Package com.unboundid.ldap.sdk.unboundidds

Class AES256EncodedPasswordSecretKey

java.lang.Object
com.unboundid.ldap.sdk.unboundidds.AES256EncodedPasswordSecretKey
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class AES256EncodedPasswordSecretKey extends Object implements Serializable
This class provides a data structure that may be used to hold a reusable secret key for use in conjunction with AES256EncodedPassword objects. Reusing a secret key avoids the (potentially significant) cost of generating it for each encryption and decryption operation.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
See Also:

  • Method Details

    • generate

      @NotNull public static AES256EncodedPasswordSecretKey generate(@NotNull String encryptionSettingsDefinitionID, @NotNull String encryptionSettingsDefinitionPassphrase) throws GeneralSecurityException, ParseException
      Generates an AES256 secret key from the provided information.
      Parameters:
      encryptionSettingsDefinitionID - A string with the hexadecimal representation of the encryption settings definition whose passphrase was used to generate the encoded password. It must not be null or empty, and it must represent a valid hexadecimal string whose length is an even number less than or equal to 510 bytes.
      encryptionSettingsDefinitionPassphrase - The passphrase associated with the specified encryption settings definition. It must not be null or empty.
      Returns:
      The AES256 secret key that was generated.
      Throws:
      GeneralSecurityException - If a problem occurs while trying to generate the secret key.
      ParseException - If the provided encryption settings ID cannot be parsed as a hexadecimal string.

    • generate

      @NotNull public static AES256EncodedPasswordSecretKey generate(@NotNull byte[] encryptionSettingsDefinitionID, @NotNull char[] encryptionSettingsDefinitionPassphrase) throws GeneralSecurityException
      Generates an AES256 secret key from the provided information.
      Parameters:
      encryptionSettingsDefinitionID - The bytes that comprise the raw encryption settings definition ID whose passphrase was used to generate the encoded password. It must not be null or empty, and its length must be less than or equal to 255 bytes.
      encryptionSettingsDefinitionPassphrase - The passphrase associated with the specified encryption settings definition. It must not be null or empty.
      Returns:
      The AES256 secret key that was generated.
      Throws:
      GeneralSecurityException - If a problem occurs while trying to generate the secret key.

    • generate

      @NotNull public static AES256EncodedPasswordSecretKey generate(@NotNull byte[] encryptionSettingsDefinitionID, @NotNull char[] encryptionSettingsDefinitionPassphrase, @NotNull byte[] keyFactorySalt) throws GeneralSecurityException
      Generates an AES256 secret key from the provided information.
      Parameters:
      encryptionSettingsDefinitionID - The bytes that comprise the raw encryption settings definition ID whose passphrase was used to generate the encoded password. It must not be null or empty, and its length must be less than or equal to 255 bytes.
      encryptionSettingsDefinitionPassphrase - The passphrase associated with the specified encryption settings definition. It must not be null or empty.
      keyFactorySalt - The salt used to generate the encryption key from the encryption settings definition passphrase. It must not be null and it must have a length of exactly 16 bytes.
      Returns:
      The AES256 secret key that was generated.
      Throws:
      GeneralSecurityException - If a problem occurs while trying to generate the secret key.

    • getEncryptionSettingsDefinitionID

      @NotNull public byte[] getEncryptionSettingsDefinitionID()
      Retrieves the bytes that comprise the raw identifier for the encryption settings definition whose passphrase was used to generate the secret key.
      Returns:
      A bytes that comprise the raw identifier for the encryption settings definition whose passphrase was used to generate the secret key.

    • getKeyFactorySalt

      @NotNull public byte[] getKeyFactorySalt()
      Retrieves the salt used to generate the secret key from the encryption settings definition passphrase.
      Returns:
      The salt used to generate the secret key from the encryption settings definition passphrase.

    • getSecretKey

      @NotNull public SecretKey getSecretKey()
      Retrieves the secret key that was generated. This method must not be called after the destroy() method has been called.
      Returns:
      The secret key that was generated.

    • destroy

      public void destroy()
      Destroys this secret key. The key must not be used after it has been destroyed.

    • toString

      @NotNull public String toString()
      Retrieves a string representation of this AES256 encoded password secret key.
      Overrides:
      toString in class Object
      Returns:
      A string representation of this AES256 encoded password secret key.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this AES256 encoded password secret key to the provided buffer.
      Parameters:
      buffer - The buffer to which the information should be appended.