@Override public final DigestId generateMAC(byte[] message) throws InvalidKeyException { KeyIdentifier signingKey = currentKey; byte[] digest = generateMAC(signingKey.getKey(), message); return new DigestId(signingKey.getKeyId(), digest); }
/** * Computes a digest for the given input message, using the key identified by the given ID. * @param keyId Identifier of the secret key to use. * @param message The data over which we should generate a digest. * @return The computed digest. * @throws InvalidKeyException If the input {@code keyId} does not match a known key or the key is not accepted * by the internal {@code Mac} implementation. */ protected final byte[] generateMAC(int keyId, byte[] message) throws InvalidKeyException { KeyIdentifier key = getKey(keyId); if (key == null) { throw new InvalidKeyException("No key found for ID " + keyId); } return generateMAC(key.getKey(), message); }
@Override public final <T> void validateMAC(Codec<T> codec, Signed<T> signedMessage) throws InvalidDigestException, InvalidKeyException { try { byte[] newDigest = generateMAC(signedMessage.getKeyId(), codec.encode(signedMessage.getMessage())); if (!Bytes.equals(signedMessage.getDigestBytes(), newDigest)) { throw new InvalidDigestException("Token signature is not valid!"); } } catch (IOException ioe) { throw Throwables.propagate(ioe); } }