Package com.nimbusds.common.id

Interface IdentifierWithHMACGenerator<T>

All Known Implementing Classes:
AbstractIdentifierWithHMACGenerator
@ThreadSafe public interface IdentifierWithHMACGenerator<T>
Generator of secure random identifiers protected with a Hash-based (SHA-256) Message Authentication Code (MAC).

Implementations must be thread-safe.

  • Method Summary

    Modifier and Type
    Method
    Description
    T
    applyHMAC(com.nimbusds.jose.util.Base64URL value)
    Applies HMAC protection to the specified identifier value.
    com.nimbusds.jose.util.Base64URL
    extractValue(T identifier)
    Extracts the raw value from the specified HMAC protected identifier (to be used as a key in database queries, etc).
    T
    generate()
    Generates a new secure random identifier with HMAC protection.
    com.nimbusds.jose.util.Base64URL
    validateAndExtractValue(T identifier)
    Checks the HMAC of the specified identifier and returns its raw value (to be used as a key in database queries, etc).

  • Method Details

    • generate

      T generate()
      Generates a new secure random identifier with HMAC protection. The identifier must be of sufficient length and randomness to prevent collision with other existing identifiers.
      Returns:
      The identifier, with HMAC protection.

    • applyHMAC

      T applyHMAC(com.nimbusds.jose.util.Base64URL value)
      Applies HMAC protection to the specified identifier value.
      Parameters:
      value - The identifier value, BASE64-URL encoded. Must not be empty or null.
      Returns:
      The identifier with HMAC protection.

    • extractValue

      com.nimbusds.jose.util.Base64URL extractValue(T identifier)
      Extracts the raw value from the specified HMAC protected identifier (to be used as a key in database queries, etc). The HMAC is not checked!
      Parameters:
      identifier - The identifier with HMAC protection. Must not be null.
      Returns:
      The raw identifier value, BASE64-URL encoded.

    • validateAndExtractValue

      com.nimbusds.jose.util.Base64URL validateAndExtractValue(T identifier) throws InvalidIdentifierException
      Checks the HMAC of the specified identifier and returns its raw value (to be used as a key in database queries, etc).
      Parameters:
      identifier - The identifier with HMAC protection. Must not be null.
      Returns:
      The raw identifier value, BASE64-URL encoded.
      Throws:
      InvalidIdentifierException - If the identifier format is illegal or didn't pass the HMAC check.