com.softwareag.util

Class PKCE

java.lang.Object

com.softwareag.util.PKCE

public final class PKCE
extends java.lang.Object

This class provides utility methods for OAuth Proof Key for Code Exchange (RFC 7636). Client applications can use this class to create a code_verifier and a code_challenge. These values are used by public clients during the authorization code grant to mitigate the authorization code interception attack.

See Also:

https://tools.ietf.org/html/rfc7636

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	METHOD_PLAIN
static java.lang.String	METHOD_S256

Method Summary

Modifier and Type	Method and Description
static java.lang.String	createCodeChallenge(java.lang.String code_verifier, java.lang.String code_challenge_method) Uses the code_challenge_method to transform the code_verifier to produce a code_challenge.
static java.lang.String	createCodeVerifier() Generates a cryptographically random, high entropy string that is suitable to use as a code_verifier.
static boolean	pkceMatch(java.lang.String code_verifier, java.lang.String code_challenge, java.lang.String code_challenge_method) Checks that the code_verifier matches the code_challenge.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

METHOD_PLAIN

public static final java.lang.String METHOD_PLAIN

See Also:

Constant Field Values

METHOD_S256

public static final java.lang.String METHOD_S256

See Also:

Constant Field Values

Method Detail

createCodeVerifier

public static java.lang.String createCodeVerifier()

Generates a cryptographically random, high entropy string that is suitable to use as a code_verifier.

Returns:

a code_verifier

createCodeChallenge

public static java.lang.String createCodeChallenge(java.lang.String code_verifier,
                                                   java.lang.String code_challenge_method)

Uses the code_challenge_method to transform the code_verifier to produce a code_challenge.

Parameters:

code_verifier - a cryptographically random, high entropy string

code_challenge_method - either plain or S256. When S256, the code_verifier is hashed using the SHA-256 hashing algorithm and Base64-encoded. When plain, an empty String or null, the code_verifier is not transformed; the code_challenge is the same as the code_verifier.

Returns:

a code_challenge

pkceMatch

public static boolean pkceMatch(java.lang.String code_verifier,
                                java.lang.String code_challenge,
                                java.lang.String code_challenge_method)

Checks that the code_verifier matches the code_challenge.

Parameters:

code_verifier - a cryptographically random, high entropy string that is passed to the authorization endpoint

code_challenge - the result of transforming the code_verifier using the code_challenge_method

code_challenge_method - the method used to transform code_verifier into code_challenge.

Returns:

true if the supplied code_verifier, when transformed per the code_challenge_method, matches the supplied code_challenge. Otherwise, false.