On HMac Authentication for AVM Application


HMacMD5 is 128 bit Message digest (MD5) encrypted with a key. RFC 2104.


Base64 is byte encoding. RFC3548.


Hmac Class implements Base64 encoding as Subclass. One parameter (static) for any implementation of HMac that perhaps its identifying name (a AVM Server). These identifying names differ from server to server. However the set of all indetifying server names is a common set shared among all servers. These identifying Server names are used to generate a Key Store. This Key Store is used to authenticate any message sent or received. Hmac messages exchanged between servers have the Hmac digest and Server hash code from the originating message attached with the message. These hash codes are in Base64. Authenticated messages are however devoid any of these appendages called Hash code appendages.


In this implementation – all types of messages are covered. However RMI messages and Email messages are not implemented.


‘AuthenticationException’ is thrown in case of any error.


Method Summaries

void init()

This method initializes the class and creates the unique key store that is common between all servers. It also indentifies this server and this identity is used to create authentication hashes for Messages for sending.


Hashes createHmac(String msg)

Hashes createHmac(byte[] msg)


These two methods compute Hashes for a given message


void authenticateHmac(String msg, String serverHandle, String HmacMD5)

void authenticateHmac(byte[] msg, String serverHandle, String HmacMD5)


These two methods authenticate incoming messages.




byte[] messageFilterOutboundBIN(byte[] message)

byte[] messageFilterInboundBIN(byte[] message)


These pair of message filters is used to handle outgoing and incoming messages respectively. Outgoing messages automatically get appended with Hashes; incoming messages are stripped of Hashes after authentication.


String messageFilterOutboundXML(String message)

String messageFilterInboundXML(String message)


These pair of message Filters handle XML Messages.


String messageFilterOutboundHTTP(String message)

String messageFilterInboundHTTP(String message)

byte[] messageFilterOutboundHTTP(byte[] message)

byte[] messageFilterInboundHTTP(byte[] message)



These pairs of Filter handle HTTP Messages. When the message body is binary, it would be desirable that they too are converted to Base64. It is expected that String version may not ever be used.

javax.jms.Message messageFilterOutboundJMS(javax.jms.Message message)

void messageFilterInboundJMS(javax.jms.Message message)


These pair of Filters handles all 6 types of JMS messages. Note that the incoming message is not changed. Authenticated incoming message can be passed as it is to receiving message handlers.



The method ‘main()’ is written to test all the filters and utility methods sequentially. For testing JMS messages, it is required that J2EE Application Server should be running. I have used Sun Java Application Server and its runtime JMS and MQ libraries for testing. It is also required that connection, message and queue bindings are defined in a ‘.binding’ file in a given URL. I have used C:\Temp directory as that URL. The default Sun JMS Queue object manager ‘imqobjmgr’ is used to create the bindings from the property files (‘add-cf.props’ and ‘add-q.props’) required for Connection and Queue creation. These files are available at HMAC root directory.


All the routines may be thoroughly tested with many more test data. It is desirable that one understands the ‘main()’ method of HMAC Class.


HMAC.zip is the export Project and contains all the files used by me for testing.