fix jwt bug

2025-07-21 15:09:48 +08:00 · 2021-06-18 15:59:20 +08:00
parent 7ead906910
commit 86d711cc03
10 changed files with 167 additions and 37 deletions
--- a/hutool-jwt/src/main/java/cn/hutool/jwt/JWT.java
+++ b/hutool-jwt/src/main/java/cn/hutool/jwt/JWT.java
@@ -12,6 +12,8 @@ import cn.hutool.jwt.signers.JWTSigner;
 import cn.hutool.jwt.signers.JWTSignerUtil;

 import java.nio.charset.Charset;
+import java.security.Key;
+import java.security.KeyPair;
 import java.util.List;
 import java.util.Map;

@@ -125,6 +127,30 @@ public class JWT {
 		return setSigner(JWTSignerUtil.createSigner(algorithmId, key));
 	}

+	/**
+	 * 设置签名算法
+	 *
+	 * @param algorithmId 签名算法ID，如HS256
+	 * @param key         密钥
+	 * @return this
+	 * @since 5.7.2
+	 */
+	public JWT setSigner(String algorithmId, Key key) {
+		return setSigner(JWTSignerUtil.createSigner(algorithmId, key));
+	}
+
+	/**
+	 * 设置非对称签名算法
+	 *
+	 * @param algorithmId 签名算法ID，如HS256
+	 * @param keyPair     密钥对
+	 * @return this
+	 * @since 5.7.2
+	 */
+	public JWT setSigner(String algorithmId, KeyPair keyPair) {
+		return setSigner(JWTSignerUtil.createSigner(algorithmId, keyPair));
+	}
+
 	/**
 	 * 设置签名算法
 	 *
--- a/hutool-jwt/src/main/java/cn/hutool/jwt/signers/HMacJWTSigner.java
+++ b/hutool-jwt/src/main/java/cn/hutool/jwt/signers/HMacJWTSigner.java
@@ -51,7 +51,7 @@ public class HMacJWTSigner implements JWTSigner {

 	@Override
 	public String sign(String headerBase64, String payloadBase64) {
-		return hMac.digestHex(StrUtil.format("{}.{}", headerBase64, payloadBase64), charset);
+		return hMac.digestBase64(StrUtil.format("{}.{}", headerBase64, payloadBase64), charset, true);
 	}

 	@Override
--- a/hutool-jwt/src/main/java/cn/hutool/jwt/signers/JWTSigner.java
+++ b/hutool-jwt/src/main/java/cn/hutool/jwt/signers/JWTSigner.java
@@ -12,7 +12,7 @@ public interface JWTSigner {
 	 *
 	 * @param headerBase64  JWT头的JSON字符串的Base64表示
 	 * @param payloadBase64 JWT载荷的JSON字符串Base64表示
-	 * @return 签名结果，即JWT的第三部分
+	 * @return 签名结果Base64，即JWT的第三部分
 	 */
 	String sign(String headerBase64, String payloadBase64);

--- a/hutool-jwt/src/test/java/cn/hutool/jwt/JWTTest.java
+++ b/hutool-jwt/src/test/java/cn/hutool/jwt/JWTTest.java
@@ -1,5 +1,6 @@
 package cn.hutool.jwt;

+import cn.hutool.core.util.StrUtil;
 import cn.hutool.jwt.signers.JWTSignerUtil;
 import org.junit.Assert;
 import org.junit.Test;
@@ -73,4 +74,14 @@ public class JWTTest {

 		jwt.sign();
 	}
+
+	@Test
+	public void verifyTest(){
+		String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." +
+				"eyJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbImFsbCJdLCJleHAiOjE2MjQwMDQ4MjIsInVzZXJJZCI6MSwiYXV0aG9yaXRpZXMiOlsiUk9MRV_op5LoibLkuozlj7ciLCJzeXNfbWVudV8xIiwiUk9MRV_op5LoibLkuIDlj7ciLCJzeXNfbWVudV8yIl0sImp0aSI6ImQ0YzVlYjgwLTA5ZTctNGU0ZC1hZTg3LTVkNGI5M2FhNmFiNiIsImNsaWVudF9pZCI6ImhhbmR5LXNob3AifQ." +
+				"aixF1eKlAKS_k3ynFnStE7-IRGiD5YaqznvK2xEjBew";
+
+		final boolean verify = JWT.of(token).setKey(StrUtil.utf8Bytes("123456")).verify();
+		Assert.assertTrue(verify);
+	}
 }