Constructor
    Description
    Secret()
    Generates a new secret with a cryptographic 256-bit (32-byte) random value, Base64URL-encoded.
    Secret(int byteLength)
    Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded.
    Secret(int byteLength, Date expDate)
    Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded, and the specified expiration date.
    Secret(String value)
    Creates a new secret with the specified value.
    Secret(String value, Date expDate)
    Creates a new secret with the specified value and expiration date.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object o)
    Comparison with another secret is constant time, based on the secrets' SHA-256 hashes.
    boolean
    equalsSHA256Based(Secret other)
    Deprecated.
    void
    erase()
    Erases of the value of this secret.
    boolean
    expired()
    Checks is this secret has expired.
    Date
    getExpirationDate()
    Gets the expiration date of this secret.
    byte[]
    getSHA256()
    Gets the SHA-256 hash of this secret.
    String
    getValue()
    Gets the value of this secret.
    byte[]
    getValueBytes()
    Gets the value of this secret.
    int
    hashCode()
     

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • Secret

      public Secret(String value)
      Creates a new secret with the specified value.
      Parameters:
      value - The secret value. May be an empty string. Must be UTF-8 encoded and not null.

    • Secret

      public Secret(String value, Date expDate)
      Creates a new secret with the specified value and expiration date.
      Parameters:
      value - The secret value. May be an empty string. Must be UTF-8 encoded and not null.
      expDate - The expiration date, null if not specified.

    • Secret

      public Secret(int byteLength)
      Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded.
      Parameters:
      byteLength - The byte length of the secret value to generate. Must be greater than one.

    • Secret

      public Secret(int byteLength, Date expDate)
      Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded, and the specified expiration date.
      Parameters:
      byteLength - The byte length of the secret value to generate. Must be greater than one.
      expDate - The expiration date, null if not specified.

    • Secret

      public Secret()
      Generates a new secret with a cryptographic 256-bit (32-byte) random value, Base64URL-encoded.

  • Method Details

    • getValue

      public String getValue()
      Gets the value of this secret.
      Returns:
      The value as a UTF-8 encoded string, null if it has been erased.

    • getValueBytes

      public byte[] getValueBytes()
      Gets the value of this secret.
      Returns:
      The value as a byte array, null if it has been erased.

    • getSHA256

      public byte[] getSHA256()
      Gets the SHA-256 hash of this secret.
      Returns:
      The SHA-256 hash, null if the secret value has been erased.

    • erase

      public void erase()
      Erases of the value of this secret.

    • getExpirationDate

      public Date getExpirationDate()
      Gets the expiration date of this secret.
      Returns:
      The expiration date, null if not specified.

    • expired

      public boolean expired()
      Checks is this secret has expired.
      Returns:
      true if the secret has an associated expiration date which is in the past (according to the current system time), else returns false.

    • equalsSHA256Based

      @Deprecated public boolean equalsSHA256Based(Secret other)
      Deprecated.
      Constant time comparison of the SHA-256 hashes of this and another secret.
      Parameters:
      other - The other secret. May be null.
      Returns:
      true if the SHA-256 hashes of the two secrets are equal, false if the hashes don't match or the secret values are erased.

    • equals

      public boolean equals(Object o)
      Comparison with another secret is constant time, based on the secrets' SHA-256 hashes.
      Overrides:
      equals in class Object
      Parameters:
      o - The other object. May be null.
      Returns:
      true if both objects are equal, else false.

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object