- All Implemented Interfaces:
Cloneable
public class Mac extends Object implements Cloneable
A MAC provides a way to check the integrity of information transmitted over or stored in an unreliable medium, based on a secret key. Typically, message authentication codes are used between two parties that share a secret key in order to validate information transmitted between these parties.
A MAC mechanism that is based on cryptographic hash functions is referred to as HMAC. HMAC can be used with any cryptographic hash function, e.g., SHA256 or SHA384, in combination with a secret shared key. HMAC is specified in RFC 2104.
Every implementation of the Java platform is required to support
the following standard Mac
algorithms:
HmacSHA1
HmacSHA256
- Since:
- 1.4
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionclone()
Returns a clone if the provider implementation is cloneable.byte[]
doFinal()
Finishes the MAC operation.byte[]
doFinal(byte[] input)
Processes the given array of bytes and finishes the MAC operation.void
doFinal(byte[] output, int outOffset)
Finishes the MAC operation.Returns the algorithm name of thisMac
object.static Mac
getInstance(String algorithm)
Returns aMac
object that implements the specified MAC algorithm.static Mac
getInstance(String algorithm, String provider)
Returns aMac
object that implements the specified MAC algorithm.static Mac
getInstance(String algorithm, Provider provider)
Returns aMac
object that implements the specified MAC algorithm.int
Returns the length of the MAC in bytes.Returns the provider of thisMac
object.void
Initializes thisMac
object with the given key.void
init(Key key, AlgorithmParameterSpec params)
Initializes thisMac
object with the given key and algorithm parameters.void
reset()
Resets thisMac
object.void
update(byte input)
Processes the given byte.void
update(byte[] input)
Processes the given array of bytes.void
update(byte[] input, int offset, int len)
Processes the firstlen
bytes ininput
, starting atoffset
inclusive.void
update(ByteBuffer input)
Processesinput.remaining()
bytes in the ByteBufferinput
, starting atinput.position()
.
-
Constructor Details
-
Mac
Creates a MAC object.- Parameters:
macSpi
- the delegateprovider
- the provideralgorithm
- the algorithm
-
-
Method Details
-
getAlgorithm
Returns the algorithm name of thisMac
object.This is the same name that was specified in one of the
getInstance
calls that created thisMac
object.- Returns:
- the algorithm name of this
Mac
object.
-
getInstance
Returns aMac
object that implements the specified MAC algorithm.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new Mac object encapsulating the MacSpi implementation from the first Provider that supports the specified algorithm is returned.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.- Implementation Note:
- The JDK Reference Implementation additionally uses the
jdk.security.provider.preferred
Security
property to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned bySecurity.getProviders()
. - Parameters:
algorithm
- the standard name of the requested MAC algorithm. See the Mac section in the Java Security Standard Algorithm Names Specification for information about standard algorithm names.- Returns:
- the new
Mac
object - Throws:
NoSuchAlgorithmException
- if noProvider
supports aMacSpi
implementation for the specified algorithmNullPointerException
- ifalgorithm
isnull
- See Also:
Provider
-
getInstance
public static final Mac getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderExceptionReturns aMac
object that implements the specified MAC algorithm.A new Mac object encapsulating the MacSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.- Parameters:
algorithm
- the standard name of the requested MAC algorithm. See the Mac section in the Java Security Standard Algorithm Names Specification for information about standard algorithm names.provider
- the name of the provider.- Returns:
- the new
Mac
object - Throws:
IllegalArgumentException
- if theprovider
isnull
or emptyNoSuchAlgorithmException
- if aMacSpi
implementation for the specified algorithm is not available from the specified providerNoSuchProviderException
- if the specified provider is not registered in the security provider listNullPointerException
- ifalgorithm
isnull
- See Also:
Provider
-
getInstance
public static final Mac getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmExceptionReturns aMac
object that implements the specified MAC algorithm.A new Mac object encapsulating the MacSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
- Parameters:
algorithm
- the standard name of the requested MAC algorithm. See the Mac section in the Java Security Standard Algorithm Names Specification for information about standard algorithm names.provider
- the provider.- Returns:
- the new
Mac
object - Throws:
IllegalArgumentException
- if theprovider
isnull
NoSuchAlgorithmException
- if aMacSpi
implementation for the specified algorithm is not available from the specifiedProvider
objectNullPointerException
- ifalgorithm
isnull
- See Also:
Provider
-
getProvider
Returns the provider of thisMac
object.- Returns:
- the provider of this
Mac
object.
-
getMacLength
public final int getMacLength()Returns the length of the MAC in bytes.- Returns:
- the MAC length in bytes.
-
init
Initializes thisMac
object with the given key.- Parameters:
key
- the key.- Throws:
InvalidKeyException
- if the given key is inappropriate for initializing this MAC.
-
init
public final void init(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, InvalidAlgorithmParameterExceptionInitializes thisMac
object with the given key and algorithm parameters.- Parameters:
key
- the key.params
- the algorithm parameters.- Throws:
InvalidKeyException
- if the given key is inappropriate for initializing this MAC.InvalidAlgorithmParameterException
- if the given algorithm parameters are inappropriate for this MAC.
-
update
Processes the given byte.- Parameters:
input
- the input byte to be processed.- Throws:
IllegalStateException
- if thisMac
has not been initialized.
-
update
Processes the given array of bytes.- Parameters:
input
- the array of bytes to be processed.- Throws:
IllegalStateException
- if thisMac
has not been initialized.
-
update
Processes the firstlen
bytes ininput
, starting atoffset
inclusive.- Parameters:
input
- the input buffer.offset
- the offset ininput
where the input starts.len
- the number of bytes to process.- Throws:
IllegalStateException
- if thisMac
has not been initialized.
-
update
Processesinput.remaining()
bytes in the ByteBufferinput
, starting atinput.position()
. Upon return, the buffer's position will be equal to its limit; its limit will not have changed.- Parameters:
input
- the ByteBuffer- Throws:
IllegalStateException
- if thisMac
has not been initialized.- Since:
- 1.5
-
doFinal
Finishes the MAC operation.A call to this method resets this
Mac
object to the state it was in when previously initialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
. That is, the object is reset and available to generate another MAC from the same key, if desired, via new calls toupdate
anddoFinal
. (In order to reuse thisMac
object with a different key, it must be reinitialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
.- Returns:
- the MAC result.
- Throws:
IllegalStateException
- if thisMac
has not been initialized.
-
doFinal
public final void doFinal(byte[] output, int outOffset) throws ShortBufferException, IllegalStateExceptionFinishes the MAC operation.A call to this method resets this
Mac
object to the state it was in when previously initialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
. That is, the object is reset and available to generate another MAC from the same key, if desired, via new calls toupdate
anddoFinal
. (In order to reuse thisMac
object with a different key, it must be reinitialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
.The MAC result is stored in
output
, starting atoutOffset
inclusive.- Parameters:
output
- the buffer where the MAC result is storedoutOffset
- the offset inoutput
where the MAC is stored- Throws:
ShortBufferException
- if the given output buffer is too small to hold the resultIllegalStateException
- if thisMac
has not been initialized.
-
doFinal
Processes the given array of bytes and finishes the MAC operation.A call to this method resets this
Mac
object to the state it was in when previously initialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
. That is, the object is reset and available to generate another MAC from the same key, if desired, via new calls toupdate
anddoFinal
. (In order to reuse thisMac
object with a different key, it must be reinitialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
.- Parameters:
input
- data in bytes- Returns:
- the MAC result.
- Throws:
IllegalStateException
- if thisMac
has not been initialized.
-
reset
public final void reset()Resets thisMac
object.A call to this method resets this
Mac
object to the state it was in when previously initialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
. That is, the object is reset and available to generate another MAC from the same key, if desired, via new calls toupdate
anddoFinal
. (In order to reuse thisMac
object with a different key, it must be reinitialized via a call toinit(Key)
orinit(Key, AlgorithmParameterSpec)
. -
clone
Returns a clone if the provider implementation is cloneable.- Overrides:
clone
in classObject
- Returns:
- a clone if the provider implementation is cloneable.
- Throws:
CloneNotSupportedException
- if this is called on a delegate that does not supportCloneable
.- See Also:
Cloneable
-