Package com.nimbusds.oauth2.sdk.auth
Class Secret
java.lang.Object
com.nimbusds.oauth2.sdk.auth.Secret
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
CodeVerifier
Secret. The secret value should be
erased
when no longer in
use.- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
The default byte length of generated secrets. -
Constructor Summary
ConstructorsConstructorDescriptionSecret()
Generates a new secret with a cryptographic 256-bit (32-byte) random value, Base64URL-encoded.Secret
(int byteLength) Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded.Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded, and the specified expiration date.Creates a new secret with the specified value.Creates a new secret with the specified value and expiration date. -
Method Summary
Modifier and TypeMethodDescriptionboolean
Comparison with another secret is constant time, based on the secrets'SHA-256 hashes
.boolean
equalsSHA256Based
(Secret other) Deprecated.void
erase()
Erases of the value of this secret.boolean
expired()
Checks is this secret has expired.Gets the expiration date of this secret.byte[]
Gets the SHA-256 hash of this secret.getValue()
Gets the value of this secret.byte[]
Gets the value of this secret.int
hashCode()
-
Field Details
-
DEFAULT_BYTE_LENGTH
The default byte length of generated secrets.- See Also:
-
-
Constructor Details
-
Secret
Creates a new secret with the specified value.- Parameters:
value
- The secret value. May be an empty string. Must be UTF-8 encoded and notnull
.
-
Secret
Creates a new secret with the specified value and expiration date.- Parameters:
value
- The secret value. May be an empty string. Must be UTF-8 encoded and notnull
.expDate
- The expiration date,null
if not specified.
-
Secret
Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded.- Parameters:
byteLength
- The byte length of the secret value to generate. Must be greater than one.
-
Secret
Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded, and the specified expiration date.- Parameters:
byteLength
- The byte length of the secret value to generate. Must be greater than one.expDate
- The expiration date,null
if not specified.
-
Secret
public Secret()Generates a new secret with a cryptographic 256-bit (32-byte) random value, Base64URL-encoded.
-
-
Method Details
-
getValue
Gets the value of this secret.- Returns:
- The value as a UTF-8 encoded string,
null
if it has been erased.
-
getValueBytes
Gets the value of this secret.- Returns:
- The value as a byte array,
null
if it has been erased.
-
getSHA256
Gets the SHA-256 hash of this secret.- Returns:
- The SHA-256 hash,
null
if the secret value has been erased.
-
erase
Erases of the value of this secret. -
getExpirationDate
Gets the expiration date of this secret.- Returns:
- The expiration date,
null
if not specified.
-
expired
Checks is this secret has expired.- Returns:
true
if the secret has an associated expiration date which is in the past (according to the current system time), else returnsfalse
.
-
equalsSHA256Based
Deprecated.Constant time comparison of the SHA-256 hashes of this and another secret.- Parameters:
other
- The other secret. May benull
.- Returns:
true
if the SHA-256 hashes of the two secrets are equal,false
if the hashes don't match or the secret values areerased
.
-
equals
Comparison with another secret is constant time, based on the secrets'SHA-256 hashes
. -
hashCode
-