/** * Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC * value. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key * supplied. * * @param verificationKey the key with which to compute and verify the MAC * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param signature the computed MAC value received from the signer * @param input the input over which the MAC is computed and verified * @return true if the MAC value computed over the input using the supplied key and algorithm ID is identical to the * supplied MAC signature value * @throws SecurityException thrown if the MAC computation or verification process results in an error */ public static boolean verifyMAC(Key verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Verifying MAC over input using key of type {} and JCA algorithm ID {}", verificationKey .getAlgorithm(), jcaAlgorithmID); // Java JCA/JCE Mac interface doesn't have a verification op, // so have to compute the Mac and compare the byte arrays manually. byte[] computed = signMAC(verificationKey, jcaAlgorithmID, input); return Arrays.equals(computed, signature); }
/** * Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC * value. * * It is up to the caller to ensure that the specified algorithm ID is consistent with the type of verification key * supplied. * * @param verificationKey the key with which to compute and verify the MAC * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param signature the computed MAC value received from the signer * @param input the input over which the MAC is computed and verified * @return true if the MAC value computed over the input using the supplied key and algorithm ID is identical to the * supplied MAC signature value * @throws SecurityException thrown if the MAC computation or verification process results in an error */ public static boolean verifyMAC(Key verificationKey, String jcaAlgorithmID, byte[] signature, byte[] input) throws SecurityException { Logger log = getLogger(); log.debug("Verifying MAC over input using key of type {} and JCA algorithm ID {}", verificationKey .getAlgorithm(), jcaAlgorithmID); // Java JCA/JCE Mac interface doesn't have a verification op, // so have to compute the Mac and compare the byte arrays manually. byte[] computed = signMAC(verificationKey, jcaAlgorithmID, input); return Arrays.equals(computed, signature); }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of * signing key supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input) throws SecurityException { Logger log = getLogger(); Key signingKey = SecurityHelper.extractSigningKey(signingCredential); if (signingKey == null) { log.error("No signing key supplied in signing credential for signature computation"); throw new SecurityException("No signing key supplied in signing credential"); } if (isMAC) { return signMAC(signingKey, jcaAlgorithmID, input); } else if (signingKey instanceof PrivateKey) { return sign((PrivateKey) signingKey, jcaAlgorithmID, input); } else { log.error("No PrivateKey present in signing credential for signature computation"); throw new SecurityException("No PrivateKey supplied for signing"); } }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of * signing key supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param jcaAlgorithmID the Java JCA algorithm ID to use * @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input) throws SecurityException { Logger log = getLogger(); Key signingKey = SecurityHelper.extractSigningKey(signingCredential); if (signingKey == null) { log.error("No signing key supplied in signing credential for signature computation"); throw new SecurityException("No signing key supplied in signing credential"); } if (isMAC) { return signMAC(signingKey, jcaAlgorithmID, input); } else if (signingKey instanceof PrivateKey) { return sign((PrivateKey) signingKey, jcaAlgorithmID, input); } else { log.error("No PrivateKey present in signing credential for signature computation"); throw new SecurityException("No PrivateKey supplied for signing"); } }