JWTSignerUtil

Introduction

JWT supports various signature algorithms, mainly divided into asymmetric and symmetric algorithms, and the supported algorithms are defined in SignAlgorithm.

Symmetric Signature

• HS256(HmacSHA256)
• HS384(HmacSHA384)
• HS512(HmacSHA512)

Asymmetric Signature

• RS256(SHA256withRSA)
• RS384(SHA384withRSA)
• RS512(SHA512withRSA)
• ES256(SHA256withECDSA)
• ES384(SHA384withECDSA)
• ES512(SHA512withECDSA)

Algorithms Dependent on BouncyCastle

• PS256(SHA256WithRSA/PSS)
• PS384(SHA384WithRSA/PSS)
• PS512(SHA512WithRSA/PSS)

Usage

Creating Predefined Algorithm Signer

JWTSignerUtil provides some predefined methods for creating signers of certain algorithms. For example, to create an HS256 signer:

final JWTSigner signer = JWTSignerUtil.hs256("123456".getBytes());
JWT jwt = JWT.create().setSigner(signer);

Creating Custom Algorithm Signer

You can create a signer for a specific algorithm dynamically by passing in the algorithmId through JWTSignerUtil.createSigner. For example, if you need to implement the ps256 algorithm, you first need to introduce the bcprov-jdk15to18 package:

<dependency>
 <groupId>org.bouncycastle</groupId>
 <artifactId>bcprov-jdk15to18</artifactId>
 <version>1.69</version>
</dependency>

Then you can create the corresponding signer:

String id = "ps256";
final JWTSigner signer = JWTSignerUtil.createSigner(id, KeyUtil.generateKeyPair(AlgorithmUtil.getAlgorithm(id)));
JWT jwt = JWT.create().setSigner(signer);

Implementing Custom Algorithm Signer

The JWTSigner interface is a general signer interface. To implement a custom algorithm, you just need to implement this interface.