Class PairwiseSubjectCodec
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
-
- Direct Known Subclasses:
HashBasedPairwiseSubjectCodec,SIVAESBasedPairwiseSubjectCodec
@ThreadSafe public abstract class PairwiseSubjectCodec extends Object
Encoder and decoder of pairwise subject identifiers. The encoder algorithms must be deterministic, to ensure a given set of inputs always produces an identical pairwise subject identifier.Decoding pairwise subject identifiers is optional, and is implemented by algorithms that supported reversal (typically with encryption-based codecs). Hash-based codecs don't support reversal.
Codec implementations thread-safe.
Related specifications:
- OpenID Connect Core 1.0, section 8.1.
-
-
Constructor Summary
Constructors Constructor Description PairwiseSubjectCodec(byte[] salt)Creates a new codec for pairwise subject identifiers.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description Map.Entry<SectorID,Subject>decode(Subject pairwiseSubject)Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject.abstract Subjectencode(SectorID sectorID, Subject localSub)Encodes a new pairwise subject identifier from the specified sector identifier and local subject.Subjectencode(URI sectorURI, Subject localSub)Encodes a new pairwise subject identifier from the specified sector identifier URI and local subject.ProvidergetProvider()Gets the security provider for cryptographic operations.byte[]getSalt()Returns the salt.voidsetProvider(Provider provider)Sets the security provider for cryptographic operations.
-
-
-
Constructor Detail
-
PairwiseSubjectCodec
public PairwiseSubjectCodec(byte[] salt)
Creates a new codec for pairwise subject identifiers.- Parameters:
salt- The salt,nullif not required.
-
-
Method Detail
-
getSalt
public byte[] getSalt()
Returns the salt.- Returns:
- The salt,
nullif not required.
-
getProvider
public Provider getProvider()
Gets the security provider for cryptographic operations.- Returns:
- The security provider,
nullif not specified (implies the default one).
-
setProvider
public void setProvider(Provider provider)
Sets the security provider for cryptographic operations.- Parameters:
provider- The security provider,nullif not specified (implies the default one).
-
encode
public Subject encode(URI sectorURI, Subject localSub)
Encodes a new pairwise subject identifier from the specified sector identifier URI and local subject.- Parameters:
sectorURI- The sector identifier URI. Its scheme should be "https", must include a host portion and must not benull.localSub- The local subject identifier. Must not benull.- Returns:
- The pairwise subject identifier.
-
encode
public abstract Subject encode(SectorID sectorID, Subject localSub)
Encodes a new pairwise subject identifier from the specified sector identifier and local subject.- Parameters:
sectorID- The sector identifier. Must not benull.localSub- The local subject identifier. Must not benull.- Returns:
- The pairwise subject identifier.
-
decode
public Map.Entry<SectorID,Subject> decode(Subject pairwiseSubject) throws InvalidPairwiseSubjectException
Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject. Throws aUnsupportedOperationException. Codecs that support pairwise subject identifier reversal should override this method.- Parameters:
pairwiseSubject- The pairwise subject identifier. Must be valid and notnull.- Returns:
- The matching sector identifier and local subject.
- Throws:
InvalidPairwiseSubjectException- If the pairwise subject is invalid.
-
-