Package com.nimbusds.jose.crypto.impl

Class MACProvider

java.lang.Object
com.nimbusds.jose.crypto.impl.BaseJWSProvider
com.nimbusds.jose.crypto.impl.MACProvider
All Implemented Interfaces:
JCAAware<JCAContext>, JOSEProvider, JWSProvider
Direct Known Subclasses:
MACSigner, MACVerifier
public abstract class MACProvider extends BaseJWSProvider
The base abstract class for Message Authentication Code (MAC) signers and verifiers of JWS objects.

Supports the following algorithms:

Version:
2024-10-28
Author:
Vladimir Dzhuvinov, Ulrich Winter

  • Field Details

  • Constructor Details

    • MACProvider

      protected MACProvider(byte[] secret) throws KeyLengthException
      Creates a new Message Authentication (MAC) provider.
      Parameters:
      secret - The secret. Must be at least 256 bits long and not null.
      Throws:
      KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.

    • MACProvider

      protected MACProvider(SecretKey secretKey) throws KeyLengthException
      Creates a new Message Authentication (MAC) provider.
      Parameters:
      secretKey - The secret key. Must be at least 256 bits long and not null.S algorithms. Must not be null.
      Throws:
      KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.

  • Method Details

    • getCompatibleAlgorithms

      public static Set<JWSAlgorithm> getCompatibleAlgorithms(int secretLength)
      Returns the compatible JWS HMAC algorithms for the specified secret length.
      Parameters:
      secretLength - The secret length in bits. Must not be negative.
      Returns:
      The compatible HMAC algorithms, empty set if the secret length is too short for any algorithm.

    • getMinRequiredSecretLength

      public static int getMinRequiredSecretLength(JWSAlgorithm alg) throws JOSEException
      Returns the minimal required secret length for the specified HMAC JWS algorithm.
      Parameters:
      alg - The HMAC JWS algorithm. Must be supported and not null.
      Returns:
      The minimal required secret length, in bits.
      Throws:
      JOSEException - If the algorithm is not supported.

    • getJCAAlgorithmName

      protected static String getJCAAlgorithmName(JWSAlgorithm alg) throws JOSEException
      Gets the matching Java Cryptography Architecture (JCA) algorithm name for the specified HMAC-based JSON Web Algorithm (JWA).
      Parameters:
      alg - The JSON Web Algorithm (JWA). Must be supported and not null.
      Returns:
      The matching JCA algorithm name.
      Throws:
      JOSEException - If the algorithm is not supported.

    • getSecretKey

      public SecretKey getSecretKey()
      Gets the secret key.
      Returns:
      The secret key.

    • getSecret

      public byte[] getSecret()
      Gets the secret bytes.
      Returns:
      The secret bytes, null if this provider was constructed with a SecretKey that doesn't expose the key material.

    • getSecretString

      public String getSecretString()
      Gets the secret as a UTF-8 encoded string.
      Returns:
      The secret as a UTF-8 encoded string, null if this provider was constructed with a SecretKey that doesn't expose the key material.

    • ensureSecretLengthSatisfiesAlgorithm

      protected void ensureSecretLengthSatisfiesAlgorithm(JWSAlgorithm alg) throws JOSEException
      Ensures the secret length satisfies the minimum required for the specified HMAC JWS algorithm.
      Parameters:
      alg - The HMAC JWS algorithm. Must be supported and not null.
      Throws:
      JOSEException - If the algorithm is not supported.
      KeyLengthException - If the secret length is shorter than the minimum required.