当前位置:theitroad>带有公钥/私钥的 java-jwt

带有公钥/私钥的 java-jwt

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/37722090/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-03 02:43:39  来源:igfitidea点击:

java-jwt with public/private keys

javajwtauth0

提问by Predrag Stojadinovi?

Auth0provides two JWT libraries, one for Node: node-jsonwebtoken, and one for Java: java-jwt.

Auth0提供了两个 JWT 库,一个用于 Node:node-jsonwebtoken,另一个用于 Java:java-jwt

I created the private/public key pair, and used it successfully in Node with node-jsonwebtoken:

我创建了私钥/公钥对,并在 Node 中使用node-jsonwebtoken成功使用了它:

var key = fs.readFileSync('private.key');
var pem = fs.readFileSync('public.pem');

var header = {...};
var payload = {...};

header.algorithm = "RS256";
var message = jsonwebtoken.sign(payload, key, header);
var decoded = jsonwebtoken.verify(message, pem, {algorithm: "RS256"});

But I found no way of doing the same in Java with java-jwt.

但是我发现没有办法在 Java 中使用java-jwt做同样的事情。

Anyone has a working example of how to use private/public keys for JWT in Java?

任何人都有如何在 Java 中为 JWT 使用私钥/公钥的工作示例?

采纳答案by Eugenio Pace

That particular library doesn't support it. But you can check others for Java that do. See here: https://jwt.io/

那个特定的库不支持它。但是您可以检查其他人是否有这样做的 Java。见这里:https: //jwt.io/

回答by Rajeev Ranjan

I used the following code for JWT in Java. Try it.

我在 Java 中为 JWT 使用了以下代码。试试看。

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

public class JWTJavaWithPublicPrivateKey {

    public static void main(String[] args) {

        System.out.println("generating keys");
        Map<String, Object> rsaKeys = null;

        try {
            rsaKeys = getRSAKeys();
        } catch (Exception e) {

            e.printStackTrace();
        }
        PublicKey publicKey = (PublicKey) rsaKeys.get("public");
        PrivateKey privateKey = (PrivateKey) rsaKeys.get("private");

        System.out.println("generated keys");

        String token = generateToken(privateKey);
        System.out.println("Generated Token:\n" + token);

        verifyToken(token, publicKey);

    }

    public static String generateToken(PrivateKey privateKey) {
        String token = null;
        try {
            Map<String, Object> claims = new HashMap<String, Object>();

            // put your information into claim
            claims.put("id", "xxx");
            claims.put("role", "user");
            claims.put("created", new Date());

            token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.RS512, privateKey).compact();


        } catch (Exception e) {
            e.printStackTrace();
        }
        return token;
    }

    // verify and get claims using public key

    private static Claims verifyToken(String token, PublicKey publicKey) {
        Claims claims;
        try {
            claims = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(token).getBody();

            System.out.println(claims.get("id"));
            System.out.println(claims.get("role"));

        } catch (Exception e) {

            claims = null;
        }
        return claims;
    }

    // Get RSA keys. Uses key size of 2048.
    private static Map<String, Object> getRSAKeys() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        Map<String, Object> keys = new HashMap<String, Object>();
        keys.put("private", privateKey);
        keys.put("public", publicKey);
        return keys;
    }
}

Maven Dependency


<dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.6.0</version>
</dependency>

回答by lgraf

Recent versions (since 3.0.0) of the auth0 java-jwt library supports RSA and ECDSAfor signing JWT tokens using a public/private key pair.

auth0 java-jwt 库的最新版本(自3.0.0 起)支持RSA 和 ECDSA,以使用公钥/私钥对对 JWT 令牌进行签名。

Example of signing a JWT using java-jwt (based on the documentation).

使用 java-jwt 签署 JWT 的示例(基于文档)。

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTCreationException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Map;

class JwtPKSigningExample {
    public static void main(String[] args) throws Exception {
        Map<String, Object> keys = generateRSAKeys();

        String token = null;
        try {
            RSAPrivateKey privateKey = (RSAPrivateKey) keys.get("private");
            Algorithm algorithm = Algorithm.RSA256(null, privateKey);
            token = JWT.create()
                    .withIssuer("pk-signing-example")
                    .sign(algorithm);
        } catch (JWTCreationException x) {
            throw x;
        }

        try {
            RSAPublicKey publicKey = (RSAPublicKey) keys.get("public");
            Algorithm algorithm = Algorithm.RSA256(publicKey, null);
            JWTVerifier verifier = JWT.require(algorithm)
                    .withIssuer("pk-signing-example")
                    .build();
            DecodedJWT jwt = verifier.verify(token);

            System.out.println(jwt.getToken());
        } catch (JWTVerificationException x) {
            throw x;
        }
    }

    private static Map<String, Object> generateRSAKeys() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        return Map.of("private", keyPair.getPrivate(), "public", keyPair.getPublic());
    }
}

相关推荐

使用 selenium Webdriver 在 Java 中读取 JSON 文件并写入 JSON 文件

使用 selenium Webdriver 在 Java 中读取 JSON 文件并写入 JSON 文件

java 什么是Java中try catch中的圆括号/圆括号()

java 什么是Java中try catch中的圆括号/圆括号()

java 为什么我必须在 try/catch 语句中包装每个 Thread.sleep() 调用?

java 为什么我必须在 try/catch 语句中包装每个 Thread.sleep() 调用?

安装 dbeaver 时出错 - Java 错误代码 = 13

安装 dbeaver 时出错 - Java 错误代码 = 13

相关推荐
最近更新
标签