smallrye · sberyozkin · Jun 15, 2020 · Jun 11, 2020
diff --git a/implementation/src/main/java/io/smallrye/jwt/build/Jwt.java b/implementation/src/main/java/io/smallrye/jwt/build/Jwt.java
@@ -2,6 +2,7 @@
 
 import java.util.Collection;
 import java.util.Map;
+import java.util.Set;
 
 import javax.json.JsonArray;
 import javax.json.JsonObject;
@@ -95,4 +96,257 @@ public static JwtClaimsBuilder claims(String jsonLocation) {
     public static JwtClaimsBuilder claims(JsonWebToken jwt) {
         return JwtProvider.provider().claims(jwt);
     }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified claim.
+     *
+     * @param name the claim name
+     * @param value the claim value
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder claim(String name, Object value) {
+        return claims().claim(name, value);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified issuer.
+     *
+     * @param issuer the issuer
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder issuer(String issuer) {
+        return claims().issuer(issuer);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified subject.
+     *
+     * @param subject the subject
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder subject(String subject) {
+        return claims().subject(subject);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified 'groups' claim.
+     *
+     * @param groups the groups
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder groups(String groups) {
+        return claims().groups(groups);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified 'groups' claim.
+     *
+     * @param groups the groups
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder groups(Set<String> groups) {
+        return claims().groups(groups);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified 'audience' claim.
+     *
+     * @param groups the audience
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder audience(String audience) {
+        return claims().audience(audience);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified 'audience' claim.
+     *
+     * @param groups the audience
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder audience(Set<String> audiences) {
+        return claims().audience(audiences);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified 'upn' claim.
+     *
+     * @param upn the upn
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder upn(String upn) {
+        return claims().upn(upn);
+    }
+
+    /**
+     * Creates a new instance of {@link JwtClaimsBuilder} with a specified 'preferred_username' claim.
+     *
+     * @param preferredUserName the preferred user name
+     * @return {@link JwtClaimsBuilder}
+     */
+    public static JwtClaimsBuilder preferredUserName(String preferredUserName) {
+        return claims().preferredUserName(preferredUserName);
+    }
+
+    /**
+     * Sign the claims loaded from a JSON resource using 'RS256' algorithm with a private RSA key
+     * loaded from the location set with the "smallrye.jwt.sign.key-location".
+     * Private RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param jsonLocation JSON resource location
+     * @return signed JWT token
+     * @throws JwtSignatureException the exception if the signing operation has failed
+     */
+    public static String sign(String jsonLocation) {
+        return claims(jsonLocation).sign();
+    }
+
+    /**
+     * Sign the claims using 'RS256' algorithm with a private RSA key
+     * loaded from the location set with the "smallrye.jwt.sign.key-location".
+     * Private RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param claims the map with the claim name and value pairs. Claim value is converted to String unless it is
+     *        an instance of {@link Boolean}, {@link Number}, {@link Collection}, {@link Map},
+     *        {@link JsonObject} or {@link JsonArray}
+     * @return signed JWT token
+     * @throws JwtSignatureException the exception if the signing operation has failed
+     */
+    public static String sign(Map<String, Object> claims) {
+        return claims(claims).sign();
+    }
+
+    /**
+     * Sign the claims loaded from {@link JsonObject} using 'RS256' algorithm with a private RSA key
+     * loaded from the location set with the "smallrye.jwt.sign.key-location".
+     * Private RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param jsonObject {@link JsonObject} containing the claims.
+     * @return signed JWT token
+     * @throws JwtSignatureException the exception if the signing operation has failed
+     */
+    public static String sign(JsonObject jsonObject) {
+        return claims(jsonObject).sign();
+    }
+
+    /**
+     * Encrypt the claims loaded from a JSON resource using 'RSA-OAEP-256' algorithm with a public RSA key
+     * loaded from the location set with the "smallrye.jwt.encrypt.key-location".
+     * Public RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param jsonLocation JSON resource location
+     * @return encrypted JWT token
+     * @throws JwtEncryptionException the exception if the encryption operation has failed
+     */
+    public static String encrypt(String jsonLocation) {
+        return claims(jsonLocation).jwe().encrypt();
+    }
+
+    /**
+     * Encrypt the claims using 'RSA-OAEP-256' algorithm with a public RSA key
+     * loaded from the location set with the "smallrye.jwt.encrypt.key-location".
+     * Public RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param claims the map with the claim name and value pairs. Claim value is converted to String unless it is
+     *        an instance of {@link Boolean}, {@link Number}, {@link Collection}, {@link Map},
+     *        {@link JsonObject} or {@link JsonArray}
+     * @return encrypted JWT token
+     * @throws JwtEncryptionException the exception if the encryption operation has failed
+     */
+    public static String encrypt(Map<String, Object> claims) {
+        return claims(claims).jwe().encrypt();
+    }
+
+    /**
+     * Encrypt the claims loaded from {@link JsonObject} using 'RSA-OAEP-256' algorithm with a public RSA key
+     * loaded from the location set with the "smallrye.jwt.encrypt.key-location".
+     * Public RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param jsonObject {@link JsonObject} containing the claims.
+     * @return encrypted JWT token
+     * @throws JwtEncryptionException the exception if the encryption operation has failed
+     */
+    public static String encrypt(JsonObject jsonObject) {
+        return claims(jsonObject).jwe().encrypt();
+    }
+
+    /**
+     * Sign the claims loaded from a JSON resource using 'RS256' algorithm with a private RSA key
+     * loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using
+     * 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location".
+     * Public RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param jsonLocation JSON resource location
+     * @return encrypted JWT token
+     * @throws JwtEncryptionException the exception if the encryption operation has failed
+     */
+    public static String innerSignAndEncrypt(String jsonLocation) {
+        return claims(jsonLocation).innerSign().encrypt();
+    }
+
+    /**
+     * Sign the claims using 'RS256' algorithm with a private RSA key
+     * loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using
+     * 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location".
+     * Public RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param claims the map with the claim name and value pairs. Claim value is converted to String unless it is
+     *        an instance of {@link Boolean}, {@link Number}, {@link Collection}, {@link Map},
+     *        {@link JsonObject} or {@link JsonArray}
+     * @return encrypted JWT token
+     * @throws JwtEncryptionException the exception if the encryption operation has failed
+     */
+    public static String innerSignAndEncrypt(Map<String, Object> claims) {
+        return claims(claims).innerSign().encrypt();
+    }
+
+    /**
+     * Sign the claims loaded from {@link JsonObject} using 'RS256' algorithm with a private RSA key
+     * loaded from the location set with the "smallrye.jwt.sign.key-location" and encrypt the inner JWT using
+     * 'RSA-OAEP-256' algorithm with a public RSA key loaded from the location set with the "smallrye.jwt.encrypt.key-location".
+     * Public RSA key of size 2048 bits or larger MUST be used.
+     *
+     * The 'iat' (issued at time), 'exp' (expiration time) and 'jit' (unique token identifier) claims
+     * will be and the `iss` issuer claim may be set by the implementation unless they have already been set.
+     * See {@link JwtClaimsBuilder} description for more information.
+     *
+     * @param jsonObject {@link JsonObject} containing the claims.
+     * @return encrypted JWT token
+     * @throws JwtEncryptionException the exception if the encryption operation has failed
+     */
+    public static String innerSignAndEncrypt(JsonObject jsonObject) {
+        return claims(jsonObject).innerSign().encrypt();
+    }
 }
diff --git a/implementation/src/main/java/io/smallrye/jwt/build/JwtClaimsBuilder.java b/implementation/src/main/java/io/smallrye/jwt/build/JwtClaimsBuilder.java
@@ -1,5 +1,6 @@
 package io.smallrye.jwt.build;
 
+import java.time.Instant;
 import java.util.Collection;
 import java.util.Map;
 import java.util.Set;
@@ -67,6 +68,16 @@ public interface JwtClaimsBuilder extends JwtSignature {
      */
     JwtClaimsBuilder issuedAt(long issuedAt);
 
+    /**
+     * Set an issuedAt 'iat' claim
+     * 
+     * @param issuedAt the issuedAt time in seconds
+     * @return JwtClaimsBuilder
+     */
+    default JwtClaimsBuilder issuedAt(Instant issuedAt) {
+        return issuedAt(issuedAt.getEpochSecond());
+    }
+
     /**
      * Set an expiry 'exp' claim
      * 
@@ -75,6 +86,16 @@ public interface JwtClaimsBuilder extends JwtSignature {
      */
     JwtClaimsBuilder expiresAt(long expiredAt);
 
+    /**
+     * Set an expiry 'exp' claim
+     * 
+     * @param expiredAt the expiry time in seconds
+     * @return JwtClaimsBuilder
+     */
+    default JwtClaimsBuilder expiresAt(Instant expiredAt) {
+        return expiresAt(expiredAt.getEpochSecond());
+    }
+
     /**
      * Set a single value 'groups' claim
      *