Package com.nimbusds.jose.crypto
Class MACVerifier
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWSProvider
-
- com.nimbusds.jose.crypto.impl.MACProvider
-
- com.nimbusds.jose.crypto.MACVerifier
-
- All Implemented Interfaces:
CriticalHeaderParamsAware
,JCAAware<JCAContext>
,JOSEProvider
,JWSProvider
,JWSVerifier
@ThreadSafe public class MACVerifier extends MACProvider implements JWSVerifier, CriticalHeaderParamsAware
Message Authentication Code (MAC) verifier ofJWS objects
. Expects a secret key.See RFC 7518 section 3.2 for more information.
This class is thread-safe.
Supports the following algorithms:
- Version:
- 2016-06-26
- Author:
- Vladimir Dzhuvinov
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.MACProvider
SUPPORTED_ALGORITHMS
-
-
Constructor Summary
Constructors Constructor Description MACVerifier(byte[] secret)
Creates a new Message Authentication (MAC) verifier.MACVerifier(byte[] secret, Set<String> defCritHeaders)
Creates a new Message Authentication (MAC) verifier.MACVerifier(OctetSequenceKey jwk)
Creates a new Message Authentication (MAC) verifier.MACVerifier(OctetSequenceKey jwk, Set<String> defCritHeaders)
Creates a new Message Authentication (MAC) verifier.MACVerifier(String secretString)
Creates a new Message Authentication (MAC) verifier.MACVerifier(SecretKey secretKey)
Creates a new Message Authentication (MAC) verifier.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<String>
getDeferredCriticalHeaderParams()
Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.Set<String>
getProcessedCriticalHeaderParams()
Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.boolean
verify(JWSHeader header, byte[] signedContent, Base64URL signature)
Verifies the specifiedsignature
of aJWS object
.-
Methods inherited from class com.nimbusds.jose.crypto.impl.MACProvider
getJCAAlgorithmName, getSecret, getSecretKey, getSecretString
-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider
getJCAContext, supportedJWSAlgorithms
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWSProvider
supportedJWSAlgorithms
-
-
-
-
Constructor Detail
-
MACVerifier
public MACVerifier(byte[] secret) throws JOSEException
Creates a new Message Authentication (MAC) verifier.- Parameters:
secret
- The secret. Must be at least 256 bits long and notnull
.- Throws:
JOSEException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACVerifier
public MACVerifier(String secretString) throws JOSEException
Creates a new Message Authentication (MAC) verifier.- Parameters:
secretString
- The secret as a UTF-8 encoded string. Must be at least 256 bits long and notnull
.- Throws:
JOSEException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACVerifier
public MACVerifier(SecretKey secretKey) throws JOSEException
Creates a new Message Authentication (MAC) verifier.- Parameters:
secretKey
- The secret key. Must be at least 256 bits long and notnull
.- Throws:
JOSEException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACVerifier
public MACVerifier(OctetSequenceKey jwk) throws JOSEException
Creates a new Message Authentication (MAC) verifier.- Parameters:
jwk
- The secret as a JWK. Must be at least 256 bits long and notnull
.- Throws:
JOSEException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACVerifier
public MACVerifier(OctetSequenceKey jwk, Set<String> defCritHeaders) throws JOSEException
Creates a new Message Authentication (MAC) verifier.- Parameters:
jwk
- The secret as a JWK. Must be at least 256 bits long and notnull
.defCritHeaders
- The names of the critical header parameters that are deferred to the application for processing, empty set ornull
if none.- Throws:
JOSEException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACVerifier
public MACVerifier(byte[] secret, Set<String> defCritHeaders) throws JOSEException
Creates a new Message Authentication (MAC) verifier.- Parameters:
secret
- The secret. Must be at least 256 bits long and notnull
.defCritHeaders
- The names of the critical header parameters that are deferred to the application for processing, empty set ornull
if none.- Throws:
JOSEException
- If the secret length is shorter than the minimum 256-bit requirement.
-
-
Method Detail
-
getProcessedCriticalHeaderParams
public Set<String> getProcessedCriticalHeaderParams()
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are understood and processed by the JWS verifier / JWE decrypter.- Specified by:
getProcessedCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are understood and processed, empty set if none.
-
getDeferredCriticalHeaderParams
public Set<String> getDeferredCriticalHeaderParams()
Description copied from interface:CriticalHeaderParamsAware
Returns the names of the critical (crit
) header parameters that are deferred to the application for processing and will be ignored by the JWS verifier / JWE decrypter.- Specified by:
getDeferredCriticalHeaderParams
in interfaceCriticalHeaderParamsAware
- Returns:
- The names of the critical header parameters that are deferred to the application for processing, empty set if none.
-
verify
public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
Description copied from interface:JWSVerifier
Verifies the specifiedsignature
of aJWS object
.- Specified by:
verify
in interfaceJWSVerifier
- Parameters:
header
- The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not benull
.signedContent
- The signing input. Must not benull
.signature
- The signature part of the JWS object. Must not benull
.- Returns:
true
if the signature was successfully verified,false
if the signature is invalid or if a critical header is neither supported nor marked for deferral to the application.- Throws:
JOSEException
- If the JWS algorithm is not supported, or if signature verification failed for some other internal reason.
-
-