com.nimbusds.jose.crypto
Class MACVerifier

java.lang.Object
  com.nimbusds.jose.crypto.MACVerifier

All Implemented Interfaces:

JWSAlgorithmProvider, JWSVerifier

@ThreadSafe
public class MACVerifier
extends Object
implements JWSVerifier

Message Authentication Code (MAC) verifier of JWS objects. This class is thread-safe.

Supports the following JSON Web Algorithms (JWAs):

• JWSAlgorithm.HS256
• JWSAlgorithm.HS384
• JWSAlgorithm.HS512

Accepts the following JWS header parameters:

• alg
• typ
• cty

Version:

$version$ (2012-10-23)

Author:

Vladimir Dzhuvinov

Constructor Summary

MACVerifier(byte[] sharedSecret)
Creates a new Message Authentication (MAC) verifier.

Method Summary

JWSHeaderFilter	getJWSHeaderFilter() Gets the JWS header filter associated with the verifier.
protected static Mac	getMAC(JWSAlgorithm alg) Gets a Message Authentication Code (MAC) service for the specified HMAC-based JSON Web Algorithm (JWA).
byte[]	getSharedSecret() Gets the shared secret.
Set<JWSAlgorithm>	supportedAlgorithms() Returns the names of the supported JWS algorithms.
boolean	verify(ReadOnlyJWSHeader header, byte[] signedContent, Base64URL signature) Verifies the specified signature of a JWS object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.jose.JWSAlgorithmProvider

supportedAlgorithms

Constructor Detail

MACVerifier

public MACVerifier(byte[] sharedSecret)

Creates a new Message Authentication (MAC) verifier.

Parameters:

sharedSecret - The shared secret. Must not be null.

Method Detail

getJWSHeaderFilter

public JWSHeaderFilter getJWSHeaderFilter()

Description copied from interface: JWSVerifier

Gets the JWS header filter associated with the verifier. Specifies the names of those supported JWS algorithms and header parameters that the verifier is configured to accept.

Attempting to verify a JWS object signature with an algorithm or header parameter that is not accepted must result in a JOSEException.

Specified by:

getJWSHeaderFilter in interface JWSVerifier

Returns:

The JWS header filter.

verify

public boolean verify(ReadOnlyJWSHeader header,
                      byte[] signedContent,
                      Base64URL signature)
               throws JOSEException

Description copied from interface: JWSVerifier

Verifies the specified signature of a JWS object.

Specified by:

verify in interface JWSVerifier

Parameters:

header - The JSON Web Signature (JWS) header. Must specify an accepted JWS algorithm, must contain only accepted header parameters, and must not be null.

signedContent - The signed content. Must not be null.

signature - The signature part of the JWS object. Must not be null.

Returns:

true if the signature was successfully verified, else false.

Throws:

JOSEException - If the JWS algorithm is not accepted, if a header parameter is not accepted, or if signature verification failed for some other reason.

getSharedSecret

public byte[] getSharedSecret()

Gets the shared secret.

Returns:

The shared secret.

getMAC

protected static Mac getMAC(JWSAlgorithm alg)
                     throws JOSEException

Gets a Message Authentication Code (MAC) service for the specified HMAC-based JSON Web Algorithm (JWA).

Parameters:

alg - The JSON Web Algorithm (JWA). Must be supported and not null.

Returns:

A MAC service instance.

Throws:

JOSEException - If the algorithm is not supported.

supportedAlgorithms

public Set<JWSAlgorithm> supportedAlgorithms()

Description copied from interface: JWSAlgorithmProvider

Returns the names of the supported JWS algorithms. These correspond to the alg JWS header parameter.

Specified by:

supportedAlgorithms in interface JWSAlgorithmProvider

Returns:

The supported JWS algorithms, empty set if none.