Class MACSigner

All Implemented Interfaces:
JCAAware<JCAContext>, JOSEProvider, JWSProvider, JWSSigner

@ThreadSafe public class MACSigner extends MACProvider implements JWSSigner
Message Authentication Code (MAC) signer of JWS objects. Expects a secret key.

See RFC 7518 section 3.2 for more information.

This class is thread-safe.

Supports the following algorithms:

Tested with the AWS CloudHSM JCE provider.

Version:
2024-10-28
Author:
Vladimir Dzhuvinov, Ulrich Winter
  • Constructor Details

    • MACSigner

      public MACSigner(byte[] secret) throws KeyLengthException
      Creates a new Message Authentication (MAC) signer.
      Parameters:
      secret - The secret. Must be at least 256 bits long and not null.
      Throws:
      KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.
    • MACSigner

      public MACSigner(String secretString) throws KeyLengthException
      Creates a new Message Authentication (MAC) signer.
      Parameters:
      secretString - The secret as a UTF-8 encoded string. Must be at least 256 bits long and not null.
      Throws:
      KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.
    • MACSigner

      public MACSigner(SecretKey secretKey) throws KeyLengthException
      Creates a new Message Authentication (MAC) signer.
      Parameters:
      secretKey - The secret key. Must be at least 256 bits long and not null.
      Throws:
      KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.
    • MACSigner

      Creates a new Message Authentication (MAC) signer.
      Parameters:
      jwk - The secret as a JWK. Must be at least 256 bits long and not null.
      Throws:
      KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.
  • Method Details

    • sign

      public Base64URL sign(JWSHeader header, byte[] signingInput) throws JOSEException
      Description copied from interface: JWSSigner
      Signs the specified input of a JWS object.
      Specified by:
      sign in interface JWSSigner
      Parameters:
      header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.
      signingInput - The input to sign. Must not be null.
      Returns:
      The resulting signature part (third part) of the JWS object.
      Throws:
      JOSEException - If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.