@ThreadSafe public class MACVerifier extends Object implements JWSVerifier, CriticalHeaderParamsAware
JWS objects
. This class is thread-safe.
Supports the following algorithms:
Modifier and Type | Field and Description |
---|---|
static Set<JWSAlgorithm> |
SUPPORTED_ALGORITHMS
The supported JWS algorithms by the MAC provider class.
|
Constructor and Description |
---|
MACVerifier(byte[] secret)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(byte[] secret,
Set<String> defCritHeaders)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(OctetSequenceKey jwk)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(SecretKey secretKey)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(String secretString)
Creates a new Message Authentication (MAC) verifier.
|
Modifier and Type | Method and Description |
---|---|
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
protected static String |
getJCAAlgorithmName(JWSAlgorithm alg)
Gets the matching Java Cryptography Architecture (JCA) algorithm
name for the specified HMAC-based JSON Web Algorithm (JWA).
|
JCAContext |
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
|
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
byte[] |
getSecret()
Gets the secret bytes.
|
SecretKey |
getSecretKey()
Gets the secret key.
|
String |
getSecretString()
Gets the secret as a UTF-8 encoded string.
|
Set<JWSAlgorithm> |
supportedJWSAlgorithms()
Returns the names of the supported algorithms by the JWS provider
instance.
|
boolean |
verify(JWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedJWSAlgorithms
public static final Set<JWSAlgorithm> SUPPORTED_ALGORITHMS
public MACVerifier(byte[] secret) throws JOSEException
secret
- The secret. Must be at least 256 bits long and not
null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(String secretString) throws JOSEException
secretString
- The secret as a UTF-8 encoded string. Must be at
least 256 bits long and not null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(SecretKey secretKey) throws JOSEException
secretKey
- The secret key. Must be at least 256 bits long and
not null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(OctetSequenceKey jwk) throws JOSEException
jwk
- The secret as a JWK. Must be at least 256 bits long and
not null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(byte[] secret, Set<String> defCritHeaders) throws JOSEException
secret
- The secret. Must be at least 256 bits long
and not null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify a supported JWS algorithm and must not
be null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
false
if the signature is invalid or if a critical
header is neither supported nor marked for deferral to the
application.JOSEException
- If the JWS algorithm is not supported, or if
signature verification failed for some other
internal reason.protected static String getJCAAlgorithmName(JWSAlgorithm alg) throws JOSEException
alg
- The JSON Web Algorithm (JWA). Must be supported and not
null
.JOSEException
- If the algorithm is not supported.public SecretKey getSecretKey()
public byte[] getSecret()
public String getSecretString()
public Set<JWSAlgorithm> supportedJWSAlgorithms()
JWSProvider
alg
JWS header parameter.supportedJWSAlgorithms
in interface JWSProvider
public JCAContext getJCAContext()
JCAAware
getJCAContext
in interface JCAAware<JCAContext>
null
.Copyright © 2015 Connect2id Ltd.. All Rights Reserved.