Package jenkins.security

Class HMACConfidentialKey

  • public class HMACConfidentialKey
extends ConfidentialKey
    ConfidentialKey that's used for creating a token by hashing some information with secret (such as hash(msg|secret)).

    This provides more secure version of it by using HMAC. See http://rdist.root.org/2009/10/29/stop-using-unsafe-keyed-hashes-use-hmac/ for background. This implementation also never leaks the secret value to outside, so it makes it impossible for the careless caller to misuse the key (thus protecting ourselves from our own stupidity!)

    Since:
    1.498
    Author:
    Kohsuke Kawaguchi

    • Constructor Detail

      • HMACConfidentialKey

        public HMACConfidentialKey​(String id,
                           int length)
        Parameters:
        length - Byte length of the HMAC code. By default we use HMAC-SHA256, which produces 256bit (=32bytes) HMAC, but if different use cases requires a shorter HMAC, specify the desired length here. Note that when using mac(String), string encoding causes the length to double. So if you want to get 16-letter HMAC, you specify 8 here.

      • HMACConfidentialKey

        public HMACConfidentialKey​(Class owner,
                           String shortName)

    • Method Detail

      • mac

        public byte[] mac​(byte[] message)
        Computes the message authentication code for the specified byte sequence.

      • checkMac

        public boolean checkMac​(byte[] message,
                        byte[] mac)
        Convenience method for verifying the MAC code.

      • mac

        public String mac​(String message)
        Computes the message authentication code and return it as a string. While redundant, often convenient.

      • createMac

        public Mac createMac()
        Creates a new Mac object.