Package com.nimbusds.openid.connect.sdk.id

Class PairwiseSubjectCodec

java.lang.Object
com.nimbusds.openid.connect.sdk.id.PairwiseSubjectCodec
Direct Known Subclasses:
HashBasedPairwiseSubjectCodec, SIVAESBasedPairwiseSubjectCodec
@ThreadSafe public abstract class PairwiseSubjectCodec extends Object
Encoder and decoder of pairwise subject identifiers. The encoder algorithms must be deterministic, to ensure a given set of inputs always produces an identical pairwise subject identifier.

Decoding pairwise subject identifiers is optional, and is implemented by algorithms that supported reversal (typically with encryption-based codecs). Hash-based codecs don't support reversal.

Codec implementations thread-safe.

Related specifications:

  • OpenID Connect Core 1.0, section 8.1.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Charset
    CHARSET
    The charset (UTF-8) for string to byte conversions.

  • Constructor Summary

    Constructors
    Constructor
    Description
    PairwiseSubjectCodec(byte[] salt)
    Creates a new codec for pairwise subject identifiers.

  • Method Summary

    Modifier and Type
    Method
    Description
    Map.Entry<SectorID,Subject>
    decode(Subject pairwiseSubject)
    Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject.
    abstract Subject
    encode(SectorID sectorID, Subject localSub)
    Encodes a new pairwise subject identifier from the specified sector identifier and local subject.
    Subject
    encode(URI sectorURI, Subject localSub)
    Encodes a new pairwise subject identifier from the specified sector identifier URI and local subject.
    Provider
    getProvider()
    Gets the security provider for cryptographic operations.
    byte[]
    getSalt()
    Returns the salt.
    void
    setProvider(Provider provider)
    Sets the security provider for cryptographic operations.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • CHARSET

      public static final Charset CHARSET
      The charset (UTF-8) for string to byte conversions.

  • Constructor Details

    • PairwiseSubjectCodec

      public PairwiseSubjectCodec(byte[] salt)
      Creates a new codec for pairwise subject identifiers.
      Parameters:
      salt - The salt, null if not required.

  • Method Details

    • getSalt

      public byte[] getSalt()
      Returns the salt.
      Returns:
      The salt, null if not required.

    • getProvider

      public Provider getProvider()
      Gets the security provider for cryptographic operations.
      Returns:
      The security provider, null if not specified (implies the default one).

    • setProvider

      public void setProvider(Provider provider)
      Sets the security provider for cryptographic operations.
      Parameters:
      provider - The security provider, null if not specified (implies the default one).

    • encode

      public Subject encode(URI sectorURI, Subject localSub)
      Encodes a new pairwise subject identifier from the specified sector identifier URI and local subject.
      Parameters:
      sectorURI - The sector identifier URI. Its scheme should be "https", must include a host portion and must not be null.
      localSub - The local subject identifier. Must not be null.
      Returns:
      The pairwise subject identifier.

    • encode

      public abstract Subject encode(SectorID sectorID, Subject localSub)
      Encodes a new pairwise subject identifier from the specified sector identifier and local subject.
      Parameters:
      sectorID - The sector identifier. Must not be null.
      localSub - The local subject identifier. Must not be null.
      Returns:
      The pairwise subject identifier.

    • decode

      public Map.Entry<SectorID,Subject> decode(Subject pairwiseSubject) throws InvalidPairwiseSubjectException
      Decodes the specified pairwise subject identifier to produce the matching sector identifier and local subject. Throws a UnsupportedOperationException. Codecs that support pairwise subject identifier reversal should override this method.
      Parameters:
      pairwiseSubject - The pairwise subject identifier. Must be valid and not null.
      Returns:
      The matching sector identifier and local subject.
      Throws:
      InvalidPairwiseSubjectException - If the pairwise subject is invalid.