/** * Sets a Key Identifier and MAC key provided by the CA. Use this if your CA requires * an individual account identification, e.g. your customer number. * * @param kid * Key Identifier * @param encodedMacKey * Base64url encoded MAC key. It will be decoded for your convenience. * @return itself */ public AccountBuilder withKeyIdentifier(String kid, String encodedMacKey) { byte[] encodedKey = AcmeUtils.base64UrlDecode(requireNonNull(encodedMacKey, "encodedMacKey")); return withKeyIdentifier(kid, new HmacKey(encodedKey)); }
/** * Sets a Key Identifier and MAC key provided by the CA. Use this if your CA requires * an individual account identification, e.g. your customer number. * * @param kid * Key Identifier * @param encodedMacKey * Base64url encoded MAC key. It will be decoded for your convenience. * @return itself */ public AccountBuilder withKeyIdentifier(String kid, String encodedMacKey) { byte[] encodedKey = AcmeUtils.base64UrlDecode(requireNonNull(encodedMacKey, "encodedMacKey")); return withKeyIdentifier(kid, new HmacKey(encodedKey)); }
public static void generate() throws Exception { byte[] bytes = ByteUtil.randomBytes(ByteUtil.byteLength(512)); OctetSequenceJsonWebKey key = new OctetSequenceJsonWebKey(new HmacKey(bytes)); key.setKeyId("k" + System.currentTimeMillis()); System.out.println(new JsonWebKeySet(key).toJson(JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC)); } }
public JWTVerifier(final String secret, final String issuer, final String audience) { final JwtConsumerBuilder builder = new JwtConsumerBuilder(); if (StringUtils.isNotBlank(audience)) builder.setExpectedAudience(audience); if (StringUtils.isNotBlank(issuer)) builder.setExpectedIssuer(issuer); builder.setVerificationKey(new HmacKey(secret.getBytes(StandardCharsets.UTF_8))); builder.setAllowedClockSkewInSeconds(60); builder.setRelaxVerificationKeyValidation(); // Allow HMAC keys < 256 bits consumer = builder.build(); }
public byte[] derive(byte[] password, byte[] salt, int iterationCount, int dkLen, String provider) throws JoseException Mac prf = MacUtil.getInitializedMac(hmacAlgorithm, new HmacKey(password), provider); int hLen = prf.getMacLength();
public static String createJWT(final String secret, final String payload) throws JoseException { String token; JsonWebSignature sig = new JsonWebSignature(); //sig.setKey(new HmacKey(DigestUtils.sha256(secret.getBytes(StandardCharsets.UTF_8)))); sig.setKey(new HmacKey(secret.getBytes(StandardCharsets.UTF_8))); sig.setDoKeyValidation(false); sig.setPayload(payload); sig.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); sig.setHeader(HeaderParameterNames.TYPE, "JWT"); token = sig.getCompactSerialization(); return token; } }
public String generateToken(String subject) { final JwtClaims claims = new JwtClaims(); claims.setSubject(subject); claims.setExpirationTimeMinutesInTheFuture(TOKEN_EXPIRATION_IN_MINUTES); final JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(HMAC_SHA256); jws.setKey(new HmacKey(tokenSecret)); jws.setDoKeyValidation(false); //relaxes hmac key length restrictions try { return jws.getCompactSerialization(); } catch (JoseException e) { throw new RuntimeException(e); } }
ContentEncryptionParts encrypt(byte[] plaintext, byte[] aad, byte[] key, byte[] iv, Headers headers, ProviderContext providerContext) throws JoseException Key hmacKey = new HmacKey(ByteUtil.leftHalf(key)); Key encryptionKey = new AesKey(ByteUtil.rightHalf(key)); final String cipherProvider = ContentEncryptionHelp.getCipherProvider(headers, providerContext);
byte[] al = getAdditionalAuthenticatedDataLengthBytes(aad); byte[] authenticationTagInput = ByteUtil.concat(aad, iv, ciphertext, al); Key hmacKey = new HmacKey(ByteUtil.leftHalf(contentEncryptionKey)); Mac mac = MacUtil.getInitializedMac(getHmacJavaAlgorithm(), hmacKey, macProvider); byte[] calculatedAuthenticationTag = mac.doFinal(authenticationTagInput);
.setRequireExpirationTime() .setRequireSubject() .setVerificationKey(new HmacKey(VERIFICATION_KEY)) .setRelaxVerificationKeyValidation() .build();