@ThreadSafe public class MACVerifier extends Object implements JWSVerifier
JWS objects
. This class is thread-safe.
Supports the following JSON Web Algorithms (JWAs):
Accepts all registered JWS header parameters
. Use setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)
to
restrict the acceptable JWS algorithms.
Modifier and Type | Field and Description |
---|---|
protected Provider |
provider
The underlying cryptographic provider,
null if not specified
(implies default one). |
static Set<JWSAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWS algorithms.
|
Constructor and Description |
---|
MACVerifier(byte[] sharedSecret)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(String sharedSecretString)
Creates a new Message Authentication (MAC) verifier.
|
Modifier and Type | Method and Description |
---|---|
Set<JWSAlgorithm> |
getAcceptedAlgorithms()
Gets the names of the accepted JWS algorithms.
|
Set<String> |
getIgnoredCriticalHeaderParameters()
Gets the names of the critical JWS header parameters to ignore.
|
protected static String |
getJCAAlgorithmName(JWSAlgorithm alg)
Gets the matching Java Cryptography Architecture (JCA) algorithm
name for the specified HMAC-based JSON Web Algorithm (JWA).
|
byte[] |
getSharedSecret()
Gets the shared secret.
|
String |
getSharedSecretString()
Gets the shared secret as a UTF-8 encoded string.
|
void |
setAcceptedAlgorithms(Set<JWSAlgorithm> acceptedAlgs)
Sets the names of the accepted JWS algorithms.
|
void |
setIgnoredCriticalHeaderParameters(Set<String> headers)
Sets the names of the critical JWS header parameters to ignore.
|
void |
setProvider(Provider provider)
Sets a specific JCA provider, to be used for all operations.
|
Set<JWSAlgorithm> |
supportedAlgorithms()
Returns the names of the supported JWS algorithms.
|
boolean |
verify(JWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedAlgorithms
setProvider
public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS
public MACVerifier(byte[] sharedSecret)
sharedSecret
- The shared secret. Must not be null
.public MACVerifier(String sharedSecretString)
sharedSecretString
- The shared secret as a UTF-8 encoded
string. Must not be null
.public Set<JWSAlgorithm> getAcceptedAlgorithms()
JWSVerifier
alg
JWS header parameter.getAcceptedAlgorithms
in interface JWSVerifier
JWSVerifier.setAcceptedAlgorithms(java.util.Set<com.nimbusds.jose.JWSAlgorithm>)
public void setAcceptedAlgorithms(Set<JWSAlgorithm> acceptedAlgs)
JWSVerifier
alg
JWS header parameter.
For JWS verifiers that support multiple JWS algorithms this method can be used to indicate that only a subset should be accepted for processing.
setAcceptedAlgorithms
in interface JWSVerifier
acceptedAlgs
- The accepted JWS algorithms. Must be a subset of
the supported algorithms and not null
.public Set<String> getIgnoredCriticalHeaderParameters()
JWSVerifier
crit
header parameter. The JWS
verifier should not ignore critical headers by default.getIgnoredCriticalHeaderParameters
in interface JWSVerifier
null
if none.public void setIgnoredCriticalHeaderParameters(Set<String> headers)
JWSVerifier
crit
header parameter. The JWS
verifier should not ignore critical headers by default. Use this
setter to delegate processing of selected critical headers to the
application.setIgnoredCriticalHeaderParameters
in interface JWSVerifier
headers
- The names of the critical JWS header parameters to
ignore, empty or null
if none.public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify an accepted JWS algorithm, must contain
only accepted header parameters, and must not be
null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
else false
.JOSEException
- If the JWS algorithm is not accepted, if a
header parameter is not accepted, or if
signature verification failed for some other
reason.protected static String getJCAAlgorithmName(JWSAlgorithm alg) throws JOSEException
alg
- The JSON Web Algorithm (JWA). Must be supported and not
null
.JOSEException
- If the algorithm is not supported.public byte[] getSharedSecret()
public String getSharedSecretString()
public Set<JWSAlgorithm> supportedAlgorithms()
JWSAlgorithmProvider
alg
JWS header parameter.supportedAlgorithms
in interface JWSAlgorithmProvider
public void setProvider(Provider provider)
AlgorithmProvider
setProvider
in interface AlgorithmProvider
provider
- The JCA provider, or null
to use the default
one.Copyright © 2014 Connect2id Ltd.. All Rights Reserved.