Java验证jwt token
https://jwt.io/
RS256加密JWT生成、验证
https://blog.csdn.net/u011411069/article/details/79966226
How to load public certificate from pem file..?
https://www.howtobuildsoftware.com/index.php/how-do/ciLJ/java-ssl-cryptography-bouncycastle-public-key-how-to-load-public-certificate-from-pem-file
1.HS256对称加密
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | package jwt;import java.io.FileInputStream;import java.io.IOException;import java.security.KeyFactory;import java.security.PrivateKey;import java.security.PublicKey;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.Base64;import java.util.Date;import java.util.Vector;import java.util.Map;import sun.misc.BASE64Decoder;import com.auth0.jwt.JWT;import com.auth0.jwt.algorithms.Algorithm;import com.auth0.jwt.exceptions.JWTVerificationException;import com.auth0.jwt.interfaces.Claim;import com.auth0.jwt.interfaces.DecodedJWT;public class JWTValidator { private static String JWT_Type = "JWT"; protected boolean validated; protected Object[] claims; public JWTValidator() { setValidated(false); setClaims(null); } public String Generate(String secret, String issuer, String audience, String subject){ try { Algorithm algorithm = Algorithm.HMAC256(secret); // HS256 String token = JWT.create() .withIssuer(issuer) .withAudience(audience) .withSubject(subject) .sign(algorithm); System.out.println(token); return token; } catch (Exception exception){ //UTF-8 encoding not supported return ""; } } public void Validate(String token, String secret, String issuer, String audience, String subject) { DecodedJWT jwt = null; setValidated(false); if (token == null || secret == null || issuer == null || audience == null || subject == null) return; try { jwt = JWT.require(Algorithm.HMAC256(secret.getBytes())).build().verify(token); } catch (JWTVerificationException e) { return; } if (jwt == null || jwt.getType() == null || !jwt.getType().contentEquals(JWT_Type)) return; if (!jwt.getIssuer().contentEquals(issuer) || !jwt.getAudience().contains(audience) || !jwt.getSubject().contentEquals(subject)) return; Date now = new Date(); if ((jwt.getNotBefore() != null && jwt.getNotBefore().after(now)) || (jwt.getExpiresAt() != null && jwt.getExpiresAt().before(now))) return; setValidated(true); Map<String, Claim> claimsMap = jwt.getClaims(); Vector<Claim> claimsVector = new Vector<Claim>(); if (claimsMap != null) { for (Map.Entry<String, Claim> entry : claimsMap.entrySet()) { String key = entry.getKey(); if (key != null && !key.matches("aud|sub|iss|exp|iat")) { //claimsVector.add(new Claim(key, entry.getValue().asString())); } } } setClaims(claimsVector.isEmpty() ? null : claimsVector.toArray()); } public boolean isValidated() { return validated; } public void setValidated(boolean val) { validated = val; } public Object[] getClaims() { return claims; } public void setClaims(Object[] val) { claims = (val == null ? new Object[0] : val); }} |
2.RS256不对称加密,需要用public cert来验证
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 | package jwt;import junit.framework.TestCase;import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils;import org.jose4j.jws.AlgorithmIdentifiers;import org.jose4j.jws.JsonWebSignature;import org.jose4j.jwt.JwtClaims;import org.jose4j.jwt.consumer.JwtConsumer;import org.jose4j.jwt.consumer.JwtConsumerBuilder;import org.jose4j.lang.JoseException;import sun.security.util.DerInputStream;import sun.security.util.DerValue;import java.io.ByteArrayInputStream;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.IOException;import java.math.BigInteger;import java.security.*;import java.security.cert.CertificateException;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.security.spec.InvalidKeySpecException;import java.security.spec.RSAPrivateCrtKeySpec;import java.security.spec.X509EncodedKeySpec;import java.text.SimpleDateFormat;import java.util.UUID; public class JWTValidatorForRSA extends TestCase{ public void testCreateToken() throws IOException { System.out.println(createToken()); } public void testVerifyToken() throws Exception { String token = createToken(); System.out.println(token); String pkeyPath = "D:\\temp\\idsrv4.crt"; JwtClaims jwtClaims = verifyToken(token,pkeyPath); System.out.println(jwtClaims.getClaimValue("name")); System.out.println(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(jwtClaims.getIssuedAt().getValueInMillis())); System.out.println(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(jwtClaims.getExpirationTime().getValueInMillis())); } /** * 生成jwt,SHA256加密 * @return * @throws IOException */ public String createToken() throws IOException { String privateKeyPath = "D:\\temp\\idsrv4.key"; PrivateKey privateKey = getPrivateKey(getStringFromFile(privateKeyPath)); final JwtClaims claims = new JwtClaims(); claims.setClaim("name", "jack"); claims.setSubject("a@a.com"); claims.setAudience("test");//用于验证签名是否合法,验证方必须包含这些内容才验证通过 claims.setExpirationTimeMinutesInTheFuture(-1); // 60*24*30); claims.setIssuedAtToNow(); // Generate the payload final JsonWebSignature jws = new JsonWebSignature(); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); jws.setPayload(claims.toJson()); jws.setKeyIdHeaderValue(UUID.randomUUID().toString()); // Sign using the private key jws.setKey(privateKey); try { return jws.getCompactSerialization(); } catch (JoseException e) { return null; } } /** * 验证jwt * @param token * @return * @throws Exception */ public JwtClaims verifyToken(String token,String publicKeyPath) throws Exception { try { PublicKey publicKey = getPublicKey(publicKeyPath); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setVerificationKey(publicKey) .setExpectedAudience("test")//用于验证签名是否合法,可以设置多个,且可设置必须存在项,如果jwt中不包含这些内容则不通过 .build(); return jwtConsumer.processToClaims(token); } catch (Exception e) { throw new RuntimeException(e); } } private String getStringFromFile(String filePath) throws IOException { // 生成方法:安装openssl,执行 openssl genrsa -out private.pem 2048 return IOUtils.toString(new FileInputStream(filePath)); } /** * 获取PublicKey对象 * @param publicKeyBase64 * @return * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws CertificateException * @throws FileNotFoundException */ private PublicKey getPublicKey(String publicKeyPath) throws NoSuchAlgorithmException, InvalidKeySpecException, CertificateException, FileNotFoundException { /* Not work : data isn't an object ID (tag = 2) String pem = publicKeyBase64 .replaceAll("\\-*BEGIN.*CERTIFICATE\\-*", "") .replaceAll("\\-*END.*CERTIFICATE\\-*", ""); java.security.Security.addProvider( new org.bouncycastle.jce.provider.BouncyCastleProvider() ); System.out.println(pem); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(pem)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(pubKeySpec); */ CertificateFactory fact = CertificateFactory.getInstance("X.509"); FileInputStream is = new FileInputStream (publicKeyPath); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); PublicKey publicKey = cer.getPublicKey(); System.out.println(publicKey); return publicKey; } /** * 获取PrivateKey对象 * @param privateKeyBase64 * @return */ private PrivateKey getPrivateKey(String privateKeyBase64) { String privKeyPEM = privateKeyBase64 .replaceAll("\\-*BEGIN.*KEY\\-*", "") .replaceAll("\\-*END.*KEY\\-*", ""); // Base64 decode the data byte[] encoded = Base64.decodeBase64(privKeyPEM); try { DerInputStream derReader = new DerInputStream(encoded); DerValue[] seq = derReader.getSequence(0); if (seq.length < 9) { throw new GeneralSecurityException("Could not read private key"); } // skip version seq[0]; BigInteger modulus = seq[1].getBigInteger(); BigInteger publicExp = seq[2].getBigInteger(); BigInteger privateExp = seq[3].getBigInteger(); BigInteger primeP = seq[4].getBigInteger(); BigInteger primeQ = seq[5].getBigInteger(); BigInteger expP = seq[6].getBigInteger(); BigInteger expQ = seq[7].getBigInteger(); BigInteger crtCoeff = seq[8].getBigInteger(); RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, primeP, primeQ, expP, expQ, crtCoeff); KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePrivate(keySpec); } catch (Exception e) { e.printStackTrace(); } return null; }} |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)