java.lang.Object
- com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
- - com.nimbusds.openid.connect.sdk.id.SIVAESBasedPairwiseSubjectCodec

```
@ThreadSafe
public class SIVAESBasedPairwiseSubjectCodec
extends PairwiseSubjectCodec
```
SIV AES - based encoder / decoder of pairwise subject identifiers. Requires a 256, 384, or 512-bit secret key. Reversal is supported.
The plain text is formatted as follows ('|' as delimiter):
```
 sector_id|local_sub
 
```
The encoder can be configured to pad the local subject up to a certain string length, typically the maximum expected length of the local subject identifiers, to ensure the output pairwise subject identifiers are output with a length that is uniform and doesn't vary with the local subject identifier length. This is intended as an additional measure against leaking end-user information and hence correlation. Note that local subjects that are longer than the configured length will appear as proportionally longer pairwise identifiers.
Pad local subjects that are shorter than 50 characters in length:
```
 new SIVAESBasedPairwiseSubjectCodec(secretKey, 50);
 
```
Related specifications:
- Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES) (RFC 5297).
- OpenID Connect Core 1.0, section 8.1.

Field Summary
- Fields inherited from class com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
  CHARSET

Constructor Summary

Constructors
Constructor	Description
`SIVAESBasedPairwiseSubjectCodec(SecretKey secretKey)`	Creates a new SIV AES - based codec for pairwise subject identifiers.
`SIVAESBasedPairwiseSubjectCodec(SecretKey secretKey, int padSubjectToLength)`	Creates a new SIV AES - based codec for pairwise subject identifiers.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`Map.Entry<SectorID,Subject>`	`decode(Subject pairwiseSubject)`	Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject.
`Subject`	`encode(SectorID sectorID, Subject localSub)`	Encodes a new pairwise subject identifier from the specified sector identifier and local subject.
`int`	`getPadSubjectToLength()`	Returns the optional padded string length of local subjects.
`SecretKey`	`getSecretKey()`	Returns the secret key.

Methods inherited from class com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
encode, getProvider, getSalt, setProvider

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SIVAESBasedPairwiseSubjectCodec
```
public SIVAESBasedPairwiseSubjectCodec(SecretKey secretKey)
```
    Creates a new SIV AES - based codec for pairwise subject identifiers. Local subjects are not padded up to a certain length.
    
    Parameters:
    
    secretKey - A 256, 384, or 512-bit secret key. Must not be null.
  - SIVAESBasedPairwiseSubjectCodec
```
public SIVAESBasedPairwiseSubjectCodec(SecretKey secretKey,
                                       int padSubjectToLength)
```
    Creates a new SIV AES - based codec for pairwise subject identifiers.
    
    Parameters:
    
    secretKey - A 256, 384, or 512-bit secret key. Must not be null.
    
    padSubjectToLength - Pads the local subject to the specified length, -1 (negative integer) for no padding.
- Method Detail
  - getSecretKey
```
public SecretKey getSecretKey()
```
    Returns the secret key.
    
    Returns:
    
    The key.
  - getPadSubjectToLength
```
public int getPadSubjectToLength()
```
    Returns the optional padded string length of local subjects.
    
    Returns:
    
    The padding string length, -1 (negative integer) for no padding.
  - encode
```
public Subject encode(SectorID sectorID,
                      Subject localSub)
```
    Description copied from class: PairwiseSubjectCodec
    
    Encodes a new pairwise subject identifier from the specified sector identifier and local subject.
    
    Specified by:
    
    encode in class PairwiseSubjectCodec
    
    Parameters:
    
    sectorID - The sector identifier. Must not be null.
    
    localSub - The local subject identifier. Must not be null.
    
    Returns:
    
    The pairwise subject identifier.
  - decode
```
public Map.Entry<SectorID,Subject> decode(Subject pairwiseSubject)
                                         throws InvalidPairwiseSubjectException
```
    Description copied from class: PairwiseSubjectCodec
    
    Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject. Throws a UnsupportedOperationException. Codecs that support pairwise subject identifier reversal should override this method.
    
    Overrides:
    
    decode in class PairwiseSubjectCodec
    
    Parameters:
    
    pairwiseSubject - The pairwise subject identifier. Must be valid and not null.
    
    Returns:
    
    The matching sector identifier and local subject.
    
    Throws:
    
    InvalidPairwiseSubjectException - If the pairwise subject is invalid.

Class SIVAESBasedPairwiseSubjectCodec

Field Summary

Fields inherited from class com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec

Constructor Summary

Method Summary

Methods inherited from class com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec

Methods inherited from class java.lang.Object

Constructor Detail

SIVAESBasedPairwiseSubjectCodec

SIVAESBasedPairwiseSubjectCodec

Method Detail

getSecretKey

getPadSubjectToLength

encode

decode