Class HKDFParameterSpec.Builder

java.lang.Object
javax.crypto.spec.HKDFParameterSpec.Builder
Enclosing interface:
HKDFParameterSpecPREVIEW

public static final class HKDFParameterSpec.Builder extends Object
Builder is a preview API of the Java platform.
Programs can only use Builder when preview features are enabled.
Preview features may be removed in a future release, or upgraded to permanent features of the Java platform.
This Builder builds Extract and ExtractThenExpand objects.

The Builder is initialized via the ofExtract method of HKDFParameterSpec. As stated in the class description, addIKM and/or addSalt may be called as needed. Finally, an object is "built" by calling either extractOnly or thenExpand for Extract and ExtractThenExpand use-cases respectively. Note that the Builder is not thread-safe.

Since:
24
  • Method Details

    • extractOnly

      public HKDFParameterSpec.ExtractPREVIEW extractOnly()
      Builds an Extract object from the current state of the Builder.
      Returns:
      an immutable Extract object
    • thenExpand

      public HKDFParameterSpec.ExtractThenExpandPREVIEW thenExpand(byte[] info, int length)
      Builds an ExtractThenExpand object from the current state of the Builder.
      Implementation Note:
      HKDF implementations will enforce that the length is not greater than 255 * HMAC length. HKDF implementations will also enforce that a {code null} info value is treated as zero-length byte array.
      Parameters:
      info - the optional context and application specific information (may be null); the byte array is cloned to prevent subsequent modification
      length - the length of the output keying material (must be greater than 0)
      Returns:
      an immutable ExtractThenExpand object
      Throws:
      IllegalArgumentException - if length is not greater than 0
    • addIKM

      Adds input keying material (IKM) to the builder.

      Users may call addIKM multiple times when the input keying material value is to be assembled piece-meal or if part of the IKM is to be supplied by a hardware crypto device. The ikms() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled input keying material as a list of SecretKey objects.

      Parameters:
      ikm - the input keying material (IKM) value
      Returns:
      this builder
      Throws:
      NullPointerException - if the ikm argument is null
    • addIKM

      public HKDFParameterSpec.BuilderPREVIEW addIKM(byte[] ikm)
      Adds input keying material (IKM) to the builder. Note that an ikm byte array of length zero will be discarded.

      Users may call addIKM multiple times when the input keying material value is to be assembled piece-meal or if part of the IKM is to be supplied by a hardware crypto device. The ikms() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled input keying material as a list of SecretKey objects.

      Parameters:
      ikm - the input keying material (IKM) value; the ikm byte array will be converted to a SecretKeySpec, which means that the byte array will be cloned inside the SecretKeySpec constructor
      Returns:
      this builder
      Throws:
      NullPointerException - if the ikm argument is null
    • addSalt

      Adds a salt to the builder.

      Users may call addSalt multiple times when the salt value is to be assembled piece-meal or if part of the salt is to be supplied by a hardware crypto device. The salts() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled salt as a list of SecretKey objects.

      Parameters:
      salt - the salt value
      Returns:
      this builder
      Throws:
      NullPointerException - if the salt is null
    • addSalt

      public HKDFParameterSpec.BuilderPREVIEW addSalt(byte[] salt)
      Adds a salt to the builder. Note that a salt byte array of length zero will be discarded.

      Users may call addSalt multiple times when the salt value is to be assembled piece-meal or if part of the salt is to be supplied by a hardware crypto device. The salts() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled salt as a list of SecretKey objects.

      Parameters:
      salt - the salt value; the salt byte array will be converted to a SecretKeySpec, which means that the byte array will be cloned inside the SecretKeySpec constructor
      Returns:
      this builder
      Throws:
      NullPointerException - if the salt is null