Package com.nimbusds.oauth2.sdk.auth
Class Secret
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.auth.Secret
-
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
CodeVerifier
@Immutable public class Secret extends Object implements Serializable
Secret. The secret value should beerased
when no longer in use.- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static int
DEFAULT_BYTE_LENGTH
The default byte length of generated secrets.
-
Constructor Summary
Constructors Constructor Description Secret()
Generates a new secret with a cryptographic 256-bit (32-byte) random value, Base64URL-encoded.Secret(int byteLength)
Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded.Secret(int byteLength, Date expDate)
Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded, and the specified expiration date.Secret(String value)
Creates a new secret with the specified value.Secret(String value, Date expDate)
Creates a new secret with the specified value and expiration date.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(Object o)
Comparison with another secret is constant time.boolean
equalsSHA256Based(Secret other)
Constant time comparison of the SHA-256 hashes of this and another secret.void
erase()
Erases of the value of this secret.boolean
expired()
Checks is this secret has expired.Date
getExpirationDate()
Gets the expiration date of this secret.byte[]
getSHA256()
Gets the SHA-256 hash of this secret.String
getValue()
Gets the value of this secret.byte[]
getValueBytes()
Gets the value of this secret.int
hashCode()
-
-
-
Field Detail
-
DEFAULT_BYTE_LENGTH
public static final int DEFAULT_BYTE_LENGTH
The default byte length of generated secrets.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
Secret
public Secret(String value)
Creates a new secret with the specified value.- Parameters:
value
- The secret value. May be an empty string. Must be UTF-8 encoded and notnull
.
-
Secret
public Secret(String value, Date expDate)
Creates a new secret with the specified value and expiration date.- Parameters:
value
- The secret value. May be an empty string. Must be UTF-8 encoded and notnull
.expDate
- The expiration date,null
if not specified.
-
Secret
public Secret(int byteLength)
Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded.- Parameters:
byteLength
- The byte length of the secret value to generate. Must be greater than one.
-
Secret
public Secret(int byteLength, Date expDate)
Generates a new secret with a cryptographic random value of the specified byte length, Base64URL-encoded, and the specified expiration date.- Parameters:
byteLength
- The byte length of the secret value to generate. Must be greater than one.expDate
- The expiration date,null
if not specified.
-
Secret
public Secret()
Generates a new secret with a cryptographic 256-bit (32-byte) random value, Base64URL-encoded.
-
-
Method Detail
-
getValue
public String getValue()
Gets the value of this secret.- Returns:
- The value as a UTF-8 encoded string,
null
if it has been erased.
-
getValueBytes
public byte[] getValueBytes()
Gets the value of this secret.- Returns:
- The value as a byte array,
null
if it has been erased.
-
getSHA256
public byte[] getSHA256()
Gets the SHA-256 hash of this secret.- Returns:
- The SHA-256 hash,
null
if the secret value has been erased.
-
erase
public void erase()
Erases of the value of this secret.
-
getExpirationDate
public Date getExpirationDate()
Gets the expiration date of this secret.- Returns:
- The expiration date,
null
if not specified.
-
expired
public boolean expired()
Checks is this secret has expired.- Returns:
true
if the secret has an associated expiration date which is in the past (according to the current system time), else returnsfalse
.
-
equalsSHA256Based
public boolean equalsSHA256Based(Secret other)
Constant time comparison of the SHA-256 hashes of this and another secret.- Parameters:
other
- The other secret. May benull
.- Returns:
true
if the SHA-256 hashes of the two secrets are equal, elsefalse
.
-
-