@ThreadSafe public class MACVerifier extends Object implements JWSVerifier
JWS objects
. This class is thread-safe.
Supports the following JSON Web Algorithms (JWAs):
Accepts all registered JWS header parameters
. Modify the header filter
properties to restrict the acceptable JWS algorithms and
header parameters, or to allow custom JWS header parameters.
Modifier and Type | Field and Description |
---|---|
static Set<JWSAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWS algorithms.
|
Constructor and Description |
---|
MACVerifier(byte[] sharedSecret)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(String sharedSecretString)
Creates a new Message Authentication (MAC) verifier.
|
Modifier and Type | Method and Description |
---|---|
protected static String |
getJCAAlgorithmName(JWSAlgorithm alg)
Gets the matching Java Cryptography Architecture (JCA) algorithm
name for the specified HMAC-based JSON Web Algorithm (JWA).
|
JWSHeaderFilter |
getJWSHeaderFilter()
Gets the JWS header filter associated with the verifier.
|
byte[] |
getSharedSecret()
Gets the shared secret.
|
String |
getSharedSecretString()
Gets the shared secret as a UTF-8 encoded string.
|
Set<JWSAlgorithm> |
supportedAlgorithms()
Returns the names of the supported JWS algorithms.
|
boolean |
verify(ReadOnlyJWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedAlgorithms
public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS
public MACVerifier(byte[] sharedSecret)
sharedSecret
- The shared secret. Must not be null
.public MACVerifier(String sharedSecretString)
sharedSecretString
- The shared secret as a UTF-8 encoded
string. Must not be null
.public JWSHeaderFilter getJWSHeaderFilter()
JWSVerifier
supported JWS
algorithms
and header parameters that the verifier is configured to
accept.
Attempting to verify
a JWS object signature with
an algorithm or header parameter that is not accepted must result in
a JOSEException
.
getJWSHeaderFilter
in interface JWSVerifier
public boolean verify(ReadOnlyJWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify an accepted JWS algorithm, must contain
only accepted header parameters, and must not be
null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
else false
.JOSEException
- If the JWS algorithm is not accepted, if a
header parameter is not accepted, or if
signature verification failed for some other
reason.protected static String getJCAAlgorithmName(JWSAlgorithm alg) throws JOSEException
alg
- The JSON Web Algorithm (JWA). Must be supported and not
null
.JOSEException
- If the algorithm is not supported.public byte[] getSharedSecret()
public String getSharedSecretString()
public Set<JWSAlgorithm> supportedAlgorithms()
JWSAlgorithmProvider
alg
JWS header parameter.supportedAlgorithms
in interface JWSAlgorithmProvider
Copyright © 2014 NimbusDS. All Rights Reserved.