1 /*
2 * The contents of this file are subject to the terms of the Common Development and
3 * Distribution License (the License). You may not use this file except in compliance with the
4 * License.
5 *
6 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
7 * specific language governing permission and limitations under the License.
8 *
9 * When distributing Covered Software, include this CDDL Header Notice in each file and include
10 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
11 * Header, with the fields enclosed by brackets [] replaced by your own identifying
12 * information: "Portions copyright [year] [name of copyright owner]".
13 *
14 * Copyright 2013-2015 ForgeRock AS.
15 */
16
17 package org.forgerock.json.jose.jws.handlers;
18
19 import org.forgerock.json.jose.exceptions.JwsSigningException;
20 import org.forgerock.json.jose.jws.JwsAlgorithm;
21 import org.forgerock.json.jose.utils.Utils;
22 import org.forgerock.util.Reject;
23
24 import java.security.InvalidKeyException;
25 import java.security.MessageDigest;
26 import java.security.NoSuchAlgorithmException;
27 import javax.crypto.Mac;
28 import javax.crypto.SecretKey;
29 import javax.crypto.spec.SecretKeySpec;
30
31 /**
32 * An implementation of the SigningHandler which can sign and verify using algorithms from the HMAC family.
33 *
34 * @since 2.0.0
35 */
36 public class HmacSigningHandler implements SigningHandler {
37
38 private final byte[] sharedSecret;
39
40 /**
41 * Constructs a new HmacSigningHandler.
42 *
43 * @param sharedSecret The shared secret to use to sign the data.
44 */
45 public HmacSigningHandler(byte[] sharedSecret) {
46 Reject.ifNull(sharedSecret, "Shared secret cannot be null.");
47 this.sharedSecret = sharedSecret.clone();
48 }
49
50 /**
51 * {@inheritDoc}
52 */
53 @Override
54 public byte[] sign(JwsAlgorithm algorithm, String data) {
55 return signWithHMAC(algorithm.getAlgorithm(), sharedSecret, data.getBytes(Utils.CHARSET));
56 }
57
58 /**
59 * {@inheritDoc}
60 */
61 @Override
62 public byte[] sign(final JwsAlgorithm algorithm, final byte[] data) {
63 return signWithHMAC(algorithm.getAlgorithm(), sharedSecret, data);
64 }
65
66 /**
67 * Performs the creation of the MAC for the data using the given Java Cryptographic algorithm.
68 *
69 * @param algorithm The Java Cryptographic algorithm.
70 * @param sharedSecret The shared secret to use to sign the data.
71 * @param data The data to sign.
72 * @return A byte array of the signature.
73 */
74 private byte[] signWithHMAC(String algorithm, byte[] sharedSecret, byte[] data) {
75 try {
76 Mac mac = Mac.getInstance(algorithm);
77 SecretKey secretKey = new SecretKeySpec(sharedSecret, algorithm.toUpperCase());
78 mac.init(secretKey);
79 return mac.doFinal(data);
80 } catch (NoSuchAlgorithmException e) {
81 throw new JwsSigningException("Unsupported Signing Algorithm, " + algorithm, e);
82 } catch (InvalidKeyException e) {
83 throw new JwsSigningException(e);
84 }
85 }
86
87 /**
88 * Verifies that the given signature is valid for the given data.
89 * <p>
90 * Uses the Java Cryptographic algorithm defined by the JwsAlgorithm and private key to create a new signature
91 * of the data to compare against the given signature to see if they are identical.
92 *
93 * This implementation avoids timing attacks by enforcing checking of each element of the
94 * array against one another. We do not rely on Arrays.equal or other methods which
95 * may return early upon discovering a mistake.
96 *
97 * @param algorithm The JwsAlgorithm defining the JavaCryptographic algorithm.
98 * @param data The data that was signed.
99 * @param signature The signature of the data.
100 * @return <code>true</code> if the signature is a valid signature of the data.
101 */
102 @Override
103 public boolean verify(JwsAlgorithm algorithm, byte[] data, byte[] signature) {
104 byte[] signed = signWithHMAC(algorithm.getAlgorithm(), sharedSecret, data);
105 return MessageDigest.isEqual(signed, signature);
106 }
107 }