使用RSA算法簽名,生成jwt令牌,這里用spring-security-jwt庫,也可以使用jjwt庫。
只支持keystore為jks類型的證書。私鑰加密,公鑰驗簽。
1、生成jwt
public class CreateJwtTest { /*** * 創建令牌測試 */ @Test public void testCreateToken(){ //證書文件路徑 String key_location="abc.jks"; //秘鑰庫密碼 String key_password="abc"; //秘鑰密碼 String keypwd = "abc"; //秘鑰別名 String alias = "abc"; //訪問證書路徑 ClassPathResource resource = new ClassPathResource(key_location); //創建秘鑰工廠 KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(resource,key_password.toCharArray()); //讀取秘鑰對(公鑰、私鑰) KeyPair keyPair = keyStoreKeyFactory.getKeyPair(alias,keypwd.toCharArray()); //獲取私鑰 RSAPrivateKey rsaPrivate = (RSAPrivateKey) keyPair.getPrivate(); //定義Payload Map<String, Object> tokenMap = new HashMap<>(); tokenMap.put("id", "1"); tokenMap.put("name", "me"); tokenMap.put("roles", "ROLE_POWER,ROLE_USER"); //生成Jwt令牌 Jwt jwt = JwtHelper.encode(JSON.toJSONString(tokenMap), new RsaSigner(rsaPrivate)); //取出令牌 String encoded = jwt.getEncoded(); System.out.println(encoded); } }
2、取出令牌
public class ParseJwtTest { /*** * 校驗令牌 */ @Test public void testParseToken(){ //令牌 String token = "略"; //公鑰 String publickey = "略"; //校驗Jwt並生成jwt對象 Jwt jwt = JwtHelper.decodeAndVerify(token, new RsaVerifier(publickey)); //獲取Jwt原始內容 String claims = jwt.getClaims(); System.out.println(claims);
//jwt令牌 String encoded = jwt.getEncoded(); System.out.println(encoded); } }