引言
本文主要示例如何通过已知的公钥(字符串)
,来使用java-jwt
校验token所。
由于java-jwt中校验时所需要的公钥是RSAPublicKey
对象而我们目前的公钥是字符串
,所以我们需要进行转化,本篇文章主要就是记录如何进行这个转化
如果需要了解公钥、私钥的概念,请百度其它文章。
代码
<!-- java-jwt -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>4.2.1</version>
</dependency>
/**
* 根据公钥字符串生成PublicKey对象
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
private static PublicKey getPublicKey()
throws NoSuchAlgorithmException, InvalidKeySpecException {
String pem = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWCkZn1ksPM+DBLzgaffe2je6/Kr168fDI/CAM23Ardh4+w5yprtCmNfibCLcNZ66OzPC164p4ufboc9fxXqd5mv0ZtaHGG2pATH5e7z+Gla3Bd3QX8WqJi5LkAtsdP23IQqhz8UHA+Vmd6pTzobcQBhF1K7K/zcK9QDTFon4tCxL12wSOl40CDlWnaHortvljmJ5T3zD1iPjHjpVejI5YQReqxXEuqFVTqu2nhdTWAmfX8KrlVbPGPCevruKFmNvnl09N0Kk2CZGRlLq5aE7UZxH3GOkNWKkVWMO7tUgoJK9r8v/EIrIcuO5SX7RuyyhyY0/fsx3f+CTrUATkfgVwIDAQAB";
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(pem));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(pubKeySpec);
System.out.println(publicKey);
return publicKey;
}
/**
* 校验token
* @param token
* @return
* @throws Exception
*/
public static DecodedJWT verifierToken(String token)throws Exception{
//其实按照规定只需要传递 publicKey 来校验即可,这可能是auth0 的缺点
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) getPublicKey(),null);
JWTVerifier verifier = JWT.require(algorithm)
//.withIssuer(ISSUER)
.build(); //Reusable verifier instance 可复用的验证实例
DecodedJWT jwt = verifier.verify(token);
return jwt;
}
测试
@SpringBootTest(classes = KeycloakdemoApplication.class)
@RunWith(SpringRunner.class)
public class DemoTest {
@Test
public void testGetInstance() throws Exception {
DecodedJWT verify = JWTUtils.verifierToken("eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxdGtoMFBXanE1SmpOalVjc1hNYnJ1TldQVngtM2tQekJpekJGTDZfUDFJIn0.eyJleHAiOjE2NzM0NTc3MjYsImlhdCI6MTY3MzQ1NzQyNiwiYXV0aF90aW1lIjoxNjczNDU2MTU1LCJqdGkiOiJiMDZlNDljNS1kMTk5LTQ4ZWItYWE4NS1iNWJjMTMxNDVhMWIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvYXV0aC9yZWFsbXMvbXlSZWFsbSIsInN1YiI6ImI4ZTAwM2Y1LTIxNDktNDUwMC04ZTE1LTZkZTU1YWM1MGRmMyIsInR5cCI6IkJlYXJlciIsImF6cCI6Im15Y2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImRlM2Q4ZjZhLTE4YzAtNGYzYS1hNmQwLWNlNTBjNmM2ZmNjMyIsImFjciI6IjAiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiYWRtaW4iXX0sInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiJkZTNkOGY2YS0xOGMwLTRmM2EtYTZkMC1jZTUwYzZjNmZjYzMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.sGblDdBIkwnDDUcGd7-2QlCeA17gnmuvXosqpZ0T_zGlKtr6Ta-z1QSgwdc8K5ivekyIQmcYAIh-eHmfVxjCLKZ6fR-AdTeqenXdkNJuMREzwKpnOFx1Wq2LZUb-hqWKJimBKi2iUPlu4ENAVbFOWxcMwIedySpN74RHF3yP4BKr4YfAmr5u9CSX3EYw0LMiMVlt6l_FKNssKnTLlBq0IPDlBdwV9D1l6qpDXu_uIbvUzb_w8rnSoUGMqqqxI-RNF6m5dit29KWinFfkat5-g-lvbiVz8l0wYfMBGb9ESwC0aXJARcEG7PdhtqYLPjsGFVrjqHMq1ci_BVivAt3Htw");
System.out.println(verify);
System.out.println(verify.getExpiresAt());
System.out.println(verify.getClaim("scope"));
System.out.println(verify.getExpiresAtAsInstant());
System.out.println(verify.getClaims());
}
}