Json web token 详解(二)

下面不使用jwt的类库，而用一个程序来实现jwt，来加深对jwt的格式和生成的理解。

package jwt;import org.apache.commons.codec.binary.Base64;import javax.crypto.Mac;import javax.crypto.spec.SecretKeySpec;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;/** * 不使用jwt库的java实现jwt数据生成 */public class JwtJava {    private static final String MAC_INSTANCE_NAME = "HMacSHA256";    /**     * 生成jwt的签名部分     * @param secret     * @param message     * @return     * @throws NoSuchAlgorithmException     * @throws InvalidKeyException     */    public static String Hmacsha256(String secret, String message) throws NoSuchAlgorithmException, InvalidKeyException {        Mac hmac_sha256 = Mac.getInstance(MAC_INSTANCE_NAME);        SecretKeySpec key = new SecretKeySpec(secret.getBytes(), MAC_INSTANCE_NAME);        hmac_sha256.init(key);        byte[] buff = hmac_sha256.doFinal(message.getBytes());        return Base64.encodeBase64URLSafeString(buff);    }    /**     * 模拟一个jwt的完成数据     * @throws InvalidKeyException     * @throws NoSuchAlgorithmException     */    public static void testJWT() throws InvalidKeyException, NoSuchAlgorithmException {        //签名的key        String secret = "secret";        //header数据        String headerJson = "{\"type\":\"JWT\",\"alg\":\"HS256\"}";        //Payload(载荷)        String payloadJson = "{\"sub\":\"1234567890\", \"name\":\"John Doe\",\"admin\":true}";        String base64Header = Base64.encodeBase64URLSafeString(headerJson.getBytes());        String base64Claim = Base64.encodeBase64URLSafeString(payloadJson.getBytes());        String signature = Hmacsha256(secret, base64Header + "." + base64Claim);        String jwt = base64Header + "." + base64Claim  + "." + signature;        System.out.println(jwt);    }    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {        JwtJava.testJWT();    }}