001package com.nimbusds.openid.connect.provider.spi.secrets;
002
003
004import com.nimbusds.oauth2.sdk.auth.Secret;
005
006
007/**
008 * Decoded secret.
009 */
010public class DecodedSecret extends Secret {
011        
012        
013        /**
014         * Verifier for hashed secrets.
015         */
016        private final SecretVerifier verifier;
017        
018        
019        /**
020         * The encoded (stored) value, {@code null} if not specified.
021         */
022        private final String encodedValue;
023        
024        
025        /**
026         * Private constructor.
027         */
028        private DecodedSecret(final String decodedValue,
029                              final SecretVerifier verifier,
030                              final String encodedValue) {
031                super(decodedValue);
032                this.verifier = verifier;
033                this.encodedValue = encodedValue;
034        }
035        
036        
037        /**
038         * Returns the encoded (stored) value.
039         *
040         * @return The encoded value, {@code null} if not specified.
041         */
042        public String getEncodedValue() {
043                return encodedValue;
044        }
045        
046        
047        /**
048         * Returns a new decoded secret associating the specified encoded
049         * (stored) value with it.
050         *
051         * @param encodedValue The encoded (stored) value, {@code null} if not
052         *                     specified.
053         *
054         * @return The new decoded secret.
055         */
056        public DecodedSecret withEncodedValue(final String encodedValue) {
057        
058                if (getValue() != null) {
059                        return new DecodedSecret(getValue(), null, encodedValue);
060                } else {
061                        DecodedSecret decodedSecret = new DecodedSecret("erase", verifier, encodedValue);
062                        decodedSecret.erase();
063                        return decodedSecret;
064                }
065        }
066        
067        
068        @Override
069        public boolean equals(Object o) {
070                
071                if (verifier != null && o instanceof Secret) {
072                        return verifier.verify((Secret) o);
073                }
074                
075                return super.equals(o);
076        }
077        
078        
079        /**
080         * Creates a new decoded plain secret.
081         *
082         * @param plainValue The plain secret value. Must not be empty or
083         *                   {@code null}.
084         *
085         * @return The decoded secret.
086         */
087        public static DecodedSecret createForPlainSecret(final String plainValue) {
088                
089                if (plainValue == null || plainValue.trim().isEmpty()) {
090                        throw new IllegalArgumentException("The plain secret value must not be null or empty");
091                }
092                
093                return new DecodedSecret(plainValue, null, null);
094        }
095        
096        
097        /**
098         * Creates a new decoded hashed secret.
099         *
100         * @param verifier Verifier to check secrets against the hash. Must not
101         *                 be {@code null}.
102         *
103         * @return The decoded secret.
104         */
105        public static DecodedSecret createForHashedSecret(final SecretVerifier verifier) {
106                
107                if (verifier == null) {
108                        throw new IllegalArgumentException("The secret verifier must not be null");
109                }
110                
111                DecodedSecret decodedSecret = new DecodedSecret("erase", verifier, null);
112                decodedSecret.erase();
113                return decodedSecret;
114        }
115}