com.nimbusds.jose.crypto

Class MACVerifier

java.lang.Object

com.nimbusds.jose.crypto.MACVerifier

All Implemented Interfaces:

CriticalHeaderParamsAware, JCAAware<JCAContext>, JOSEProvider, JWSProvider, JWSVerifier

@ThreadSafe
public class MACVerifier
extends Object
implements JWSVerifier, CriticalHeaderParamsAware

Message Authentication Code (MAC) verifier of JWS objects. This class is thread-safe.

Supports the following algorithms:

• JWSAlgorithm.HS256
• JWSAlgorithm.HS384
• JWSAlgorithm.HS512

Version:

2015-06-02

Author:

Vladimir Dzhuvinov

Field Summary

Fields

Modifier and Type	Field and Description
static Set<JWSAlgorithm>	SUPPORTED_ALGORITHMS The supported JWS algorithms by the MAC provider class.

Constructor Summary

Constructors

Constructor and Description
MACVerifier(byte[] secret) Creates a new Message Authentication (MAC) verifier.
MACVerifier(byte[] secret, Set<String> defCritHeaders) Creates a new Message Authentication (MAC) verifier.
MACVerifier(OctetSequenceKey jwk) Creates a new Message Authentication (MAC) verifier.
MACVerifier(SecretKey secretKey) Creates a new Message Authentication (MAC) verifier.
MACVerifier(String secretString) Creates a new Message Authentication (MAC) verifier.

Method Summary

Methods

Modifier and Type	Method and Description
Set<String>	getDeferredCriticalHeaderParams() Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.
protected static String	getJCAAlgorithmName(JWSAlgorithm alg) Gets the matching Java Cryptography Architecture (JCA) algorithm name for the specified HMAC-based JSON Web Algorithm (JWA).
JCAContext	getJCAContext() Returns the Java Cryptography Architecture (JCA) context.
Set<String>	getProcessedCriticalHeaderParams() Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.
byte[]	getSecret() Gets the secret bytes.
SecretKey	getSecretKey() Gets the secret key.
String	getSecretString() Gets the secret as a UTF-8 encoded string.
Set<JWSAlgorithm>	supportedJWSAlgorithms() Returns the names of the supported algorithms by the JWS provider instance.
boolean	verify(JWSHeader header, byte[] signedContent, Base64URL signature) Verifies the specified signature of a JWS object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWSProvider

supportedJWSAlgorithms

Field Detail

SUPPORTED_ALGORITHMS

public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS

The supported JWS algorithms by the MAC provider class.

Constructor Detail

MACVerifier

public MACVerifier(byte[] secret)
            throws JOSEException

Creates a new Message Authentication (MAC) verifier.

Parameters:

secret - The secret. Must be at least 256 bits long and not null.

Throws:

JOSEException - If the secret length is shorter than the minimum 256-bit requirement.

MACVerifier

public MACVerifier(String secretString)
            throws JOSEException

Creates a new Message Authentication (MAC) verifier.

Parameters:

secretString - The secret as a UTF-8 encoded string. Must be at least 256 bits long and not null.

Throws:

JOSEException - If the secret length is shorter than the minimum 256-bit requirement.

MACVerifier

public MACVerifier(SecretKey secretKey)
            throws JOSEException

Creates a new Message Authentication (MAC) verifier.

Parameters:

secretKey - The secret key. Must be at least 256 bits long and not null.

Throws:

JOSEException - If the secret length is shorter than the minimum 256-bit requirement.

MACVerifier

public MACVerifier(OctetSequenceKey jwk)
            throws JOSEException

Creates a new Message Authentication (MAC) verifier.

Parameters:

jwk - The secret as a JWK. Must be at least 256 bits long and not null.

Throws:

JOSEException - If the secret length is shorter than the minimum 256-bit requirement.

MACVerifier

public MACVerifier(byte[] secret,
           Set<String> defCritHeaders)
            throws JOSEException

Creates a new Message Authentication (MAC) verifier.

Parameters:

secret - The secret. Must be at least 256 bits long and not null.

defCritHeaders - The names of the critical header parameters that are deferred to the application for processing, empty set or null if none.

Throws:

JOSEException - If the secret length is shorter than the minimum 256-bit requirement.

Method Detail

getProcessedCriticalHeaderParams

public Set<String> getProcessedCriticalHeaderParams()

Description copied from interface: CriticalHeaderParamsAware

Returns the names of the critical (crit) header parameters that are understood and processed by the JWS verifier / JWE decrypter.

Specified by:

getProcessedCriticalHeaderParams in interface CriticalHeaderParamsAware

Returns:

The names of the critical header parameters that are understood and processed, empty set if none.

getDeferredCriticalHeaderParams

public Set<String> getDeferredCriticalHeaderParams()

Description copied from interface: CriticalHeaderParamsAware

Returns the names of the critical (crit) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.

Specified by:

getDeferredCriticalHeaderParams in interface CriticalHeaderParamsAware

Returns:

The names of the critical header parameters that are deferred to the application for processing, empty set if none.

verify

public boolean verify(JWSHeader header,
             byte[] signedContent,
             Base64URL signature)
               throws JOSEException

Description copied from interface: JWSVerifier

Verifies the specified signature of a JWS object.

Specified by:

verify in interface JWSVerifier

Parameters:

header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.

signedContent - The signing input. Must not be null.

signature - The signature part of the JWS object. Must not be null.

Returns:

true if the signature was successfully verified, false if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.

Throws:

JOSEException - If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.

getJCAAlgorithmName

protected static String getJCAAlgorithmName(JWSAlgorithm alg)
                                     throws JOSEException

Gets the matching Java Cryptography Architecture (JCA) algorithm name for the specified HMAC-based JSON Web Algorithm (JWA).

Parameters:

alg - The JSON Web Algorithm (JWA). Must be supported and not null.

Returns:

The matching JCA algorithm name.

Throws:

JOSEException - If the algorithm is not supported.

getSecretKey

public SecretKey getSecretKey()

Gets the secret key.

Returns:

The secret key.

getSecret

public byte[] getSecret()

Gets the secret bytes.

Returns:

The secret bytes.

getSecretString

public String getSecretString()

Gets the secret as a UTF-8 encoded string.

Returns:

The secret as a UTF-8 encoded string.

supportedJWSAlgorithms

public Set<JWSAlgorithm> supportedJWSAlgorithms()

Description copied from interface: JWSProvider

Returns the names of the supported algorithms by the JWS provider instance. These correspond to the alg JWS header parameter.

Specified by:

supportedJWSAlgorithms in interface JWSProvider

Returns:

The supported JWS algorithms, empty set if none.

getJCAContext

public JCAContext getJCAContext()

Description copied from interface: JCAAware

Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.

Specified by:

getJCAContext in interface JCAAware<JCAContext>

Returns:

The JCA context. Not null.