org.forgerock.json.jose.jws.handlers

Class HmacSigningHandler

java.lang.Object

org.forgerock.json.jose.jws.handlers.HmacSigningHandler

All Implemented Interfaces:

SigningHandler

public class HmacSigningHandler
extends Object
implements SigningHandler

An implementation of the SigningHandler which can sign and verify using algorithms from the HMAC family.

Since:

2.0.0

Constructor Summary

Constructors

Constructor and Description
HmacSigningHandler(byte[] sharedSecret) Constructs a new HmacSigningHandler.
HmacSigningHandler(SecretKey key) Constructs a new HmacSigningHandler.

Method Summary

Modifier and Type	Method and Description
byte[]	sign(JwsAlgorithm algorithm, byte[] data) Signs the given raw data bytes using the Java Cryptographic algorithm defined by the JwsAlgorithm.
byte[]	sign(JwsAlgorithm algorithm, String data) Signs the given String data using the Java Cryptographic algorithm defined by the JwsAlgorithm.
boolean	verify(JwsAlgorithm algorithm, byte[] data, byte[] signature) Verifies that the given signature is valid for the given data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HmacSigningHandler

public HmacSigningHandler(byte[] sharedSecret)

Constructs a new HmacSigningHandler.

Parameters:

sharedSecret - The shared secret to use to sign the data.

HmacSigningHandler

public HmacSigningHandler(SecretKey key)

Constructs a new HmacSigningHandler.

Parameters:

key - The HMAC secret key to use to sign the data.

Method Detail

sign

public byte[] sign(JwsAlgorithm algorithm,
                   String data)

Signs the given String data using the Java Cryptographic algorithm defined by the JwsAlgorithm. The signature is created using the given private key.

Specified by:

sign in interface SigningHandler

Parameters:

algorithm - The JwsAlgorithm defining the Java Cryptographic algorithm.

data - The data to be signed.

Returns:

A byte array of the signature.

sign

public byte[] sign(JwsAlgorithm algorithm,
                   byte[] data)

Signs the given raw data bytes using the Java Cryptographic algorithm defined by the JwsAlgorithm.

Specified by:

sign in interface SigningHandler

Parameters:

algorithm - the JWS signature algorithm to use.

data - the raw data to sign.

Returns:

the signature.

verify

public boolean verify(JwsAlgorithm algorithm,
                      byte[] data,
                      byte[] signature)

Verifies that the given signature is valid for the given data.

Uses the Java Cryptographic algorithm defined by the JwsAlgorithm and private key to create a new signature of the data to compare against the given signature to see if they are identical. This implementation avoids timing attacks by enforcing checking of each element of the array against one another. We do not rely on Arrays.equal or other methods which may return early upon discovering a mistake.

Specified by:

verify in interface SigningHandler

Parameters:

algorithm - The JwsAlgorithm defining the JavaCryptographic algorithm.

data - The data that was signed.

signature - The signature of the data.

Returns:

true if the signature is a valid signature of the data.