Package com.nimbusds.jose.crypto
Class MACSigner
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.BaseJWSProvider
-
- com.nimbusds.jose.crypto.impl.MACProvider
-
- com.nimbusds.jose.crypto.MACSigner
-
- All Implemented Interfaces:
JCAAware<JCAContext>
,JOSEProvider
,JWSProvider
,JWSSigner
@ThreadSafe public class MACSigner extends MACProvider implements JWSSigner
Message Authentication Code (MAC) signer ofJWS objects
. Expects a secret key.See RFC 7518 section 3.2 for more information.
This class is thread-safe.
Supports the following algorithms:
Tested with the AWS CloudHSM JCE provider.
- Version:
- 2023-09-14
- Author:
- Vladimir Dzhuvinov, Ulrich Winter
-
-
Field Summary
-
Fields inherited from class com.nimbusds.jose.crypto.impl.MACProvider
SUPPORTED_ALGORITHMS
-
-
Constructor Summary
Constructors Constructor Description MACSigner(byte[] secret)
Creates a new Message Authentication (MAC) signer.MACSigner(OctetSequenceKey jwk)
Creates a new Message Authentication (MAC) signer.MACSigner(String secretString)
Creates a new Message Authentication (MAC) signer.MACSigner(SecretKey secretKey)
Creates a new Message Authentication (MAC) signer.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Set<JWSAlgorithm>
getCompatibleAlgorithms(int secretLength)
Returns the compatible JWS HMAC algorithms for the specified secret length.static int
getMinRequiredSecretLength(JWSAlgorithm alg)
Returns the minimal required secret length for the specified HMAC JWS algorithm.Base64URL
sign(JWSHeader header, byte[] signingInput)
Signs the specifiedinput
of aJWS object
.-
Methods inherited from class com.nimbusds.jose.crypto.impl.MACProvider
getJCAAlgorithmName, getSecret, getSecretKey, getSecretString
-
Methods inherited from class com.nimbusds.jose.crypto.impl.BaseJWSProvider
getJCAContext, supportedJWSAlgorithms
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.jose.jca.JCAAware
getJCAContext
-
Methods inherited from interface com.nimbusds.jose.JWSProvider
supportedJWSAlgorithms
-
-
-
-
Constructor Detail
-
MACSigner
public MACSigner(byte[] secret) throws KeyLengthException
Creates a new Message Authentication (MAC) signer.- Parameters:
secret
- The secret. Must be at least 256 bits long and notnull
.- Throws:
KeyLengthException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACSigner
public MACSigner(String secretString) throws KeyLengthException
Creates a new Message Authentication (MAC) signer.- Parameters:
secretString
- The secret as a UTF-8 encoded string. Must be at least 256 bits long and notnull
.- Throws:
KeyLengthException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACSigner
public MACSigner(SecretKey secretKey) throws KeyLengthException
Creates a new Message Authentication (MAC) signer.- Parameters:
secretKey
- The secret key. Must be at least 256 bits long and notnull
.- Throws:
KeyLengthException
- If the secret length is shorter than the minimum 256-bit requirement.
-
MACSigner
public MACSigner(OctetSequenceKey jwk) throws KeyLengthException
Creates a new Message Authentication (MAC) signer.- Parameters:
jwk
- The secret as a JWK. Must be at least 256 bits long and notnull
.- Throws:
KeyLengthException
- If the secret length is shorter than the minimum 256-bit requirement.
-
-
Method Detail
-
getMinRequiredSecretLength
public static int getMinRequiredSecretLength(JWSAlgorithm alg) throws JOSEException
Returns the minimal required secret length for the specified HMAC JWS algorithm.- Parameters:
alg
- The HMAC JWS algorithm. Must besupported
and notnull
.- Returns:
- The minimal required secret length, in bits.
- Throws:
JOSEException
- If the algorithm is not supported.
-
getCompatibleAlgorithms
public static Set<JWSAlgorithm> getCompatibleAlgorithms(int secretLength)
Returns the compatible JWS HMAC algorithms for the specified secret length.- Parameters:
secretLength
- The secret length in bits. Must not be negative.- Returns:
- The compatible HMAC algorithms, empty set if the secret length is too short for any algorithm.
-
sign
public Base64URL sign(JWSHeader header, byte[] signingInput) throws JOSEException
Description copied from interface:JWSSigner
Signs the specifiedinput
of aJWS object
.- Specified by:
sign
in interfaceJWSSigner
- Parameters:
header
- The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not benull
.signingInput
- The input to sign. Must not benull
.- Returns:
- The resulting signature part (third part) of the JWS object.
- Throws:
JOSEException
- If the JWS algorithm is not supported, if a critical header parameter is not supported or marked for deferral to the application, or if signing failed for some other internal reason.
-
-