Class JwtUtil

java.lang.Object

cloud.opencode.base.crypto.jwt.JwtUtil

public final class JwtUtil
extends Object

JWT Utility - Creates and verifies JSON Web Tokens JWT 工具类 - 创建和验证 JSON Web Token

Provides comprehensive JWT support with multiple algorithms including HMAC (HS256/384/512), RSA (RS256/384/512), and ECDSA (ES256/384/512).

提供全面的 JWT 支持，包括多种算法：HMAC、RSA 和 ECDSA。

Features | 主要功能:

• HMAC symmetric signing - HMAC 对称签名
• RSA asymmetric signing - RSA 非对称签名
• ECDSA asymmetric signing - ECDSA 非对称签名
• Claim validation - 声明验证
• Expiration checking - 过期检查

Usage Examples | 使用示例:

// Create JWT with HMAC
String token = JwtUtil.builder()
    .algorithm(JwtAlgorithm.HS256)
    .secret("your-256-bit-secret")
    .issuer("auth-service")
    .subject("user123")
    .expiresIn(Duration.ofHours(1))
    .claim("role", "admin")
    .sign();

// Verify and parse JWT
JwtClaims claims = JwtUtil.verify(token, "your-256-bit-secret");

// Create JWT with RSA
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String rsaToken = JwtUtil.builder()
    .algorithm(JwtAlgorithm.RS256)
    .privateKey(keyPair.getPrivate())
    .issuer("auth-service")
    .subject("user123")
    .sign();

// Verify RSA JWT
JwtClaims rsaClaims = JwtUtil.verify(rsaToken, keyPair.getPublic());

Security | 安全性:

• Thread-safe: Yes - 线程安全: 是
• Null-safe: Yes - 空值安全: 是

Performance | 性能特性:

• Time complexity: O(n) - 时间复杂度: O(n)，n为token长度
• Space complexity: O(n) - 空间复杂度: O(n)

Since:

JDK 25, opencode-base-crypto V1.2.0

Author:

Leon Soo www.LeonSoo.com

See Also:

• OpenCode.cloud

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	JwtUtil.Builder	JWT Builder - Fluent builder for creating JWTs JWT 构建器 - 用于创建 JWT 的流式构建器
static final record	JwtUtil.JwtParts	JWT Parts - Holds parsed JWT components JWT 部分 - 保存解析后的 JWT 组件

Method Summary

Modifier and Type	Method	Description
static JwtUtil.Builder	builder()	Creates a new JWT builder.
static JwtUtil.JwtParts	parse(String token)	Parses JWT parts without verification.
static JwtClaims	parseUnsafe(String token)	Parses a JWT without verification (unsafe).
static String	quickSign(JwtClaims claims, String secret)	Creates a quick JWT with claims.
static String	quickSign(String subject, String secret, Duration expiration)	Creates a quick JWT with HMAC-SHA256.
static JwtClaims	verify(String token, byte[] secret)	Verifies a JWT with HMAC secret bytes and returns claims.
static JwtClaims	verify(String token, String secret)	Verifies a JWT with HMAC secret and returns claims.
static JwtClaims	verify(String token, PublicKey publicKey)	Verifies a JWT with public key and returns claims.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

builder

public static JwtUtil.Builder builder()

Creates a new JWT builder. 创建新的 JWT 构建器。

Returns:

a new builder

verify

public static JwtClaims verify(String token,
 String secret)

Verifies a JWT with HMAC secret and returns claims. 使用 HMAC 密钥验证 JWT 并返回声明。

Parameters:

token - the JWT string

secret - the HMAC secret

Returns:

the verified claims

Throws:

OpenSignatureException - if verification fails

verify

public static JwtClaims verify(String token,
 byte[] secret)

Verifies a JWT with HMAC secret bytes and returns claims. 使用 HMAC 密钥字节验证 JWT 并返回声明。

Parameters:

token - the JWT string

secret - the HMAC secret bytes

Returns:

the verified claims

Throws:

OpenSignatureException - if verification fails

verify

public static JwtClaims verify(String token,
 PublicKey publicKey)

Verifies a JWT with public key and returns claims. 使用公钥验证 JWT 并返回声明。

Parameters:

token - the JWT string

publicKey - the public key

Returns:

the verified claims

Throws:

OpenSignatureException - if verification fails

parseUnsafe

public static JwtClaims parseUnsafe(String token)

Parses a JWT without verification (unsafe). 解析 JWT 但不验证（不安全）。

Parameters:

token - the JWT string

Returns:

the claims (unverified)

parse

public static JwtUtil.JwtParts parse(String token)

Parses JWT parts without verification. 解析 JWT 部分但不验证。

Parameters:

token - the JWT string

Returns:

the JWT parts

quickSign

public static String quickSign(String subject,
 String secret,
 Duration expiration)

Creates a quick JWT with HMAC-SHA256. 使用 HMAC-SHA256 快速创建 JWT。

Parameters:

subject - the subject

secret - the secret

expiration - the expiration duration

Returns:

the JWT string

quickSign

public static String quickSign(JwtClaims claims,
 String secret)

Creates a quick JWT with claims. 使用声明快速创建 JWT。

Parameters:

claims - the claims

secret - the secret

Returns:

the JWT string