修复verify方法在定义alg为none时验证失效问题（issue#4105@Github）

hutool-jwt/src/main/java/cn/hutool/jwt/JWT.java

@@ -118,12 +118,7 @@ public class JWT implements RegisteredPayload<JWT> {
 	 * @return this
 	 */
 	public JWT setKey(byte[] key) {
-		// 检查头信息中是否有算法信息
-		final String claim = (String) this.header.getClaim(JWTHeader.ALGORITHM);
-		if (StrUtil.isNotBlank(claim)) {
-			return setSigner(JWTSignerUtil.createSigner(claim, key));
-		}
-		return setSigner(JWTSignerUtil.hs256(key));
+		return setSigner(StrUtil.nullToDefault(getAlgorithm(), "HS256"), key);
 	}
 
 	/**
@@ -169,6 +164,13 @@ public class JWT implements RegisteredPayload<JWT> {
 	 */
 	public JWT setSigner(JWTSigner signer) {
 		this.signer = signer;
+
+		// 检查头信息中是否有算法信息
+		final String algorithm = (String) this.header.getClaim(JWTHeader.ALGORITHM);
+		if (StrUtil.isBlank(algorithm)) {
+			this.header.setAlgorithm(AlgorithmUtil.getId(signer.getAlgorithm()));
+		}
+
 		return this;
 	}
 
@@ -346,7 +348,7 @@ public class JWT implements RegisteredPayload<JWT> {
 		}
 
 		// 检查头信息中是否有算法信息
-		final String algorithm = (String) this.header.getClaim(JWTHeader.ALGORITHM);
+		final String algorithm = getAlgorithm();
 		if (StrUtil.isBlank(algorithm)) {
 			this.header.setClaim(JWTHeader.ALGORITHM,
 				AlgorithmUtil.getId(signer.getAlgorithm()));

hutool-jwt/src/main/java/cn/hutool/jwt/JWTHeader.java

@@ -34,6 +34,42 @@ public class JWTHeader extends Claims {
 	 */
 	public JWTHeader() {}
 
+	/**
+	 * 增加“alg”头信息
+	 *
+	 * @param algorithm 算法ID，如HS265
+	 * @return this
+	 * @since 5.8.42
+	 */
+	public JWTHeader setAlgorithm(final String algorithm) {
+		setClaim(ALGORITHM, algorithm);
+		return this;
+	}
+
+	/**
+	 * 增加“typ”头信息
+	 *
+	 * @param type 类型，如JWT
+	 * @return this
+	 * @since 5.8.42
+	 */
+	public JWTHeader setType(final String type) {
+		setClaim(TYPE, type);
+		return this;
+	}
+
+	/**
+	 * 增加“cty”头信息
+	 *
+	 * @param contentType 内容类型
+	 * @return this
+	 * @since 5.8.42
+	 */
+	public JWTHeader setContentType(final String contentType) {
+		setClaim(CONTENT_TYPE, contentType);
+		return this;
+	}
+
 	/**
 	 * 增加“kid”头信息
 	 *

hutool-jwt/src/test/java/cn/hutool/jwt/Issue3732Test.java

@@ -19,6 +19,6 @@ public class Issue3732Test {
 
 		// 创建 JWT token
 		String token = JWTUtil.createToken(payload, SIGNER);
-		assertEquals("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiYWRtaW4iLCJuYW1lIjoidGVzdCJ9.pD3Xz41rtXvU3G1c_yS7ir01FXmDvtjjAOU2HYd8MdA", token);
+		assertEquals("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYWRtaW4iLCJuYW1lIjoidGVzdCJ9.eS1hjkb2ympf7Gtnh_Xmzmb29bXt3J-1SyNTLMBipbY", token);
 	}
 }

hutool-jwt/src/test/java/cn/hutool/jwt/Issue4105Test.java

@@ -40,7 +40,7 @@ public class Issue4105Test {
 		// 对于签名为none的JWT，verify()方法总是返回true
 		Assertions.assertTrue(jwt.verify());
 
-		// 对于签名为none的JWT，setKey使用的签名总是
+		// 对于签名为none的JWT，但是定义了key，不一致报错
 		final JWT jwt2 = JWTUtil.parseToken(token);
 		Assertions.assertThrows(JWTException.class, ()-> jwt2.setKey("123".getBytes(StandardCharsets.UTF_8)).verify());
 	}

hutool-jwt/src/test/java/cn/hutool/jwt/IssueI6IS5BTest.java

@@ -20,7 +20,7 @@ public class IssueI6IS5BTest {
 		final JwtToken jwtToken = new JwtToken();
 		jwtToken.setIat(iat);
 		final String token = JWTUtil.createToken(JSONUtil.parseObj(jwtToken), "123".getBytes(StandardCharsets.UTF_8));
-		assertEquals("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2Nzc3NzI4MDB9.SXU_mm1wT5lNoK-Dq5Y8f3BItv_44zuAlyeWLqajpXg", token);
+		assertEquals("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Nzc3NzI4MDB9.W88PB2ovAqCXV4QdbeKbdFW-P057xOTXEosD8hbOa9U", token);
 		final JSONObject payloads = JWTUtil.parseToken(token).getPayloads();
 		assertEquals("{\"iat\":1677772800}", payloads.toString());
 		final JwtToken o = payloads.toBean(JwtToken.class);
@@ -38,7 +38,7 @@ public class IssueI6IS5BTest {
 		final JwtToken2 jwtToken = new JwtToken2();
 		jwtToken.setIat(iat);
 		final String token = JWTUtil.createToken(JSONUtil.parseObj(jwtToken), "123".getBytes(StandardCharsets.UTF_8));
-		assertEquals("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2Nzc3NzI4MDB9.SXU_mm1wT5lNoK-Dq5Y8f3BItv_44zuAlyeWLqajpXg", token);
+		assertEquals("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Nzc3NzI4MDB9.W88PB2ovAqCXV4QdbeKbdFW-P057xOTXEosD8hbOa9U", token);
 		final JSONObject payloads = JWTUtil.parseToken(token).getPayloads();
 		assertEquals("{\"iat\":1677772800}", payloads.toString());
 		final JwtToken2 o = payloads.toBean(JwtToken2.class);

hutool-jwt/src/test/java/cn/hutool/jwt/JWTTest.java

@@ -19,9 +19,9 @@ public class JWTTest {
 			.setExpiresAt(DateUtil.parse("2022-01-01"))
 			.setKey(key);
 
-		final String rightToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9." +
+		final String rightToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." +
 			"eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Imxvb2x5IiwiYWRtaW4iOnRydWUsImV4cCI6MTY0MDk2NjQwMH0." +
-			"bXlSnqVeJXWqUIt7HyEhgKNVlIPjkumHlAwFY-5YCtk";
+			"8siIwEMHf-DRyUjVElS_yipb6Mo3c1z0wFiheGXWGQw";
 
 		final String token = jwt.sign();
 		assertEquals(rightToken, token);
@@ -58,7 +58,7 @@ public class JWTTest {
 			.setPayload("admin", true)
 			.setSigner(JWTSignerUtil.none());
 
-		final String rightToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0." +
+		final String rightToken = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0." +
 			"eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Imxvb2x5IiwiYWRtaW4iOnRydWV9.";
 
 		final String token = jwt.sign();