帶公鑰/私鑰的java-jwt

Question

Auth0提供兩個JWT庫，一個用於節點：node-jsonwebtoken，另一個用於Java：java-jwt。

我創建的私有/公共密鑰對，並與node-jsonwebtoken用它成功地在節點：

var key = fs.readFileSync('private.key'); 
var pem = fs.readFileSync('public.pem'); 

var header = {...}; 
var payload = {...}; 

header.algorithm = "RS256"; 
var message = jsonwebtoken.sign(payload, key, header); 
var decoded = jsonwebtoken.verify(message, pem, {algorithm: "RS256"}); 

但我沒有發現任何與java-jwt做在Java中相同的方式。

任何人對如何在Java中使用私有/公共密鑰對JWT工作的例子嗎？

Answer 1

這個特定的庫不支持它。但是你可以檢查其他人的Java。在這裏看到：https://jwt.io/

Answer 2

我用下面的代碼爲智威湯遜在Java中。嘗試一下。

import java.security.KeyPair; 
import java.security.KeyPairGenerator; 
import java.security.PrivateKey; 
import java.security.PublicKey; 
import java.util.Date; 
import java.util.HashMap; 
import java.util.Map; 

import io.jsonwebtoken.Claims; 
import io.jsonwebtoken.Jwts; 
import io.jsonwebtoken.SignatureAlgorithm; 

public class JWTJavaWithPublicPrivteKey { 

    public static void main(String[] args) { 

     System.out.println("generating keys"); 
     Map<String, Object> rsaKeys = null; 

     try { 
      rsaKeys = getRSAKeys(); 
     } catch (Exception e) { 

      e.printStackTrace(); 
     } 
     PublicKey publicKey = (PublicKey) rsaKeys.get("public"); 
     PrivateKey privateKey = (PrivateKey) rsaKeys.get("private"); 

     System.out.println("generated keys"); 

     String token = generateToken(privateKey); 
     System.out.println("Generated Token:\n" + token); 

     verifyToken(token, publicKey); 

    } 

    public static String generateToken(PrivateKey privateKey) { 
     String token = null; 
     try { 
      Map<String, Object> claims = new HashMap<String, Object>(); 

      // put your information into claim 
      claims.put("id", "xxx"); 
      claims.put("role", "user"); 
      claims.put("created", new Date()); 

      token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.RS512, privateKey).compact(); 


     } catch (Exception e) { 
      e.printStackTrace(); 
     } 
     return token; 
    } 

    // verify and get claims using public key 

    private static Claims verifyToken(String token, PublicKey publicKey) { 
     Claims claims; 
     try { 
      claims = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(token).getBody(); 

      System.out.println(claims.get("id")); 
      System.out.println(claims.get("role")); 

     } catch (Exception e) { 

      claims = null; 
     } 
     return claims; 
    } 

    // Get RSA keys. Uses key size of 2048. 
    private static Map<String, Object> getRSAKeys() throws Exception { 
     KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); 
     keyPairGenerator.initialize(2048); 
     KeyPair keyPair = keyPairGenerator.generateKeyPair(); 
     PrivateKey privateKey = keyPair.getPrivate(); 
     PublicKey publicKey = keyPair.getPublic(); 
     Map<String, Object> keys = new HashMap<String, Object>(); 
     keys.put("private", privateKey); 
     keys.put("public", publicKey); 
     return keys; 
    } 
} 

 
Maven Dependency 

<dependency> 
     <groupId>io.jsonwebtoken</groupId> 
     <artifactId>jjwt</artifactId> 
     <version>0.6.0</version> 
</dependency>