Class HKDFParameterSpec.Builder

java.lang.Object
javax.crypto.spec.HKDFParameterSpec.Builder
Enclosing interface:
HKDFParameterSpec
public static final class HKDFParameterSpec.Builder extends Object
This Builder builds Extract and ExtractThenExpand objects.

The Builder is initialized via the ofExtract method of HKDFParameterSpec. As stated in the class description, addIKM and/or addSalt may be called as needed. Finally, an object is "built" by calling either extractOnly or thenExpand for Extract and ExtractThenExpand use-cases respectively. Note that the Builder is not thread-safe.

Since:
25

  • Method Summary

    Modifier and Type
    Method
    Description
    HKDFParameterSpec.Builder
    addIKM(byte[] ikm)
    Adds input keying material (IKM) to the builder.
    HKDFParameterSpec.Builder
    addIKM(SecretKey ikm)
    Adds input keying material (IKM) to the builder.
    HKDFParameterSpec.Builder
    addSalt(byte[] salt)
    Adds a salt to the builder.
    HKDFParameterSpec.Builder
    addSalt(SecretKey salt)
    Adds a salt to the builder.
    HKDFParameterSpec.Extract
    extractOnly()
    Builds an Extract object from the current state of the Builder.
    HKDFParameterSpec.ExtractThenExpand
    thenExpand(byte[] info, int length)
    Builds an ExtractThenExpand object from the current state of the Builder.

    Methods declared in class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    Modifier and Type
    Method
    Description
    protected Object
    clone()
    Creates and returns a copy of this object.
    boolean
    equals(Object obj)
    Indicates whether some other object is "equal to" this one.
    protected void
    finalize()
    Deprecated, for removal: This API element is subject to removal in a future version.
    Finalization is deprecated and subject to removal in a future release.
    final Class<?>
    getClass()
    Returns the runtime class of this Object.
    int
    hashCode()
    Returns a hash code value for this object.
    final void
    notify()
    Wakes up a single thread that is waiting on this object's monitor.
    final void
    notifyAll()
    Wakes up all threads that are waiting on this object's monitor.
    String
    toString()
    Returns a string representation of the object.
    final void
    wait()
    Causes the current thread to wait until it is awakened, typically by being notified or interrupted.
    final void
    wait(long timeoutMillis)
    Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
    final void
    wait(long timeoutMillis, int nanos)
    Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.

  • Method Details

    • extractOnly

      public HKDFParameterSpec.Extract extractOnly()
      Builds an Extract object from the current state of the Builder.
      Returns:
      an immutable Extract object

    • thenExpand

      public HKDFParameterSpec.ExtractThenExpand thenExpand(byte[] info, int length)
      Builds an ExtractThenExpand object from the current state of the Builder.
      Implementation Note:
      HKDF implementations will enforce that the length is not greater than 255 * HMAC length. HKDF implementations will also enforce that a {code null} info value is treated as zero-length byte array.
      Parameters:
      info - the optional context and application specific information (may be null); the byte array is cloned to prevent subsequent modification
      length - the length of the output keying material (must be greater than 0)
      Returns:
      an immutable ExtractThenExpand object
      Throws:
      IllegalArgumentException - if length is not greater than 0

    • addIKM

      public HKDFParameterSpec.Builder addIKM(SecretKey ikm)
      Adds input keying material (IKM) to the builder.

      Users may call addIKM multiple times when the input keying material value is to be assembled piece-meal or if part of the IKM is to be supplied by a hardware crypto device. The ikms() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled input keying material as a list of SecretKey objects.

      Parameters:
      ikm - the input keying material (IKM) value
      Returns:
      this builder
      Throws:
      NullPointerException - if the ikm argument is null

    • addIKM

      public HKDFParameterSpec.Builder addIKM(byte[] ikm)
      Adds input keying material (IKM) to the builder. Note that an ikm byte array of length zero will be discarded.

      Users may call addIKM multiple times when the input keying material value is to be assembled piece-meal or if part of the IKM is to be supplied by a hardware crypto device. The ikms() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled input keying material as a list of SecretKey objects.

      Parameters:
      ikm - the input keying material (IKM) value; the ikm byte array will be converted to a SecretKeySpec, which means that the byte array will be cloned inside the SecretKeySpec constructor
      Returns:
      this builder
      Throws:
      NullPointerException - if the ikm argument is null

    • addSalt

      public HKDFParameterSpec.Builder addSalt(SecretKey salt)
      Adds a salt to the builder.

      Users may call addSalt multiple times when the salt value is to be assembled piece-meal or if part of the salt is to be supplied by a hardware crypto device. The salts() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled salt as a list of SecretKey objects.

      Parameters:
      salt - the salt value
      Returns:
      this builder
      Throws:
      NullPointerException - if the salt is null

    • addSalt

      public HKDFParameterSpec.Builder addSalt(byte[] salt)
      Adds a salt to the builder. Note that a salt byte array of length zero will be discarded.

      Users may call addSalt multiple times when the salt value is to be assembled piece-meal or if part of the salt is to be supplied by a hardware crypto device. The salts() method of the Extract or ExtractThenExpand object that is subsequently built returns the assembled salt as a list of SecretKey objects.

      Parameters:
      salt - the salt value; the salt byte array will be converted to a SecretKeySpec, which means that the byte array will be cloned inside the SecretKeySpec constructor
      Returns:
      this builder
      Throws:
      NullPointerException - if the salt is null