时间:2021-05-19
这篇文章主要介绍了基于Java验证jwt token代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
How to load public certificate from pem file..?地址
1.HS256对称加密
package jwt; import java.io.FileInputStream;import java.io.IOException;import java.security.KeyFactory;import java.security.PrivateKey;import java.security.PublicKey;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.Base64;import java.util.Date;import java.util.Vector;import java.util.Map; import sun.misc.BASE64Decoder; import com.auth0.jwt.JWT;import com.auth0.jwt.algorithms.Algorithm;import com.auth0.jwt.exceptions.JWTVerificationException;import com.auth0.jwt.interfaces.Claim;import com.auth0.jwt.interfaces.DecodedJWT; public class JWTValidator { private static String JWT_Type = "JWT"; protected boolean validated; protected Object[] claims; public JWTValidator() { setValidated(false); setClaims(null); } public String Generate(String secret, String issuer, String audience, String subject){ try { Algorithm algorithm = Algorithm.HMAC256(secret); // HS256 String token = JWT.create() .withIssuer(issuer) .withAudience(audience) .withSubject(subject) .sign(algorithm); System.out.println(token); return token; } catch (Exception exception){ //UTF-8 encoding not supported return ""; } } public void Validate(String token, String secret, String issuer, String audience, String subject) { DecodedJWT jwt = null; setValidated(false); if (token == null || secret == null || issuer == null || audience == null || subject == null) return; try { jwt = JWT.require(Algorithm.HMAC256(secret.getBytes())).build().verify(token); } catch (JWTVerificationException e) { return; } if (jwt == null || jwt.getType() == null || !jwt.getType().contentEquals(JWT_Type)) return; if (!jwt.getIssuer().contentEquals(issuer) || !jwt.getAudience().contains(audience) || !jwt.getSubject().contentEquals(subject)) return; Date now = new Date(); if ((jwt.getNotBefore() != null && jwt.getNotBefore().after(now)) || (jwt.getExpiresAt() != null && jwt.getExpiresAt().before(now))) return; setValidated(true); Map<String, Claim> claimsMap = jwt.getClaims(); Vector<Claim> claimsVector = new Vector<Claim>(); if (claimsMap != null) { for (Map.Entry<String, Claim> entry : claimsMap.entrySet()) { String key = entry.getKey(); if (key != null && !key.matches("aud|sub|iss|exp|iat")) { //claimsVector.add(new Claim(key, entry.getValue().asString())); } } } setClaims(claimsVector.isEmpty() ? null : claimsVector.toArray()); } public boolean isValidated() { return validated; } public void setValidated(boolean val) { validated = val; } public Object[] getClaims() { return claims; } public void setClaims(Object[] val) { claims = (val == null ? new Object[0] : val); }}2.RS256不对称加密,需要用public cert来验证
package jwt; import junit.framework.TestCase;import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils;import org.jose4j.jws.AlgorithmIdentifiers;import org.jose4j.jws.JsonWebSignature;import org.jose4j.jwt.JwtClaims;import org.jose4j.jwt.consumer.JwtConsumer;import org.jose4j.jwt.consumer.JwtConsumerBuilder;import org.jose4j.lang.JoseException;import sun.security.util.DerInputStream;import sun.security.util.DerValue; import java.io.ByteArrayInputStream;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.IOException;import java.math.BigInteger;import java.security.*;import java.security.cert.CertificateException;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.security.spec.InvalidKeySpecException;import java.security.spec.RSAPrivateCrtKeySpec;import java.security.spec.X509EncodedKeySpec;import java.text.SimpleDateFormat;import java.util.UUID; public class JWTValidatorForRSA extends TestCase{ public void testCreateToken() throws IOException { System.out.println(createToken()); } public void testVerifyToken() throws Exception { String token = createToken(); System.out.println(token); String pkeyPath = "D:\\temp\\idsrv4.crt"; JwtClaims jwtClaims = verifyToken(token,pkeyPath); System.out.println(jwtClaims.getClaimValue("name")); System.out.println(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(jwtClaims.getIssuedAt().getValueInMillis())); System.out.println(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(jwtClaims.getExpirationTime().getValueInMillis())); } /** * 生成jwt,SHA256加密 * @return * @throws IOException */ public String createToken() throws IOException { String privateKeyPath = "D:\\temp\\idsrv4.key"; PrivateKey privateKey = getPrivateKey(getStringFromFile(privateKeyPath)); final JwtClaims claims = new JwtClaims(); claims.setClaim("name", "jack"); claims.setSubject("a@a.com"); claims.setAudience("test");//用于验证签名是否合法,验证方必须包含这些内容才验证通过 claims.setExpirationTimeMinutesInTheFuture(-1); // 60*24*30); claims.setIssuedAtToNow(); // Generate the payload final JsonWebSignature jws = new JsonWebSignature(); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); jws.setPayload(claims.toJson()); jws.setKeyIdHeaderValue(UUID.randomUUID().toString()); // Sign using the private key jws.setKey(privateKey); try { return jws.getCompactSerialization(); } catch (JoseException e) { return null; } } /** * 验证jwt * @param token * @return * @throws Exception */ public JwtClaims verifyToken(String token,String publicKeyPath) throws Exception { try { PublicKey publicKey = getPublicKey(publicKeyPath); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setVerificationKey(publicKey) .setExpectedAudience("test")//用于验证签名是否合法,可以设置多个,且可设置必须存在项,如果jwt中不包含这些内容则不通过 .build(); return jwtConsumer.processToClaims(token); } catch (Exception e) { throw new RuntimeException(e); } } private String getStringFromFile(String filePath) throws IOException { // 生成方法:安装openssl,执行 openssl genrsa -out private.pem 2048 return IOUtils.toString(new FileInputStream(filePath)); } /** * 获取PublicKey对象 * @param publicKeyBase64 * @return * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws CertificateException * @throws FileNotFoundException */ private PublicKey getPublicKey(String publicKeyPath) throws NoSuchAlgorithmException, InvalidKeySpecException, CertificateException, FileNotFoundException { /* Not work : data isn't an object ID (tag = 2) String pem = publicKeyBase64 .replaceAll("\\-*BEGIN.*CERTIFICATE\\-*", "") .replaceAll("\\-*END.*CERTIFICATE\\-*", ""); java.security.Security.addProvider( new org.bouncycastle.jce.provider.BouncyCastleProvider() ); System.out.println(pem); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(pem)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(pubKeySpec); */ CertificateFactory fact = CertificateFactory.getInstance("X.509"); FileInputStream is = new FileInputStream (publicKeyPath); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); PublicKey publicKey = cer.getPublicKey(); System.out.println(publicKey); return publicKey; } /** * 获取PrivateKey对象 * @param privateKeyBase64 * @return */ private PrivateKey getPrivateKey(String privateKeyBase64) { String privKeyPEM = privateKeyBase64 .replaceAll("\\-*BEGIN.*KEY\\-*", "") .replaceAll("\\-*END.*KEY\\-*", ""); // Base64 decode the data byte[] encoded = Base64.decodeBase64(privKeyPEM); try { DerInputStream derReader = new DerInputStream(encoded); DerValue[] seq = derReader.getSequence(0); if (seq.length < 9) { throw new GeneralSecurityException("Could not read private key"); } // skip version seq[0]; BigInteger modulus = seq[1].getBigInteger(); BigInteger publicExp = seq[2].getBigInteger(); BigInteger privateExp = seq[3].getBigInteger(); BigInteger primeP = seq[4].getBigInteger(); BigInteger primeQ = seq[5].getBigInteger(); BigInteger expP = seq[6].getBigInteger(); BigInteger expQ = seq[7].getBigInteger(); BigInteger crtCoeff = seq[8].getBigInteger(); RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, primeP, primeQ, expP, expQ, crtCoeff); KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePrivate(keySpec); } catch (Exception e) { e.printStackTrace(); } return null; }}以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。
JWT是什么JWT是jsonwebtoken缩写。它将用户信息加密到token里,服务器不保存任何用户信息。服务器通过使用保存的密钥验证token的正确性,只要
JWT是什么JWT是jsonwebtoken缩写。它将用户信息加密到token里,服务器不保存任何用户信息。服务器通过使用保存的密钥验证token的正确性,只要
Token验证是验证用户身份的重要方式,在golang开发中具有广泛应用,文中主要阐述了利用jwt包加密后的token验证。导入包:import("github
1,快速实现授权验证什么是JWT?为什么要用JWT?JWT的组成?这些百度可以直接找到,这里不再赘述。实际上,只需要知道JWT认证模式是使用一段Token作为认
情景:公司项目基于.net4.0,web客户端实现单点登录需要自己解密id_token,对于jwt解密,.net提供了IdentityModel类库,但是4.0