Package com.nimbusds.jose.crypto

Class MACSigner

    • Constructor Detail

      • MACSigner

        public MACSigner​(byte[] secret)
          throws KeyLengthException
        Creates a new Message Authentication (MAC) signer.
        Parameters:
        secret - The secret. Must be at least 256 bits long and not null.
        Throws:
        KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.

      • MACSigner

        public MACSigner​(String secretString)
          throws KeyLengthException
        Creates a new Message Authentication (MAC) signer.
        Parameters:
        secretString - The secret as a UTF-8 encoded string. Must be at least 256 bits long and not null.
        Throws:
        KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.

      • MACSigner

        public MACSigner​(SecretKey secretKey)
          throws KeyLengthException
        Creates a new Message Authentication (MAC) signer.
        Parameters:
        secretKey - The secret key. Must be at least 256 bits long and not null.
        Throws:
        KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.

      • MACSigner

        public MACSigner​(OctetSequenceKey jwk)
          throws KeyLengthException
        Creates a new Message Authentication (MAC) signer.
        Parameters:
        jwk - The secret as a JWK. Must be at least 256 bits long and not null.
        Throws:
        KeyLengthException - If the secret length is shorter than the minimum 256-bit requirement.

    • Method Detail

      • getMinRequiredSecretLength

        public static int getMinRequiredSecretLength​(JWSAlgorithm alg)
                                      throws JOSEException
        Returns the minimal required secret length for the specified HMAC JWS algorithm.
        Parameters:
        alg - The HMAC JWS algorithm. Must be supported and not null.
        Returns:
        The minimal required secret length, in bits.
        Throws:
        JOSEException - If the algorithm is not supported.

      • getCompatibleAlgorithms

        public static Set<JWSAlgorithmgetCompatibleAlgorithms​(int secretLength)
        Returns the compatible JWS HMAC algorithms for the specified secret length.
        Parameters:
        secretLength - The secret length in bits. Must not be negative.
        Returns:
        The compatible HMAC algorithms, empty set if the secret length is too short for any algorithm.

      • sign

        public Base64URL sign​(JWSHeader header,
                      byte[] signingInput)
               throws JOSEException
        Description copied from interface: JWSSigner
        Signs the specified input of a JWS object.
        Specified by:
        sign in interface JWSSigner
        Parameters:
        header - The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be null.
        signingInput - The input to sign. Must not be null.
        Returns:
        The resulting signature part (third part) of the JWS object.
        Throws:
        JOSEException - If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.