Class OpenJwt

java.lang.Object

cloud.opencode.base.crypto.OpenJwt

public final class OpenJwt
extends Object

OpenJWT Facade - Simplified API for JWT operations OpenJWT 门面类 - 简化的 JWT 操作 API

This facade provides easy-to-use static methods for common JWT operations, including creation and verification with various algorithms.

此门面类提供易于使用的静态方法用于常见的 JWT 操作，包括使用各种算法创建和验证。

Features | 主要功能:

• HMAC symmetric signing (HS256/384/512) - HMAC 对称签名
• RSA asymmetric signing (RS256/384/512) - RSA 非对称签名
• ECDSA asymmetric signing (ES256/384/512) - ECDSA 非对称签名
• Claim validation - 声明验证
• Expiration checking - 过期检查

Usage Examples | 使用示例:

// Quick JWT creation with HMAC
String token = OpenJwt.sign("user123", "secret-key", Duration.ofHours(1));

// Verify and get claims
JwtClaims claims = OpenJwt.verify(token, "secret-key");

// Create JWT with custom claims
JwtClaims customClaims = JwtClaims.builder()
    .subject("user123")
    .issuer("auth-service")
    .expiresIn(Duration.ofHours(1))
    .claim("role", "admin")
    .build();
String customToken = OpenJwt.sign(customClaims, "secret-key");

// Create JWT with RSA
KeyPair keyPair = OpenJwt.generateRsaKeyPair();
String rsaToken = OpenJwt.signRsa("user123", keyPair.getPrivate(), Duration.ofHours(1));
JwtClaims rsaClaims = OpenJwt.verify(rsaToken, keyPair.getPublic());

Security | 安全性:

• Thread-safe: Yes - 线程安全: 是
• Null-safe: Yes - 空值安全: 是

Since:

JDK 25, opencode-base-crypto V1.2.0

Author:

Leon Soo www.LeonSoo.com

See Also:

• OpenCode.cloud

Method Summary

Modifier and Type	Method	Description
static JwtUtil.Builder	builder()	Creates a new JWT builder for advanced configuration.
static JwtClaims.Builder	claims()	Creates a new claims builder.
static KeyPair	generateEcKeyPair()	Generates an EC key pair for JWT signing.
static KeyPair	generateEcKeyPair(String curveName)	Generates an EC key pair with specified curve.
static KeyPair	generateRsaKeyPair()	Generates an RSA key pair for JWT signing.
static KeyPair	generateRsaKeyPair(int keySize)	Generates an RSA key pair with specified key size.
static JwtClaims	parseUnsafe(String token)	Parses a JWT without verification (unsafe).
static String	sign(JwtClaims claims, String secret)	Creates a JWT with HMAC-SHA256 using JwtClaims.
static String	sign(JwtClaims claims, String secret, JwtAlgorithm algorithm)	Creates a JWT with specified HMAC algorithm.
static String	sign(String subject, String secret, Duration expiration)	Creates a JWT with HMAC-SHA256.
static String	signEc(JwtClaims claims, PrivateKey privateKey)	Creates a JWT with ECDSA-SHA256 using JwtClaims.
static String	signEc(JwtClaims claims, PrivateKey privateKey, JwtAlgorithm algorithm)	Creates a JWT with specified ECDSA algorithm.
static String	signEc(String subject, PrivateKey privateKey, Duration expiration)	Creates a JWT with ECDSA-SHA256.
static String	signRsa(JwtClaims claims, PrivateKey privateKey)	Creates a JWT with RSA-SHA256 using JwtClaims.
static String	signRsa(JwtClaims claims, PrivateKey privateKey, JwtAlgorithm algorithm)	Creates a JWT with specified RSA algorithm.
static String	signRsa(String subject, PrivateKey privateKey, Duration expiration)	Creates a JWT with RSA-SHA256.
static JwtClaims	verify(String token, String secret)	Verifies a JWT with HMAC secret.
static JwtClaims	verify(String token, PublicKey publicKey)	Verifies a JWT with public key.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

sign

public static String sign(String subject,
 String secret,
 Duration expiration)

Creates a JWT with HMAC-SHA256. 使用 HMAC-SHA256 创建 JWT。

Parameters:

subject - the subject (e.g., user ID)

secret - the secret key

expiration - the expiration duration

Returns:

the JWT string

sign

public static String sign(JwtClaims claims,
 String secret)

Creates a JWT with HMAC-SHA256 using JwtClaims. 使用 JwtClaims 和 HMAC-SHA256 创建 JWT。

Parameters:

claims - the JWT claims

secret - the secret key

Returns:

the JWT string

sign

public static String sign(JwtClaims claims,
 String secret,
 JwtAlgorithm algorithm)

Creates a JWT with specified HMAC algorithm. 使用指定的 HMAC 算法创建 JWT。

Parameters:

claims - the JWT claims

secret - the secret key

algorithm - the HMAC algorithm (HS256, HS384, HS512)

Returns:

the JWT string

signRsa

public static String signRsa(String subject,
 PrivateKey privateKey,
 Duration expiration)

Creates a JWT with RSA-SHA256. 使用 RSA-SHA256 创建 JWT。

Parameters:

subject - the subject

privateKey - the RSA private key

expiration - the expiration duration

Returns:

the JWT string

signRsa

public static String signRsa(JwtClaims claims,
 PrivateKey privateKey)

Creates a JWT with RSA-SHA256 using JwtClaims. 使用 JwtClaims 和 RSA-SHA256 创建 JWT。

Parameters:

claims - the JWT claims

privateKey - the RSA private key

Returns:

the JWT string

signRsa

public static String signRsa(JwtClaims claims,
 PrivateKey privateKey,
 JwtAlgorithm algorithm)

Creates a JWT with specified RSA algorithm. 使用指定的 RSA 算法创建 JWT。

Parameters:

claims - the JWT claims

privateKey - the RSA private key

algorithm - the RSA algorithm (RS256, RS384, RS512, PS256, PS384, PS512)

Returns:

the JWT string

signEc

public static String signEc(String subject,
 PrivateKey privateKey,
 Duration expiration)

Creates a JWT with ECDSA-SHA256. 使用 ECDSA-SHA256 创建 JWT。

Parameters:

subject - the subject

privateKey - the EC private key

expiration - the expiration duration

Returns:

the JWT string

signEc

public static String signEc(JwtClaims claims,
 PrivateKey privateKey)

Creates a JWT with ECDSA-SHA256 using JwtClaims. 使用 JwtClaims 和 ECDSA-SHA256 创建 JWT。

Parameters:

claims - the JWT claims

privateKey - the EC private key

Returns:

the JWT string

signEc

public static String signEc(JwtClaims claims,
 PrivateKey privateKey,
 JwtAlgorithm algorithm)

Creates a JWT with specified ECDSA algorithm. 使用指定的 ECDSA 算法创建 JWT。

Parameters:

claims - the JWT claims

privateKey - the EC private key

algorithm - the ECDSA algorithm (ES256, ES384, ES512)

Returns:

the JWT string

verify

public static JwtClaims verify(String token,
 String secret)

Verifies a JWT with HMAC secret. 使用 HMAC 密钥验证 JWT。

Parameters:

token - the JWT string

secret - the secret key

Returns:

the verified claims

verify

public static JwtClaims verify(String token,
 PublicKey publicKey)

Verifies a JWT with public key. 使用公钥验证 JWT。

Parameters:

token - the JWT string

publicKey - the public key (RSA or EC)

Returns:

the verified claims

parseUnsafe

public static JwtClaims parseUnsafe(String token)

Parses a JWT without verification (unsafe). 解析 JWT 但不验证（不安全）。

Parameters:

token - the JWT string

Returns:

the claims (unverified)

generateRsaKeyPair

public static KeyPair generateRsaKeyPair()

Generates an RSA key pair for JWT signing. 生成用于 JWT 签名的 RSA 密钥对。

Returns:

the RSA key pair

generateRsaKeyPair

public static KeyPair generateRsaKeyPair(int keySize)

Generates an RSA key pair with specified key size. 生成指定密钥大小的 RSA 密钥对。

Parameters:

keySize - the key size in bits

Returns:

the RSA key pair

generateEcKeyPair

public static KeyPair generateEcKeyPair()

Generates an EC key pair for JWT signing. 生成用于 JWT 签名的 EC 密钥对。

Returns:

the EC key pair (P-256)

generateEcKeyPair

public static KeyPair generateEcKeyPair(String curveName)

Generates an EC key pair with specified curve. 生成指定曲线的 EC 密钥对。

Parameters:

curveName - the curve name (secp256r1, secp384r1, secp521r1)

Returns:

the EC key pair

builder

public static JwtUtil.Builder builder()

Creates a new JWT builder for advanced configuration. 创建新的 JWT 构建器用于高级配置。

Returns:

a new JwtUtil.Builder instance

claims

public static JwtClaims.Builder claims()

Creates a new claims builder. 创建新的声明构建器。

Returns:

a new JwtClaims.Builder instance