Package net.shibboleth.oidc.security
Class JWSAssemblyUtils
- java.lang.Object
-
- net.shibboleth.oidc.security.JWSAssemblyUtils
-
public final class JWSAssemblyUtils extends Object
Generic utility class for helping with JWS assembly.
-
-
Constructor Summary
Constructors Modifier Constructor Description privateJWSAssemblyUtils()Private constructor.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static com.nimbusds.jwt.SignedJWTassembleMacJws(com.nimbusds.jose.JWSAlgorithm algorithm, com.nimbusds.jwt.JWTClaimsSet claimsSet, byte[] secret)Assemble a HMAC based JSON Web Signature token (JWS) using the given algorithm, claims, and secret.static StringassembleMacJwsAsString(com.nimbusds.jose.JWSAlgorithm algorithm, com.nimbusds.jwt.JWTClaimsSet claimsSet, byte[] secret)Assemble a HMAC based JSON Web Signature token using the given algorithm, claims, and secret, and return its JSON compact serialized form.private static StringcomposeSigningInput(com.nimbusds.jose.JWSHeader header, com.nimbusds.jose.Payload payload)Compose the message that is to be signed.private static StringgetJCAAlgorithmName(com.nimbusds.jose.JWSAlgorithm alg)Gets the matching Java Cryptography Architecture (JCA) algorithm name for the specified HMAC-based JSON Web Algorithm (JWA).static byte[]getSecretBytes(String secret)Convert the given secret into its byte representation assuming a UTF-8 character set.
-
-
-
Method Detail
-
assembleMacJwsAsString
@Nonnull public static String assembleMacJwsAsString(@Nonnull com.nimbusds.jose.JWSAlgorithm algorithm, @Nonnull com.nimbusds.jwt.JWTClaimsSet claimsSet, @Nonnull byte[] secret) throws EncodingException, com.nimbusds.jose.JOSEException, ParseException
Assemble a HMAC based JSON Web Signature token using the given algorithm, claims, and secret, and return its JSON compact serialized form.Note, does not check key to algorithm compatibility, use Nimbus's
MACSignerdirectly for the additional safety checks it has. This can therefore be used over the Nimbus signer on occasions where an algorithm to secret key incompatibility exists e.g. using a HS512 HMAC with too small a secret key.- Parameters:
algorithm- the JWA algorithm, **must** be one from the HMAC family.claimsSet- the JSON claims that form the payload.secret- the pre-shared secret used to construct the HMAC.- Returns:
- a fully assembled JWS using the JSON compact serialisation.
- Throws:
EncodingException- On error during encoding.com.nimbusds.jose.JOSEException- If the algorithm is not supported.ParseException- If an error occurs during serialisation.
-
assembleMacJws
@Nonnull public static com.nimbusds.jwt.SignedJWT assembleMacJws(@Nonnull com.nimbusds.jose.JWSAlgorithm algorithm, @Nonnull com.nimbusds.jwt.JWTClaimsSet claimsSet, @Nonnull byte[] secret) throws EncodingException, com.nimbusds.jose.JOSEException, ParseExceptionAssemble a HMAC based JSON Web Signature token (JWS) using the given algorithm, claims, and secret.Note, does not check key to algorithm compatibility, use Nimbus's
MACSignerdirectly for the additional safety checks it has. This can therefore be used over the Nimbus signer on occasions where an algorithm to secret key incompatibility exists e.g. using a HS512 HMAC with too small a secret key.- Parameters:
algorithm- the JWA algorithm, **must** be one from the HMAC family.claimsSet- the claims that form the payload.secret- the pre-shared secret used to construct the HMAC.- Returns:
- a fully assembled
signed JWT. - Throws:
EncodingException- On error during encoding.com.nimbusds.jose.JOSEException- If the algorithm is not supported.ParseException- If an error occurs during serialisation.
-
getSecretBytes
@Nonnull public static byte[] getSecretBytes(@Nonnull String secret)Convert the given secret into its byte representation assuming a UTF-8 character set.- Parameters:
secret- the secret.- Returns:
- the UTF-8 byte representation of the secret.
-
composeSigningInput
@Nonnull private static String composeSigningInput(@Nonnull com.nimbusds.jose.JWSHeader header, @Nonnull com.nimbusds.jose.Payload payload) throws EncodingException
Compose the message that is to be signed.Returns a JWS Signing Input. RFC7515; ASCII(BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload)
- Parameters:
header- the header component of the message to be signed.payload- the payload component of the message to be signed.- Returns:
- the JWS signing input ready to be signed.
- Throws:
EncodingException- if there is an error base64 encoding the components.
-
getJCAAlgorithmName
@Nonnull private static String getJCAAlgorithmName(@Nonnull com.nimbusds.jose.JWSAlgorithm alg) throws com.nimbusds.jose.JOSEException
Gets the matching Java Cryptography Architecture (JCA) algorithm name for the specified HMAC-based JSON Web Algorithm (JWA).This is taken from the Nimbus
MACProviderclass.- Parameters:
alg- The JSON Web Algorithm (JWA). Must be supported and notnull.- Returns:
- The matching JCA algorithm name.
- Throws:
com.nimbusds.jose.JOSEException- If the algorithm is not supported.
-
-