1. 首頁
  2. 問答
  3. JWT無效簽名

JWT無效簽名

2016-08-22 145 views
0

我正在嘗試使用json Web令牌開發我的應用程序。我決定使用jjwt,但它不起作用。我有以下片段JWT無效簽名

Jwts.parser() 
     .setSigningKey(secretKey) 
     .parseClaimsJws(token) 
     .getBody()

它總是拋出異常。

我試圖生成與下面的代碼

String compactJws = Jwts.builder() 
      .setSubject("Joe") 
      .signWith(SignatureAlgorithm.HS256, "secret") 
      .compact();

令牌,當我在這裏https://jwt.io/粘貼此令牌我得到了,這是無效的信息。哪裏不對 ?

來源

2016-08-22 Andayz

+0

的[與Java JJWT簽名生成的jwt.io調試失敗]可能的複製(http://stackoverflow.com/questions/38263680/generated-with-java-jjwt-signature-fails-at-jwt -io調試器) – pedrofb

回答

0

您正在傳遞一個明文密鑰signWith方法,這就是問題;

作爲每JJWT源代碼:

/** 
331  * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS. 
332  * 
333  * <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting 
334  * byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p> 
335  * 
336  * @param alg     the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS. 
337  * @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the 
338  *        JWT. 
339  * @return the builder for method chaining. 
340  */ 
341  JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey); 
342 

343  /** 
344  * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS. 
345  * 
346  * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS. 
347  * @param key the algorithm-specific signing key to use to digitally sign the JWT. 
348  * @return the builder for method chaining. 
349  */ 
350  JwtBuilder signWith(SignatureAlgorithm alg, Key key);

傳遞包含該鍵的基-64串,或聲明Key對象並通過相關的信息來構建它。 如在例如:

byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("c2VjcmV0");//this has to be base-64 encoded, it reads 'secret' if we de-encoded it 
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); 

    //Let's set the JWT Claims 
JwtBuilder builder = Jwts.builder().setId(id) 
           .setIssuedAt(now) 
           .setSubject(subject) 
           .setIssuer(issuer) 
           .signWith(signatureAlgorithm, signingKey);

來源

2016-08-22 20:24:18

0

我認爲你正在做的事情錯* .setSigningKey(祕密密鑰)*。 這裏是完整的代碼,說明如何使用智威湯遜驗證令牌。

package com.brajesh.test; 
import java.security.Key; 
import java.util.Date; 
import java.util.UUID; 
import javax.crypto.spec.SecretKeySpec; 
import javax.xml.bind.DatatypeConverter; 
import io.jsonwebtoken.Claims; 
import io.jsonwebtoken.JwtBuilder; 
import io.jsonwebtoken.Jwts; 
import io.jsonwebtoken.SignatureAlgorithm; 

public class JwtTokenDemo { 

    private String secretKey; 

    public static void main(String[] args) { 
     JwtTokenDemo jwtTokenDemo = new JwtTokenDemo(); 
     String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "[email protected]", 12999L); 
     System.out.println("tokens : "+tokens); 

     System.out.println("========AFTER============"); 
     jwtTokenDemo.parseJWT(tokens); 
    } 


    //Sample method to validate and read the JWT 
    private void parseJWT(String jwt) { 
    //This line will throw an exception if it is not a signed JWS (as expected) 
    Claims claims = Jwts.parser()   
     .setSigningKey(DatatypeConverter.parseBase64Binary(secretKey)) 
     .parseClaimsJws(jwt).getBody(); 
     System.out.println("ID: " + claims.getId()); 
     System.out.println("Subject: " + claims.getSubject()); 
     System.out.println("Issuer: " + claims.getIssuer()); 
     System.out.println("Expiration: " + claims.getExpiration()); 
    } 
/** 
* 
* @param id 
* @param issuer 
* @param subject 
* @param ttlMillis 
* @return 
*/ 
private String createJWT(String id, String issuer, String subject, long ttlMillis) { 

    //The JWT signature algorithm we will be using to sign the token 
    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; 

    long nowMillis = System.currentTimeMillis(); 
    Date now = new Date(nowMillis); 
    String keys = UUID.randomUUID().toString(); 
    System.out.println(keys); 
    this.secretKey = keys; 

    byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys); 
    Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); 


    JwtBuilder builder = Jwts.builder().setId(id) 
           .setIssuedAt(now) 
           .setSubject(subject) 
           .setIssuer(issuer) 
           .signWith(signatureAlgorithm, signingKey); 

    if (ttlMillis >= 0) { 
    long expMillis = nowMillis + ttlMillis; 
     Date exp = new Date(expMillis); 
     builder.setExpiration(exp); 
    } 
    return builder.compact(); 
} 
}

來源

2017-12-16 06:34:13 BR001

相關問題

 相關問題