Module com.aoapps.security
Package com.aoapps.security

Class UnprotectedKey

java.lang.Object
com.aoapps.security.Key
com.aoapps.security.UnprotectedKey
All Implemented Interfaces:
AutoCloseable, Cloneable, Destroyable
public final class UnprotectedKey extends Key
Unlike Key, which goes out of its way to protect the key, an unprotected key provides access to the key value. This is intended for when the key needs to be accessible to the application, such as setting a cookie value to a generated authentication token.
Author:
AO Industries, Inc.

  • Constructor Details

    • UnprotectedKey

      public UnprotectedKey(byte[] key) throws IllegalArgumentException
      Parameters:
      key - Is zeroed before this method returns. If the original key is needed, pass a copy to this method.
      Throws:
      IllegalArgumentException - when key == null || key.length == 0 or when key is already destroyed (contains all zeroes).

    • UnprotectedKey

      public UnprotectedKey(SupplierE<? extends byte[],Ex> generator) throws Ex
      Generates a new key using the provided key generator.

      The key will never be all-zeroes, since this would conflict with the representation of already destroyed. In the unlikely event the generator creates an all-zero key, the key will be discarded and another will be generated. We do recognize that disallowing certain values from the key space may provide an advantage to attackers (i.e. Enigma), losing the all-zero key is probably a good choice anyway.

      Type Parameters:
      Ex - An arbitrary exception type that may be thrown
      Throws:
      Ex

    • UnprotectedKey

      @Deprecated public UnprotectedKey(int keyBytes, Random random) throws IllegalArgumentException
      Deprecated.
      Please use SecureRandom. This method will stay, but will remain deprecated since it should only be used after careful consideration.
      Generates a new key of the given number of bytes using the provided Random source.

      The key will never be all-zeroes, since this would conflict with the representation of already destroyed. In the unlikely event the random source generates an all-zero key, the key will be discarded and another will be generated. We do recognize that disallowing certain values from the key space may provide an advantage to attackers (i.e. Enigma), losing the all-zero key is probably a good choice anyway.

      Throws:
      IllegalArgumentException - when keyBytes == 0

    • UnprotectedKey

      public UnprotectedKey(int keyBytes, SecureRandom secureRandom) throws IllegalArgumentException
      Generates a new key of the given number of bytes using the provided SecureRandom source.

      The key will never be all-zeroes, since this would conflict with the representation of already destroyed. In the unlikely event the random source generates an all-zero key, the key will be discarded and another will be generated. We do recognize that disallowing certain values from the key space may provide an advantage to attackers (i.e. Enigma), losing the all-zero key is probably a good choice anyway.

      Throws:
      IllegalArgumentException - when keyBytes == 0

    • UnprotectedKey

      public UnprotectedKey(int keyBytes) throws IllegalArgumentException
      Generates a new key of the given number of bytes.

      The key will never be all-zeroes, since this would conflict with the representation of already destroyed. In the unlikely event the random source generates an all-zero key, the key will be discarded and another will be generated. We do recognize that disallowing certain values from the key space may provide an advantage to attackers (i.e. Enigma), losing the all-zero key is probably a good choice anyway.

      Throws:
      IllegalArgumentException - when keyBytes == 0

  • Method Details