Package com.google.crypto.tink

Class SecretKeyAccess

  • @CheckReturnValue
@Immutable
public final class SecretKeyAccess
extends java.lang.Object
    Represents access to secret key material.

    Tink restricts access to secret key material, and users who require such access need to have an object of the class SecretKeyAccess to do this. For example, a function that outputs individiual key bytes might look like this: 

       class HmacKey {
      ...
      public byte[] getKeyMaterial(SecretKeyAccess access) {
        checkNotNull(access);
        return keyMaterial;
      }
   }
    Users who want to call getKeyMaterial then need to get a SecretKeyAccess object via InsecureSecretKeyAccess.get().

    • Method Detail

      • requireAccess

        @CanIgnoreReturnValue
public static SecretKeyAccess requireAccess​(@Nullable
                                            SecretKeyAccess access)
                                     throws java.security.GeneralSecurityException
        Throws an exception if the passed in SecretKeyAccess is null, otherwise returns it.

        Note: Tink has two types of APIs, some which take a nullable SecretKeyAccess, and some which take a SecretKeyAccess without annotation. When an API takes a nullable SecretKeyAccess, this indicates that proper usage may call it with null, hence we typically want to throw a checked exception and requireAccess here is appropriate. Conversely, if an API takes an unannotated SecretKeyAccess, this indicates that the API always requires a non-null object. In this case, using it with null warrants should usually throw a null pointer exception (and one does not want to use requireAccess).

        Throws:
        java.security.GeneralSecurityException