@CheckReturnValue @Alpha @Immutable public final class SecretKeyAccess extends Object
Tink restricts access to secret key material, and users who require such access need to have
an object of the class SecretKeyAccess to do this. For example, a function that outputs
individiual key bytes might look like this:
class HmacKey {
...
public byte[] getKeyMaterial(SecretKeyAccess access) {
checkNotNull(access);
return keyMaterial;
}
}
Users who want to call getKeyMaterial then need to get a SecretKeyAccess object
via InsecureSecretKeyAccess.get().| Modifier and Type | Method and Description |
|---|---|
static SecretKeyAccess |
requireAccess(SecretKeyAccess access)
Throws an exception if the passed in
SecretKeyAccess is null, otherwise returns it. |
@CanIgnoreReturnValue public static SecretKeyAccess requireAccess(@Nullable SecretKeyAccess access) throws GeneralSecurityException
SecretKeyAccess is null, otherwise returns it.
Note: Tink has two types of APIs, some which take a nullable SecretKeyAccess, and
some which take a SecretKeyAccess without annotation. When an API takes a nullable
SecretKeyAccess, this indicates that proper usage may call it with null, hence
we typically want to throw a checked exception and requireAccess here is appropriate.
Conversely, if an API takes an unannotated SecretKeyAccess, this indicates that the API
always requires a non-null object. In this case, using it with null warrants should usually
throw a null pointer exception (and one does not want to use requireAccess).
GeneralSecurityException