/** * Returns a Json Web Token builder used to create and sign tokens * * @return a token builder. */ public static JWTCreator.Builder create() { return JWTCreator.init(); } }
/** * Creates a new JWT and signs is with the given algorithm * * @param algorithm used to sign the JWT * @return a new JWT token * @throws IllegalArgumentException if the provided algorithm is null. * @throws JWTCreationException if the claims could not be converted to a valid JSON or there was a problem with the signing key. */ public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCreationException { if (algorithm == null) { throw new IllegalArgumentException("The Algorithm cannot be null."); } headerClaims.put(PublicClaims.ALGORITHM, algorithm.getName()); headerClaims.put(PublicClaims.TYPE, "JWT"); String signingKeyId = algorithm.getSigningKeyId(); if (signingKeyId != null) { withKeyId(signingKeyId); } return new JWTCreator(algorithm, headerClaims, payloadClaims).sign(); }
@Test public void shouldSetCorrectAlgorithmInTheHeader() throws Exception { String signed = JWTCreator.init() .sign(Algorithm.HMAC256("secret")); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("alg", "HS256")); }
/** * Creates a new JWT and signs is with the given algorithm * * @param algorithm used to sign the JWT * @return a new JWT token * @throws IllegalArgumentException if the provided algorithm is null. * @throws JWTCreationException if the claims could not be converted to a valid JSON or there was a problem with the signing key. */ public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCreationException { if (algorithm == null) { throw new IllegalArgumentException("The Algorithm cannot be null."); } headerClaims.put(PublicClaims.ALGORITHM, algorithm.getName()); headerClaims.put(PublicClaims.TYPE, "JWT"); String signingKeyId = algorithm.getSigningKeyId(); if (signingKeyId != null) { withKeyId(signingKeyId); } return new JWTCreator(algorithm, headerClaims, payloadClaims).sign(); }
@Test public void shouldSetCorrectTypeInTheHeader() throws Exception { String signed = JWTCreator.init() .sign(Algorithm.HMAC256("secret")); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("typ", "JWT")); }
@Test public void shouldAddKeyIdIfAvailableFromRSAAlgorithms() throws Exception { RSAPrivateKey privateKey = (RSAPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA"); RSAKeyProvider provider = mock(RSAKeyProvider.class); when(provider.getPrivateKeyId()).thenReturn("my-key-id"); when(provider.getPrivateKey()).thenReturn(privateKey); String signed = JWTCreator.init() .sign(Algorithm.RSA256(provider)); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("kid", "my-key-id")); }
@SuppressWarnings("Convert2Diamond") @Test public void shouldAddHeaderClaim() throws Exception { Map<String, Object> header = new HashMap<String, Object>(); header.put("asd", 123); String signed = JWTCreator.init() .withHeader(header) .sign(Algorithm.HMAC256("secret")); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("asd", 123)); }
@Test public void shouldAddKeyIdIfAvailableFromECDSAAlgorithms() throws Exception { ECPrivateKey privateKey = (ECPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_256, "EC"); ECDSAKeyProvider provider = mock(ECDSAKeyProvider.class); when(provider.getPrivateKeyId()).thenReturn("my-key-id"); when(provider.getPrivateKey()).thenReturn(privateKey); String signed = JWTCreator.init() .sign(Algorithm.ECDSA256(provider)); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("kid", "my-key-id")); }
@Test public void shouldAcceptCustomClaimOfTypeDate() throws Exception { Date date = new Date(1478891521000L); String jwt = JWTCreator.init() .withClaim("name", date) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjoxNDc4ODkxNTIxfQ")); }
@Test public void shouldAcceptCustomClaimOfTypeLong() throws Exception { String jwt = JWTCreator.init() .withClaim("name", Long.MAX_VALUE) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjo5MjIzMzcyMDM2ODU0Nzc1ODA3fQ")); }
@Test public void shouldAcceptCustomClaimOfTypeString() throws Exception { String jwt = JWTCreator.init() .withClaim("name", "value") .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjoidmFsdWUifQ")); }
@Test public void shouldAcceptCustomClaimOfTypeDouble() throws Exception { String jwt = JWTCreator.init() .withClaim("name", 23.45) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjoyMy40NX0")); }
@Test public void shouldAddKeyId() throws Exception { String signed = JWTCreator.init() .withKeyId("56a8bd44da435300010000015f5ed") .sign(Algorithm.HMAC256("secret")); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("kid", "56a8bd44da435300010000015f5ed")); }
@Test public void shouldAcceptCustomClaimOfTypeInteger() throws Exception { String jwt = JWTCreator.init() .withClaim("name", 123) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjoxMjN9")); }
@Test public void shouldAcceptCustomClaimOfTypeBoolean() throws Exception { String jwt = JWTCreator.init() .withClaim("name", true) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjp0cnVlfQ")); }
@Test public void shouldAcceptCustomArrayClaimOfTypeString() throws Exception { String jwt = JWTCreator.init() .withArrayClaim("name", new String[]{"text", "123", "true"}) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjpbInRleHQiLCIxMjMiLCJ0cnVlIl19")); }
@Test public void shouldAcceptCustomArrayClaimOfTypeInteger() throws Exception { String jwt = JWTCreator.init() .withArrayClaim("name", new Integer[]{1, 2, 3}) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjpbMSwyLDNdfQ")); }
@Test public void shouldAcceptCustomArrayClaimOfTypeLong() throws Exception { String jwt = JWTCreator.init() .withArrayClaim("name", new Long[]{1L, 2L, 3L}) .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); String[] parts = jwt.split("\\."); assertThat(parts[1], is("eyJuYW1lIjpbMSwyLDNdfQ")); } }
@Test public void shouldNotOverwriteKeyIdIfAddedFromRSAAlgorithms() throws Exception { RSAPrivateKey privateKey = (RSAPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_RSA, "RSA"); RSAKeyProvider provider = mock(RSAKeyProvider.class); when(provider.getPrivateKeyId()).thenReturn("my-key-id"); when(provider.getPrivateKey()).thenReturn(privateKey); String signed = JWTCreator.init() .withKeyId("real-key-id") .sign(Algorithm.RSA256(provider)); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("kid", "my-key-id")); }
@Test public void shouldNotOverwriteKeyIdIfAddedFromECDSAAlgorithms() throws Exception { ECPrivateKey privateKey = (ECPrivateKey) PemUtils.readPrivateKeyFromFile(PRIVATE_KEY_FILE_EC_256, "EC"); ECDSAKeyProvider provider = mock(ECDSAKeyProvider.class); when(provider.getPrivateKeyId()).thenReturn("my-key-id"); when(provider.getPrivateKey()).thenReturn(privateKey); String signed = JWTCreator.init() .withKeyId("real-key-id") .sign(Algorithm.ECDSA256(provider)); assertThat(signed, is(notNullValue())); String[] parts = signed.split("\\."); String headerJson = new String(Base64.decodeBase64(parts[0]), StandardCharsets.UTF_8); assertThat(headerJson, JsonMatcher.hasEntry("kid", "my-key-id")); }