重庆分公司,新征程启航

为企业提供网站建设、域名注册、服务器等服务

基于Java验证jwttoken代码怎么写

这篇文章给大家介绍基于Java验证jwttoken代码怎么写,内容非常详细,感兴趣的小伙伴们可以参考借鉴,希望对大家能有所帮助。

创新互联主营扎赉特网站建设的网络公司,主营网站建设方案,成都app软件开发,扎赉特h5成都微信小程序搭建,扎赉特网站营销推广欢迎扎赉特等地区企业咨询

1.HS256对称加密

package jwt; import java.io.FileInputStream;import java.io.IOException;import java.security.KeyFactory;import java.security.PrivateKey;import java.security.PublicKey;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.Base64;import java.util.Date;import java.util.Vector;import java.util.Map; import sun.misc.BASE64Decoder; import com.auth0.jwt.JWT;import com.auth0.jwt.algorithms.Algorithm;import com.auth0.jwt.exceptions.JWTVerificationException;import com.auth0.jwt.interfaces.Claim;import com.auth0.jwt.interfaces.DecodedJWT;  public class JWTValidator {  private static String JWT_Type = "JWT";     protected boolean validated;  protected Object[] claims;     public JWTValidator() {    setValidated(false);    setClaims(null);  }  public String Generate(String secret, String issuer, String audience, String subject){    try {      Algorithm algorithm = Algorithm.HMAC256(secret); // HS256      String token = JWT.create()        .withIssuer(issuer)        .withAudience(audience)        .withSubject(subject)        .sign(algorithm);      System.out.println(token);      return token;    } catch (Exception exception){      //UTF-8 encoding not supported      return "";    }  }      public void Validate(String token, String secret, String issuer, String audience, String subject) {    DecodedJWT jwt = null;    setValidated(false);         if (token == null || secret == null || issuer == null || audience == null || subject == null)      return;         try {      jwt = JWT.require(Algorithm.HMAC256(secret.getBytes())).build().verify(token);    } catch (JWTVerificationException e) {      return;    }         if (jwt == null || jwt.getType() == null || !jwt.getType().contentEquals(JWT_Type))      return;         if (!jwt.getIssuer().contentEquals(issuer) ||      !jwt.getAudience().contains(audience) ||      !jwt.getSubject().contentEquals(subject))      return;         Date now = new Date();         if ((jwt.getNotBefore() != null && jwt.getNotBefore().after(now)) ||      (jwt.getExpiresAt() != null && jwt.getExpiresAt().before(now)))      return;         setValidated(true);     Map claimsMap = jwt.getClaims();    Vector claimsVector = new Vector();         if (claimsMap != null) {      for (Map.Entry entry : claimsMap.entrySet()) {        String key = entry.getKey();        if (key != null && !key.matches("aud|sub|iss|exp|iat")) {                   //claimsVector.add(new Claim(key, entry.getValue().asString()));        }      }       }     setClaims(claimsVector.isEmpty() ? null : claimsVector.toArray());  }   public boolean isValidated() { return validated; }  public void setValidated(boolean val) { validated = val; }   public Object[] getClaims() { return claims; }  public void setClaims(Object[] val) { claims = (val == null ? new Object[0] : val); }}

2.RS256不对称加密,需要用public cert来验证

package jwt; import junit.framework.TestCase;import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils;import org.jose4j.jws.AlgorithmIdentifiers;import org.jose4j.jws.JsonWebSignature;import org.jose4j.jwt.JwtClaims;import org.jose4j.jwt.consumer.JwtConsumer;import org.jose4j.jwt.consumer.JwtConsumerBuilder;import org.jose4j.lang.JoseException;import sun.security.util.DerInputStream;import sun.security.util.DerValue; import java.io.ByteArrayInputStream;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.IOException;import java.math.BigInteger;import java.security.*;import java.security.cert.CertificateException;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.security.spec.InvalidKeySpecException;import java.security.spec.RSAPrivateCrtKeySpec;import java.security.spec.X509EncodedKeySpec;import java.text.SimpleDateFormat;import java.util.UUID; public class JWTValidatorForRSA extends TestCase{   public void testCreateToken() throws IOException {    System.out.println(createToken());  }   public void testVerifyToken() throws Exception {    String token = createToken();    System.out.println(token);         String pkeyPath = "D:\\temp\\idsrv4.crt";    JwtClaims jwtClaims = verifyToken(token,pkeyPath);    System.out.println(jwtClaims.getClaimValue("name"));    System.out.println(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(jwtClaims.getIssuedAt().getValueInMillis()));    System.out.println(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(jwtClaims.getExpirationTime().getValueInMillis()));  }   /**   * 生成jwt,SHA256加密   * @return   * @throws IOException   */  public String createToken() throws IOException {    String privateKeyPath = "D:\\temp\\idsrv4.key";    PrivateKey privateKey = getPrivateKey(getStringFromFile(privateKeyPath));    final JwtClaims claims = new JwtClaims();    claims.setClaim("name", "jack");    claims.setSubject("a@a.com");    claims.setAudience("test");//用于验证签名是否合法,验证方必须包含这些内容才验证通过    claims.setExpirationTimeMinutesInTheFuture(-1); // 60*24*30);    claims.setIssuedAtToNow();     // Generate the payload    final JsonWebSignature jws = new JsonWebSignature();    jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);    jws.setPayload(claims.toJson());    jws.setKeyIdHeaderValue(UUID.randomUUID().toString());     // Sign using the private key    jws.setKey(privateKey);    try {      return jws.getCompactSerialization();    } catch (JoseException e) {      return null;    }  }   /**   * 验证jwt   * @param token   * @return   * @throws Exception   */  public JwtClaims verifyToken(String token,String publicKeyPath) throws Exception {     try {      PublicKey publicKey = getPublicKey(publicKeyPath);       JwtConsumer jwtConsumer = new JwtConsumerBuilder()          .setRequireExpirationTime()          .setVerificationKey(publicKey)          .setExpectedAudience("test")//用于验证签名是否合法,可以设置多个,且可设置必须存在项,如果jwt中不包含这些内容则不通过          .build();       return jwtConsumer.processToClaims(token);    } catch (Exception e) {      throw new RuntimeException(e);    }  }   private String getStringFromFile(String filePath) throws IOException {    //  生成方法:安装openssl,执行   openssl genrsa -out private.pem 2048    return IOUtils.toString(new FileInputStream(filePath));  }   /**   * 获取PublicKey对象   * @param publicKeyBase64   * @return   * @throws NoSuchAlgorithmException   * @throws InvalidKeySpecException   * @throws CertificateException   * @throws FileNotFoundException   */  private PublicKey getPublicKey(String publicKeyPath) throws NoSuchAlgorithmException, InvalidKeySpecException, CertificateException, FileNotFoundException {    /* Not work : data isn't an object ID (tag = 2)    String pem = publicKeyBase64        .replaceAll("\\-*BEGIN.*CERTIFICATE\\-*", "")        .replaceAll("\\-*END.*CERTIFICATE\\-*", "");    java.security.Security.addProvider(        new org.bouncycastle.jce.provider.BouncyCastleProvider()    );    System.out.println(pem);         X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(pem));    KeyFactory keyFactory = KeyFactory.getInstance("RSA");     PublicKey publicKey = keyFactory.generatePublic(pubKeySpec);    */         CertificateFactory fact = CertificateFactory.getInstance("X.509");    FileInputStream is = new FileInputStream (publicKeyPath);    X509Certificate cer = (X509Certificate) fact.generateCertificate(is);    PublicKey publicKey = cer.getPublicKey();         System.out.println(publicKey);         return publicKey;  }   /**   * 获取PrivateKey对象   * @param privateKeyBase64   * @return   */  private PrivateKey getPrivateKey(String privateKeyBase64) {    String privKeyPEM = privateKeyBase64        .replaceAll("\\-*BEGIN.*KEY\\-*", "")        .replaceAll("\\-*END.*KEY\\-*", "");     // Base64 decode the data    byte[] encoded = Base64.decodeBase64(privKeyPEM);     try {      DerInputStream derReader = new DerInputStream(encoded);      DerValue[] seq = derReader.getSequence(0);       if (seq.length < 9) {        throw new GeneralSecurityException("Could not read private key");      }       // skip version seq[0];      BigInteger modulus = seq[1].getBigInteger();      BigInteger publicExp = seq[2].getBigInteger();      BigInteger privateExp = seq[3].getBigInteger();      BigInteger primeP = seq[4].getBigInteger();      BigInteger primeQ = seq[5].getBigInteger();      BigInteger expP = seq[6].getBigInteger();      BigInteger expQ = seq[7].getBigInteger();      BigInteger crtCoeff = seq[8].getBigInteger();       RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp,          primeP, primeQ, expP, expQ, crtCoeff);       KeyFactory factory = KeyFactory.getInstance("RSA");      return factory.generatePrivate(keySpec);    } catch (Exception e) {      e.printStackTrace();    }    return null;  }}

关于基于Java验证jwttoken代码怎么写就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果觉得文章不错,可以把它分享出去让更多的人看到。


新闻标题:基于Java验证jwttoken代码怎么写
文章起源:http://cqcxhl.com/article/jhhhhh.html

其他资讯

在线咨询
服务热线
服务热线:028-86922220
TOP