ZhouXY108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-05-09 23:51:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix code

Browse Source
This commit is contained in:
Looly 2022-09-13 22:06:40 +08:00
parent 18daa4b431
commit 5afc3cca8d
2 changed files with 57 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
hutool-json/src/main/java/cn/hutool/json/jwt/JWT.java
View File

@ -119,6 +119,11 @@ public class JWT implements RegisteredPayload<JWT> {
* @return this * @return this
*/ */
public JWT setKey(final byte[] key) { public JWT setKey(final byte[] key) {
// 检查头信息中是否有算法信息
final String algorithmId = (String) this.header.getClaim(JWTHeader.ALGORITHM);
if (StrUtil.isNotBlank(algorithmId)) {
return setSigner(algorithmId, key);
}
return setSigner(JWTSignerUtil.hs256(key)); return setSigner(JWTSignerUtil.hs256(key));
} }
@ -316,19 +321,33 @@ public class JWT implements RegisteredPayload<JWT> {
} }
/** /**
* 签名生成JWT字符串 * 签名生成JWT字符串计算方式为以HS256为例
* <pre>
* HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
* </pre>
* *
* @param signer JWT签名器 * <p>此方法会补充如下的header</p>
* <ul>
* <li>当用户未定义"typ"赋默认值"JWT"</li>
* <li>当用户未定义"alg"根据传入的{@link JWTSigner}对象类型赋值对应ID</li>
* </ul>
*
* @param signer 自定义JWT签名器非空
* @return JWT字符串 * @return JWT字符串
*/ */
public String sign(final JWTSigner signer) { public String sign(final JWTSigner signer) {
Assert.notNull(signer, () -> new JWTException("No Signer provided!")); Assert.notNull(signer, () -> new JWTException("No Signer provided!"));
// 检查tye信息
final String type = (String) this.header.getClaim(JWTHeader.TYPE);
if (StrUtil.isBlank(type)) {
this.header.setType("JWT");
}
// 检查头信息中是否有算法信息 // 检查头信息中是否有算法信息
final String claim = (String) this.header.getClaim(JWTHeader.ALGORITHM); final String algorithm = (String) this.header.getClaim(JWTHeader.ALGORITHM);
if (StrUtil.isBlank(claim)) { if (StrUtil.isBlank(algorithm)) {
this.header.setClaim(JWTHeader.ALGORITHM, this.header.setAlgorithm(AlgorithmUtil.getId(signer.getAlgorithm()));
AlgorithmUtil.getId(signer.getAlgorithm()));
} }
final String headerBase64 = Base64.encodeUrlSafe(this.header.toString(), charset); final String headerBase64 = Base64.encodeUrlSafe(this.header.toString(), charset);
@ -378,9 +397,10 @@ public class JWT implements RegisteredPayload<JWT> {
} }
/** /**
* 验证JWT Token是否有效 * 使用指定签名器验证JWT Token是否有效<br>
* 如果签名器为{@code null}或者{@link NoneJWTSigner}表示这个JWT无签名签名部分必须为空
* *
* @param signer 签名器签名算法 * @param signer 签名器签名算法如果为{@code null}默认为{@link NoneJWTSigner}
* @return 是否有效 * @return 是否有效
*/ */
public boolean verify(JWTSigner signer) { public boolean verify(JWTSigner signer) {

32
hutool-json/src/main/java/cn/hutool/json/jwt/JWTHeader.java
View File

@ -30,10 +30,36 @@ public class JWTHeader extends Claims {
public static String KEY_ID = "kid"; public static String KEY_ID = "kid";
/** /**
* 构造初始化默认(typ=JWT) * 增加alg头信息
*
* @param algorithm 算法ID如HS265
* @return this
*/ */
public JWTHeader() { public JWTHeader setAlgorithm(final String algorithm) {
setClaim(TYPE, "JWT"); setClaim(ALGORITHM, algorithm);
return this;
}
/**
* 增加typ头信息
*
* @param type 类型如JWT
* @return this
*/
public JWTHeader setType(final String type) {
setClaim(TYPE, type);
return this;
}
/**
* 增加cty头信息
*
* @param contentType 内容类型
* @return this
*/
public JWTHeader setContentType(final String contentType) {
setClaim(CONTENT_TYPE, contentType);
return this;
} }
/** /**