MACVerifier.java example

Explorer

Nimbus-JOSE-JWT-master
- src
  - main
    - java
      - com
        nimbusds
        jose
        Algorithm.java
        AlgorithmFamily.java
        CommonSEHeader.java
        CompressionAlgorithm.java
        ECKey.java
        EncryptionMethod.java
        Header.java
        HeaderFilter.java
        JOSEException.java
        JOSEObject.java
        JOSEObjectType.java
        JWEAlgorithm.java
        JWEAlgorithmProvider.java
        JWECryptoParts.java
        JWEDecrypter.java
        JWEEncrypter.java
        JWEHeader.java
        JWEHeaderFilter.java
        JWEObject.java
        JWK.java
        JWKSet.java
        JWSAlgorithm.java
        JWSAlgorithmProvider.java
        JWSHeader.java
        JWSHeaderFilter.java
        JWSObject.java
        JWSSigner.java
        JWSVerifier.java
        Payload.java
        PlainHeader.java
        PlainObject.java
        RSAKey.java
        ReadOnlyCommonSEHeader.java
        ReadOnlyHeader.java
        ReadOnlyJWEHeader.java
        ReadOnlyJWSHeader.java
        ReadOnlyPlainHeader.java
        Requirement.java
        Use.java
        crypto
        BaseJWSProvider.java
        DefaultJWSHeaderFilter.java
        ECDSAParameters.java
        ECDSAProvider.java
        ECDSASigner.java
        ECDSAVerifier.java
        MACProvider.java
        MACSigner.java
        MACVerifier.java
        RSASSAProvider.java
        RSASSASigner.java
        RSASSAVerifier.java
        package-info.java
        package-info.java
        util
        Base64.java
        Base64URL.java
        DeflateUtils.java
        JSONObjectUtils.java
        package-info.java
        jwt
        ClaimsSet.java
        EncryptedJWT.java
        JWT.java
        JWTParser.java
        PlainJWT.java
        ReadOnlyClaimsSet.java
        SignedJWT.java
        package-info.java
  - test
    - java
      - com
        nimbusds
        jose
        AlgorithmTest.java
        JOSEObjectTest.java
        JWEHeaderTest.java
        JWKSetTest.java
        JWSHeaderTest.java
        PlainHeaderTest.java
        PlainObjectTest.java
        crypto
        DefaultJWSHeaderFilterTest.java
        ECDSATest.java
        MACTest.java
        RSASSATest.java
        util
        Base64URLTest.java
        DeflateUtilsTest.java
        jwt
        ClaimsSetTest.java
        PlainJWTTest.java
      - example
        JWSExample.java

package com.nimbusds.jose.crypto;


import java.util.HashSet;
import java.util.Set;

import java.security.InvalidKeyException;

import javax.crypto.Mac;

import javax.crypto.spec.SecretKeySpec;

import net.jcip.annotations.ThreadSafe;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeaderFilter;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.ReadOnlyJWSHeader;

import com.nimbusds.jose.util.Base64URL;



/**
 * Message Authentication Code (MAC) verifier of 
 * {@link com.nimbusds.jose.JWSObject JWS objects}. This class is thread-safe.
 *
 * <p>Supports the following JSON Web Algorithms (JWAs):
 *
 * <ul>
 *     <li>{@link com.nimbusds.jose.JWSAlgorithm#HS256}
 *     <li>{@link com.nimbusds.jose.JWSAlgorithm#HS384}
 *     <li>{@link com.nimbusds.jose.JWSAlgorithm#HS512}
 * </ul>
 *
 * <p>Accepts the following JWS header parameters:
 *
 * <ul>
 *     <li>{@code alg}
 *     <li>{@code typ}
 *     <li>{@code cty}
 * </ul>
 * 
 * @author Vladimir Dzhuvinov
 * @version $version$ (2012-10-23)
 */
@ThreadSafe
public class MACVerifier extends MACProvider implements JWSVerifier {


	/**
	 * The accepted JWS header parameters.
	 */
	private static final Set<String> ACCEPTED_HEADER_PARAMETERS;
	
	
	/**
	 * Initialises the accepted JWS header parameters.
	 */
	static {
	
		Set<String> params = new HashSet<String>();
		params.add("alg");
		params.add("typ");
		params.add("cty");
		
		ACCEPTED_HEADER_PARAMETERS = params;
	}
	
	
	/**
	 * The JWS header filter.
	 */
	private DefaultJWSHeaderFilter headerFilter;
	
	 
	/**
	* Creates a new Message Authentication (MAC) verifier.
	*
	* @param sharedSecret The shared secret. Must not be {@code null}.
	*/
	public MACVerifier(final byte[] sharedSecret) {

		super(sharedSecret);

		headerFilter = new DefaultJWSHeaderFilter(supportedAlgorithms(), ACCEPTED_HEADER_PARAMETERS);
	}
	
	
	@Override
	public JWSHeaderFilter getJWSHeaderFilter() {
	
		return headerFilter;
	}


        @Override
        public boolean verify(final ReadOnlyJWSHeader header, 
                              final byte[] signedContent, 
                              final Base64URL signature)
                throws JOSEException {
                
                Mac mac = getMAC(header.getAlgorithm());
                
                try {
                        mac.init(new SecretKeySpec(getSharedSecret(), mac.getAlgorithm()));
                        
                } catch (InvalidKeyException e) {
                
                        throw new JOSEException("Invalid HMAC key: " + e.getMessage(), e);
                }
                
                mac.update(signedContent);
                
                Base64URL expectedSignature = Base64URL.encode(mac.doFinal());
                
                if (expectedSignature.equals(signature))
                        return true;
                else
                        return false;
        }
}