@ThreadSafe public class MACVerifier extends MACProvider implements JWSVerifier, CriticalHeaderParamsAware
JWS objects
. Expects a secret key.
See RFC 7518 section 3.2 for more information.
This class is thread-safe.
Supports the following algorithms:
SUPPORTED_ALGORITHMS
Constructor and Description |
---|
MACVerifier(byte[] secret)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(byte[] secret,
Set<String> defCritHeaders)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(OctetSequenceKey jwk)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(OctetSequenceKey jwk,
Set<String> defCritHeaders)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(SecretKey secretKey)
Creates a new Message Authentication (MAC) verifier.
|
MACVerifier(String secretString)
Creates a new Message Authentication (MAC) verifier.
|
Modifier and Type | Method and Description |
---|---|
Set<String> |
getDeferredCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter. |
Set<String> |
getProcessedCriticalHeaderParams()
Returns the names of the critical (
crit ) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter. |
boolean |
verify(JWSHeader header,
byte[] signedContent,
Base64URL signature)
Verifies the specified
signature of a
JWS object . |
getJCAAlgorithmName, getSecret, getSecretKey, getSecretString
getJCAContext, supportedJWSAlgorithms
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
supportedJWSAlgorithms
getJCAContext
public MACVerifier(byte[] secret) throws JOSEException
secret
- The secret. Must be at least 256 bits long and not
null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(String secretString) throws JOSEException
secretString
- The secret as a UTF-8 encoded string. Must be at
least 256 bits long and not null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(SecretKey secretKey) throws JOSEException
secretKey
- The secret key. Must be at least 256 bits long and
not null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(OctetSequenceKey jwk) throws JOSEException
jwk
- The secret as a JWK. Must be at least 256 bits long and
not null
.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(OctetSequenceKey jwk, Set<String> defCritHeaders) throws JOSEException
jwk
- The secret as a JWK. Must be at least 256 bits long and
not null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public MACVerifier(byte[] secret, Set<String> defCritHeaders) throws JOSEException
secret
- The secret. Must be at least 256 bits long
and not null
.defCritHeaders
- The names of the critical header parameters
that are deferred to the application for
processing, empty set or null
if none.JOSEException
- If the secret length is shorter than the
minimum 256-bit requirement.public Set<String> getProcessedCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are understood and processed by the JWS verifier / JWE
decrypter.getProcessedCriticalHeaderParams
in interface CriticalHeaderParamsAware
public Set<String> getDeferredCriticalHeaderParams()
CriticalHeaderParamsAware
crit
) header parameters
that are deferred to the application for processing and will be
ignored by the JWS verifier / JWE decrypter.getDeferredCriticalHeaderParams
in interface CriticalHeaderParamsAware
public boolean verify(JWSHeader header, byte[] signedContent, Base64URL signature) throws JOSEException
JWSVerifier
signature
of a
JWS object
.verify
in interface JWSVerifier
header
- The JSON Web Signature (JWS) header. Must
specify a supported JWS algorithm and must not
be null
.signedContent
- The signing input. Must not be null
.signature
- The signature part of the JWS object. Must not
be null
.true
if the signature was successfully verified,
false
if the signature is invalid or if a critical
header is neither supported nor marked for deferral to the
application.JOSEException
- If the JWS algorithm is not supported, or if
signature verification failed for some other
internal reason.Copyright © 2020 Connect2id Ltd.. All rights reserved.