1为用户创建JWT RSA256证书 利用postman工具发送restfull请求
请求地址:http://${konghost}:8001/consumers/${consumerId}/jwt
1.1添加header内容
[{"key":"Content-Type","value":"application/x-www-form-urlencoded"}]
1.2利用openssl命令生成RSA私钥和公钥 1.2.1生成私钥 ssh-keygen -t rsa -b 4096 -f jwtRS256.key
# Don't add passphrase,无需设置密码
1.2.2用私钥生成公钥 openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
1.2.3检查私钥是否成功生成 cat jwtRS256.key
检查公钥是否成功
cat jwtRS256.key.pub
1.2.4粘贴并复制公钥 以下是我复制的:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrGzztq8tDH43gk9qqvl
NuUPZJAc2lHq5pCmYaQGoSRfq0VE5DkoYyHs tdxC0o3fjOkJnhz3CM5 3nKwqRE
UFcMb2Pg0kVktFjApd8B0Qa6LKnE8uX815XOwS9K7JXLAem5gaAZBVUs73Q UsNk
if1ImiYM415A2PPMeT3rnOWcZ62bqUjAr8LgTt1Lli9s6aDZ070/LFpJVhk45sZK
90KalpEy 8q7U QiXX8LAq/K nkZhXqmZ5R3OPabmM2e5kcvg8HtJs DVYsfGTS8
di/3bh2DjTId/H7NNhV2B4XtcNR7mq8bQocseOGLbQBQekrVPOwjJCgd6EByzVbZ
ojGE5juMb OFTmFqHJlsfY64EalLG0eZfNqDc/6O38oTSunAIlMwYtEA9YD2VT8D
ecWaNKsMX/vPo/ON4dWqltKrQyp7nkITIpqbL8dzujaMMyVXqoLGtSF6XDNOd1ay
Qj/B2r6xZKxmYm9I05vV3MQpxi6XkN r09jLsS4FaCBgNVZ7qBS2TEXfYdPXHrcR
AM2piRqiIIcr6vp3p6J5Y5D9dEhObIFw1a0bp/gSLcAr9Ds 9cHv5Ov1fRRhZDeZ
NX4xztrKgsqSTJNCLeZOYtvp2zAk08Fnn484ZWRimuJOgYKx0LubR0107PwAvih2
2JEbA3AfD7iWYpAXVYkNtl0CAwEAAQ==
-----END PUBLIC KEY-----
1.3填写restful form-data body正文 添加参数:
rsa_public_key:填写上一步1.2.4复制的公钥
algorithm:填写RS256
1.4点击发送 POST发送请求的方式如下:
curl -X POST \
http://10.110.2.3:8001/consumers/netBank/jwt\
-H'cache-control: no-cache'\
-H'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW'\
-H'postman-token: ec74888f-26b2-95a2-5aa9-ffbd7b0b9336'\
-F 'rsa_public_key=-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrGzztq8tDH43gk9qqvl
NuUPZJAc2lHq5pCmYaQGoSRfq0VE5DkoYyHs tdxC0o3fjOkJnhz3CM5 3nKwqRE
UFcMb2Pg0kVktFjApd8B0Qa6LKnE8uX815XOwS9K7JXLAem5gaAZBVUs73Q UsNk
if1ImiYM415A2PPMeT3rnOWcZ62bqUjAr8LgTt1Lli9s6aDZ070/LFpJVhk45sZK
90KalpEy 8q7U QiXX8LAq/K nkZhXqmZ5R3OPabmM2e5kcvg8HtJs DVYsfGTS8
di/3bh2DjTId/H7NNhV2B4XtcNR7mq8bQocseOGLbQBQekrVPOwjJCgd6EByzVbZ
ojGE5juMb OFTmFqHJlsfY64EalLG0eZfNqDc/6O38oTSunAIlMwYtEA9YD2VT8D
ecWaNKsMX/vPo/ON4dWqltKrQyp7nkITIpqbL8dzujaMMyVXqoLGtSF6XDNOd1ay
Qj/B2r6xZKxmYm9I05vV3MQpxi6XkN r09jLsS4FaCBgNVZ7qBS2TEXfYdPXHrcR
AM2piRqiIIcr6vp3p6J5Y5D9dEhObIFw1a0bp/gSLcAr9Ds 9cHv5Ov1fRRhZDeZ
NX4xztrKgsqSTJNCLeZOYtvp2zAk08Fnn484ZWRimuJOgYKx0LubR0107PwAvih2
2JEbA3AfD7iWYpAXVYkNtl0CAwEAAQ==
-----END PUBLIC KEY-----' \
-F algorithm=RS256
2模拟客户端调用 2.1RSA256加解密概述 JWT本规范按以下内容组合签名串:
base64UrlEncode(header) "." base64UrlEncode(payload) "." SHA256RSA.sign(header payload, privateKey)
并生成加密串(headerBase64UrlEncodeString.payloadBase64UrlEncodeString.sha256RSASignatureString)
最终通过"."号拼接。
2.2准备加密签名信息 私钥、公钥、header,payload,签名算法。
2.2.1私钥
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEArrGzztq8tDH43gk9qqvlNuUPZJAc2lHq5pCmYaQGoSRfq0VE
5DkoYyHs tdxC0o3fjOkJnhz3CM5 3nKwqREUFcMb2Pg0kVktFjApd8B0Qa6LKnE
8uX815XOwS9K7JXLAem5gaAZBVUs73Q UsNkif1ImiYM415A2PPMeT3rnOWcZ62b
qUjAr8LgTt1Lli9s6aDZ070/LFpJVhk45sZK90KalpEy 8q7U QiXX8LAq/K nkZ
hXqmZ5R3OPabmM2e5kcvg8HtJs DVYsfGTS8di/3bh2DjTId/H7NNhV2B4XtcNR7
mq8bQocseOGLbQBQekrVPOwjJCgd6EByzVbZojGE5juMb OFTmFqHJlsfY64EalL
G0eZfNqDc/6O38oTSunAIlMwYtEA9YD2VT8DecWaNKsMX/vPo/ON4dWqltKrQyp7
nkITIpqbL8dzujaMMyVXqoLGtSF6XDNOd1ayQj/B2r6xZKxmYm9I05vV3MQpxi6X
kN r09jLsS4FaCBgNVZ7qBS2TEXfYdPXHrcRAM2piRqiIIcr6vp3p6J5Y5D9dEhO
bIFw1a0bp/gSLcAr9Ds 9cHv5Ov1fRRhZDeZNX4xztrKgsqSTJNCLeZOYtvp2zAk
08Fnn484ZWRimuJOgYKx0LubR0107PwAvih22JEbA3AfD7iWYpAXVYkNtl0CAwEA
AQKCAgAe4XjYiyAqdl742QdWoTZOouU6sKL5ENwGT/GpdvZZC/YBb6hC87uo8nlS
yjzIcyEmJPjSeB56/pskUh4 lA0jao/fLPe0E I YyYC7E4E5jyI4qXXDkLI1UmM
KtECy2PsfaV2PZfOsoTT 2d8999Q6T4pSaqjkqjB8S7nC8QXoxsn1K cmCi/qSI/
rqzK6q1FC1MWM/Dz5S3rk1/Uo57i4Jo1Yu2qNq+dKiCgI+wtOSbrEaPquO5kawV
nLpao5aAPHswvlouryYXPBWOPh1GgyopA/yaPA7C8KNT+S05HTqg5F7JNEUMWJrK
74vXA+Q2Cf5x24hGvvSydpoUpFKqJ3O33jPchKZkkUk6XSdp4HG4Sn727ovVruVu
Oy18w9MvzKCEm3fPH/ySmXJGLLuISEi8p0iVrHuuyD10bNw41EnkYbxC2fy/tzw/
gj47G9wCc2c4Sq8hxmBvTppzeHKVQddc1cLtm+CCyPVzFknIZx1dP5GC3te9aqky
3v5li2RfzeuxsFt8zItk2HLAU7m4nB6ubu3g6dA9Oy8pW2/7Vv9GgvUTGUoPvB2m
vAqTrdmvjbSCV3402jaFVqjSe8nSob7m/32+6DXu70QZZ7gPi54GH9uhEMKHLsx5
OYalCHyV50fnlco8Fr5bxARxAKEyLjoaBATKEA0NEQ+UOT7uPQKCAQEA1Y4SktpU
JGgG+ZFwC9SXG+SNy235uek0LbR/2OR0toHLaPGNDBY/mpcZHFQMogmHrKDQd91P
fKvBlhGErL4lgu6AEaVI6rI3ztAlDmVu01kMmmGAtv9wXfbF6S28Rp4BFzpdVB0S
X4xhaOdYhjTBELkChAqp1wdEZOZ9NMJx/VPJ7Dfyp8kw56hk1vm0IOcsuGvB8qbI
9xPxGKfTl3QS9cPBKmWzItU7gQLV2GseURA8EiVUFT18GNyvuftJE1rN0YlDvtMl
he3ZDGdW0OCvo5GoKkWU27gd4VT4RkIRjuvbykCgOd/OX2FO+m4S12n4KpDnR8N6
C5egFlBiqchUXwKCAQEA0WpYfTEQnsP6W87INfWdfFCjIUFxx0IDGIgKNYm3Fcd3
8y1EEdDTsCIp3d0jRKixVW7AuM1qljlmwNTC7yV2DRjqhvqxZOk+UzrRIDaBFSBn
rV/tx/2Hr5l4eqjORI9BhkwqSFsDrnQp9hb3hYMVoFp1uswizL631pHAPp6tLO2L
hCyD0Lykv2roqVhZlUGevjb7VkqWWUnTwSSaxmwpZ+ETydZLI5TtoXh2VlZMyhkP
ChiMN8RHXBI/xSutTaXVkzZZVj4+k1t7Y5vH826k+WuVpZk4ZFXm/T+M5NpomKtn
6qbpXAQLGw6tnuzIVEADs/wxuOFF4pRE3uzn8A/OwwKCAQEAv3cfg/anlfSGvF7+
/DxgNqvVzVwOl/ZTx96a+VTqp277dl2LPhj8cZei9dkNcoHk2IteHPmY+IftiqSu
NUpNy3QV8rwkAfhDPPM1JhEfKfIe8JMWmfuvPS+xBXzx3sZu5+p2HqHqBSyRcUJq
BflqV5nofYYp/BYR5f0YqKLlHGFxGo6WyoQBitFZh7xdGVrqp3ZFb07Fw3Bnqtld
Rd7V2O7nUyHXWBWhwetO2zg++CL8GLDLEDgN+SRzkOWRAP9apNDSolYgwFEdVpeY
KLIqBxbilPPJoK0UbSCHcEZwA5nHdzA1922HU9CkxLbHwcbKry83jQnfdGE/MIJl
0x8/NQKCAQEA0Bev1L9Dt7AggMgq1Mu7cYOjhnFEwW7MKr1L/8VYJBExFXjekiGD
qRtZpPiQijJi/PTwFvMwPhTOEUGabw83jm465mQIkLDhWM0yb6MZg8fOnk6btsYs
5YZIXQKO7Tu5Ld1TitC+CMWvyLUrwwTuIYiiQjuFPRUrEtGESfVdOi7WG0Isvegm
gXuXtGdxpUoulu+Fs0qsug8Nl3hrQE7MmkfjZQZHZhUgSPquBL7+0TgzZKHd+7BU
BJ6xtZjgPi9S2lUAUx3JCp62LtXmy/QfhSWt738gtTtTLEXRGLwbgdGZkmfHrcLq
0jk0t56stmNiCqDJO+DGlA8nnKmnFDpxBwKCAQEAmV7d77sNH85vG1qEDT+RWyfv
NOZDofZMZSHbH5kLgfMJMccsrIGTAsvu0doceZukAJVv0wjjdTL/JOk8AzK9wo9F
RebHNoLKpGXpoD8LC4wO1PIYPdc3jzOgmtyNPQsp83sIasUzJpKrV9sAdEvBllgt
X7SAvAUyrh7PkOJDFOR1IAY8DGhxNmMZzuC3gMDsTCGasg0VWS5YBym9dI83CsL6
mdORAxOVsMVhxkkCnCFisxp1ufruqg7y0/18zeM2mhkOmWGmZ+t4SWaBcp41GAZb
cPytKQu2RD6optpJL8U2pQrZZJDYy/qNNGH2tOeXN/6wQBzd3gf19qxWJMpwfg==
-----END RSA PRIVATE KEY-----
2.2.2 公钥
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrGzztq8tDH43gk9qqvl
NuUPZJAc2lHq5pCmYaQGoSRfq0VE5DkoYyHs+tdxC0o3fjOkJnhz3CM5+3nKwqRE
UFcMb2Pg0kVktFjApd8B0Qa6LKnE8uX815XOwS9K7JXLAem5gaAZBVUs73Q+UsNk
if1ImiYM415A2PPMeT3rnOWcZ62bqUjAr8LgTt1Lli9s6aDZ070/LFpJVhk45sZK
90KalpEy+8q7U+QiXX8LAq/K+nkZhXqmZ5R3OPabmM2e5kcvg8HtJs+DVYsfGTS8
di/3bh2DjTId/H7NNhV2B4XtcNR7mq8bQocseOGLbQBQekrVPOwjJCgd6EByzVbZ
ojGE5juMb+OFTmFqHJlsfY64EalLG0eZfNqDc/6O38oTSunAIlMwYtEA9YD2VT8D
ecWaNKsMX/vPo/ON4dWqltKrQyp7nkITIpqbL8dzujaMMyVXqoLGtSF6XDNOd1ay
Qj/B2r6xZKxmYm9I05vV3MQpxi6XkN+r09jLsS4FaCBgNVZ7qBS2TEXfYdPXHrcR
AM2piRqiIIcr6vp3p6J5Y5D9dEhObIFw1a0bp/gSLcAr9Ds+9cHv5Ov1fRRhZDeZ
NX4xztrKgsqSTJNCLeZOYtvp2zAk08Fnn484ZWRimuJOgYKx0LubR0107PwAvih2
2JEbA3AfD7iWYpAXVYkNtl0CAwEAAQ==
-----END PUBLIC KEY-----
2.2.3 header内容
{
"alg": "RS256",
"typ": "JWT"
}
2.2.4 payload内容
{
"iss": "e9d24e5d802743b8822d8e0e6e7e64bf",
"exp": 1506457076
}
2.2.5 签名算法 增加pom依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
编写签名算法
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import lombok.extern.slf4j.Slf4j;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Base64;
@Slf4j
public class SHA256RSA {
public static final String strPk = "-----BEGIN RSA PRIVATE KEY-----\n" +
"MIIJKgIBAAKCAgEArrGzztq8tDH43gk9qqvlNuUPZJAc2lHq5pCmYaQGoSRfq0VE\n" +
"5DkoYyHs+tdxC0o3fjOkJnhz3CM5+3nKwqREUFcMb2Pg0kVktFjApd8B0Qa6LKnE\n" +
"8uX815XOwS9K7JXLAem5gaAZBVUs73Q+UsNkif1ImiYM415A2PPMeT3rnOWcZ62b\n" +
"qUjAr8LgTt1Lli9s6aDZ070/LFpJVhk45sZK90KalpEy+8q7U+QiXX8LAq/K+nkZ\n" +
"hXqmZ5R3OPabmM2e5kcvg8HtJs+DVYsfGTS8di/3bh2DjTId/H7NNhV2B4XtcNR7\n" +
"mq8bQocseOGLbQBQekrVPOwjJCgd6EByzVbZojGE5juMb+OFTmFqHJlsfY64EalL\n" +
"G0eZfNqDc/6O38oTSunAIlMwYtEA9YD2VT8DecWaNKsMX/vPo/ON4dWqltKrQyp7\n" +
"nkITIpqbL8dzujaMMyVXqoLGtSF6XDNOd1ayQj/B2r6xZKxmYm9I05vV3MQpxi6X\n" +
"kN+r09jLsS4FaCBgNVZ7qBS2TEXfYdPXHrcRAM2piRqiIIcr6vp3p6J5Y5D9dEhO\n" +
"bIFw1a0bp/gSLcAr9Ds+9cHv5Ov1fRRhZDeZNX4xztrKgsqSTJNCLeZOYtvp2zAk\n" +
"08Fnn484ZWRimuJOgYKx0LubR0107PwAvih22JEbA3AfD7iWYpAXVYkNtl0CAwEA\n" +
"AQKCAgAe4XjYiyAqdl742QdWoTZOouU6sKL5ENwGT/GpdvZZC/YBb6hC87uo8nlS\n" +
"yjzIcyEmJPjSeB56/pskUh4+lA0jao/fLPe0E+I+YyYC7E4E5jyI4qXXDkLI1UmM\n" +
"KtECy2PsfaV2PZfOsoTT+2d8999Q6T4pSaqjkqjB8S7nC8QXoxsn1K+cmCi/qSI/\n" +
"rqzK6q1FC1MWM/Dz5S3rk1/Uo57i4Jo1HYu2qNq+dKiCgI+wtOSbrEaPquO5kawV\n" +
"nLpao5aAPHswvlouryYXPBWOPh1GgyopA/yaPA7C8KNT+S05HTqg5F7JNEUMWJrK\n" +
"74vXA+Q2Cf5x24hGvvSydpoUpFKqJ3O33jPchKZkkUk6XSdp4HG4Sn727ovVruVu\n" +
"Oy18w9MvzKCEm3fPH/ySmXJGLLuISEi8p0iVrHuuyD10bNw41EnkYbxC2fy/tzw/\n" +
"gj47G9wCc2c4Sq8hxmBvTppzeHKVQddc1cLtm+CCyPVzFknIZx1dP5GC3te9aqky\n" +
"3v5li2RfzeuxsFt8zItk2HLAU7m4nB6ubu3g6dA9Oy8pW2/7Vv9GgvUTGUoPvB2m\n" +
"vAqTrdmvjbSCV3402jaFVqjSe8nSob7m/32+6DXu70QZZ7gPi54GH9uhEMKHLsx5\n" +
"OYalCHyV50fnlco8Fr5bxARxAKEyLjoaBATKEA0NEQ+UOT7uPQKCAQEA1Y4SktpU\n" +
"JGgG+ZFwC9SXG+SNy235uek0LbR/2OR0toHLaPGNDBY/mpcZHFQMogmHrKDQd91P\n" +
"fKvBlhGErL4lgu6AEaVI6rI3ztAlDmVu01kMmmGAtv9wXfbF6S28Rp4BFzpdVB0S\n" +
"X4xhaOdYhjTBELkChAqp1wdEZOZ9NMJx/VPJ7Dfyp8kw56hk1vm0IOcsuGvB8qbI\n" +
"9xPxGKfTl3QS9cPBKmWzItU7gQLV2GseURA8EiVUFT18GNyvuftJE1rN0YlDvtMl\n" +
"he3ZDGdW0OCvo5GoKkWU27gd4VT4RkIRjuvbykCgOd/OX2FO+m4S12n4KpDnR8N6\n" +
"C5egFlBiqchUXwKCAQEA0WpYfTEQnsP6W87INfWdfFCjIUFxx0IDGIgKNYm3Fcd3\n" +
"8y1EEdDTsCIp3d0jRKixVW7AuM1qljlmwNTC7yV2DRjqhvqxZOk+UzrRIDaBFSBn\n" +
"rV/tx/2Hr5l4eqjORI9BhkwqSFsDrnQp9hb3hYMVoFp1uswizL631pHAPp6tLO2L\n" +
"hCyD0Lykv2roqVhZlUGevjb7VkqWWUnTwSSaxmwpZ+ETydZLI5TtoXh2VlZMyhkP\n" +
"ChiMN8RHXBI/xSutTaXVkzZZVj4+k1t7Y5vH826k+WuVpZk4ZFXm/T+M5NpomKtn\n" +
"6qbpXAQLGw6tnuzIVEADs/wxuOFF4pRE3uzn8A/OwwKCAQEAv3cfg/anlfSGvF7+\n" +
"/DxgNqvVzVwOl/ZTx96a+VTqp277dl2LPhj8cZei9dkNcoHk2IteHPmY+IftiqSu\n" +
"NUpNy3QV8rwkAfhDPPM1JhEfKfIe8JMWmfuvPS+xBXzx3sZu5+p2HqHqBSyRcUJq\n" +
"BflqV5nofYYp/BYR5f0YqKLlHGFxGo6WyoQBitFZh7xdGVrqp3ZFb07Fw3Bnqtld\n" +
"Rd7V2O7nUyHXWBWhwetO2zg++CL8GLDLEDgN+SRzkOWRAP9apNDSolYgwFEdVpeY\n" +
"KLIqBxbilPPJoK0UbSCHcEZwA5nHdzA1922HU9CkxLbHwcbKry83jQnfdGE/MIJl\n" +
"0x8/NQKCAQEA0Bev1L9Dt7AggMgq1Mu7cYOjhnFEwW7MKr1L/8VYJBExFXjekiGD\n" +
"qRtZpPiQijJi/PTwFvMwPhTOEUGabw83jm465mQIkLDhWM0yb6MZg8fOnk6btsYs\n" +
"5YZIXQKO7Tu5Ld1TitC+CMWvyLUrwwTuIYiiQjuFPRUrEtGESfVdOi7WG0Isvegm\n" +
"gXuXtGdxpUoulu+Fs0qsug8Nl3hrQE7MmkfjZQZHZhUgSPquBL7+0TgzZKHd+7BU\n" +
"BJ6xtZjgPi9S2lUAUx3JCp62LtXmy/QfhSWt738gtTtTLEXRGLwbgdGZkmfHrcLq\n" +
"0jk0t56stmNiCqDJO+DGlA8nnKmnFDpxBwKCAQEAmV7d77sNH85vG1qEDT+RWyfv\n" +
"NOZDofZMZSHbH5kLgfMJMccsrIGTAsvu0doceZukAJVv0wjjdTL/JOk8AzK9wo9F\n" +
"RebHNoLKpGXpoD8LC4wO1PIYPdc3jzOgmtyNPQsp83sIasUzJpKrV9sAdEvBllgt\n" +
"X7SAvAUyrh7PkOJDFOR1IAY8DGhxNmMZzuC3gMDsTCGasg0VWS5YBym9dI83CsL6\n" +
"mdORAxOVsMVhxkkCnCFisxp1ufruqg7y0/18zeM2mhkOmWGmZ+t4SWaBcp41GAZb\n" +
"cPytKQu2RD6optpJL8U2pQrZZJDYy/qNNGH2tOeXN/6wQBzd3gf19qxWJMpwfg==\n" +
"-----END RSA PRIVATE KEY-----";
private static final String pkcs8PrivateKey = "-----BEGIN PRIVATE KEY-----\n" +
"MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCusbPO2ry0Mfje\n" +
"CT2qq+U25Q9kkBzaUermkKZhpAahJF+rRUTkOShjIez613ELSjd+M6QmeHPcIzn7\n" +
"ecrCpERQVwxvY+DSRWS0WMCl3wHRBrosqcTy5fzXlc7BL0rslcsB6bmBoBkFVSzv\n" +
"dD5Sw2SJ/UiaJgzjXkDY88x5Peuc5ZxnrZupSMCvwuBO3UuWL2zpoNnTvT8sWklW\n" +
"GTjmxkr3QpqWkTL7yrtT5CJdfwsCr8r6eRmFeqZnlHc49puYzZ7mRy+Dwe0mz4NV\n" +
"ix8ZNLx2L/duHYONMh38fs02FXYHhe1w1HuarxtChyx44YttAFB6StU87CMkKB3o\n" +
"QHLNVtmiMYTmO4xv44VOYWocmWx9jrgRqUsbR5l82oNz/o7fyhNK6cAiUzBi0QD1\n" +
"gPZVPwN5xZo0qwxf+8+j843h1aqW0qtDKnueQhMimpsvx3O6NowzJVeqgsa1IXpc\n" +
"M053VrJCP8HavrFkrGZib0jTm9XcxCnGLpeQ36vT2MuxLgVoIGA1VnuoFLZMRd9h\n" +
"09cetxEAzamJGqIghyvq+nenonljkP10SE5sgXDVrRun+BItwCv0Oz71we/k6/V9\n" +
"FGFkN5k1fjHO2sqCypJMk0It5k5i2+nbMCTTwWefjzhlZGKa4k6BgrHQu5tHTXTs\n" +
"/AC+KHbYkRsDcB8PuJZikBdViQ22XQIDAQABAoICAB7heNiLICp2XvjZB1ahNk6i\n" +
"5TqwovkQ3AZP8al29lkL9gFvqELzu6jyeVLKPMhzISYk+NJ4Hnr+myRSHj6UDSNq\n" +
"j98s97QT4j5jJgLsTgTmPIjipdcOQsjVSYwq0QLLY+x9pXY9l86yhNP7Z3z331Dp\n" +
"PilJqqOSqMHxLucLxBejGyfUr5yYKL+pIj+urMrqrUULUxYz8PPlLeuTX9SjnuLg\n" +
"mjUdi7ao2r50qIKAj7C05JusRo+q47mRrBWculqjloA8ezC+Wi6vJhc8FY4+HUaD\n" +
"KikD/Jo8DsLwo1P5LTkdOqDkXsk0RQxYmsrvi9cD5DYJ/nHbiEa+9LJ2mhSkUqon\n" +
"c7feM9yEpmSRSTpdJ2ngcbhKfvbui9Wu5W47LXzD0y/MoISbd88f/JKZckYsu4hI\n" +
"SLynSJWse67IPXRs3DjUSeRhvELZ/L+3PD+CPjsb3AJzZzhKryHGYG9OmnN4cpVB\n" +
"11zVwu2b4ILI9XMWSchnHV0/kYLe171qqTLe/mWLZF/N67GwW3zMi2TYcsBTubic\n" +
"Hq5u7eDp0D07Lylbb/tW/0aC9RMZSg+8Haa8CpOt2a+NtIJXfjTaNoVWqNJ7ydKh\n" +
"vub/fb7oNe7vRBlnuA+LngYf26EQwocuzHk5hqUIfJXnR+eVyjwWvlvEBHEAoTIu\n" +
"OhoEBMoQDQ0RD5Q5Pu49AoIBAQDVjhKS2lQkaAb5kXAL1Jcb5I3Lbfm56TQttH/Y\n" +
"5HS2gcto8Y0MFj+alxkcVAyiCYesoNB33U98q8GWEYSsviWC7oARpUjqsjfO0CUO\n" +
"ZW7TWQyaYYC2/3Bd9sXpLbxGngEXOl1UHRJfjGFo51iGNMEQuQKECqnXB0Rk5n00\n" +
"wnH9U8nsN/KnyTDnqGTW+bQg5yy4a8Hypsj3E/EYp9OXdBL1w8EqZbMi1TuBAtXY\n" +
"ax5REDwSJVQVPXwY3K+5+0kTWs3RiUO+0yWF7dkMZ1bQ4K+jkagqRZTbuB3hVPhG\n" +
"QhGO69vKQKA5385fYU76bhLXafgqkOdHw3oLl6AWUGKpyFRfAoIBAQDRalh9MRCe\n" +
"w/pbzsg19Z18UKMhQXHHQgMYiAo1ibcVx3fzLUQR0NOwIind3SNEqLFVbsC4zWqW\n" +
"OWbA1MLvJXYNGOqG+rFk6T5TOtEgNoEVIGetX+3H/YevmXh6qM5Ej0GGTCpIWwOu\n" +
"dCn2FveFgxWgWnW6zCLMvrfWkcA+nq0s7YuELIPQvKS/auipWFmVQZ6+NvtWSpZZ\n" +
"SdPBJJrGbCln4RPJ1ksjlO2heHZWVkzKGQ8KGIw3xEdcEj/FK61NpdWTNllWPj6T\n" +
"W3tjm8fzbqT5a5WlmThkVeb9P4zk2miYq2fqpulcBAsbDq2e7MhUQAOz/DG44UXi\n" +
"lETe7OfwD87DAoIBAQC/dx+D9qeV9Ia8Xv78PGA2q9XNXA6X9lPH3pr5VOqnbvt2\n" +
"XYs+GPxxl6L12Q1ygeTYi14c+Zj4h+2KpK41Sk3LdBXyvCQB+EM88zUmER8p8h7w\n" +
"kxaZ+689L7EFfPHexm7n6nYeoeoFLJFxQmoF+WpXmeh9hin8FhHl/RioouUcYXEa\n" +
"jpbKhAGK0VmHvF0ZWuqndkVvTsXDcGeq2V1F3tXY7udTIddYFaHB607bOD74IvwY\n" +
"sMsQOA35JHOQ5ZEA/1qk0NKiViDAUR1Wl5gosioHFuKU88mgrRRtIIdwRnADmcd3\n" +
"MDX3bYdT0KTEtsfBxsqvLzeNCd90YT8wgmXTHz81AoIBAQDQF6/Uv0O3sCCAyCrU\n" +
"y7txg6OGcUTBbswqvUv/xVgkETEVeN6SIYOpG1mk+JCKMmL89PAW8zA+FM4RQZpv\n" +
"DzeObjrmZAiQsOFYzTJvoxmDx86eTpu2xizlhkhdAo7tO7kt3VOK0L4Ixa/ItSvD\n" +
"BO4hiKJCO4U9FSsS0YRJ9V06LtYbQiy96CaBe5e0Z3GlSi6W74WzSqy6Dw2XeGtA\n" +
"TsyaR+NlBkdmFSBI+q4Evv7RODNkod37sFQEnrG1mOA+L1LaVQBTHckKnrYu1ebL\n" +
"9B+FJa3vfyC1O1MsRdEYvBuB0ZmSZ8etwurSOTS3nqy2Y2IKoMk74MaUDyecqacU\n" +
"OnEHAoIBAQCZXt3vuw0fzm8bWoQNP5FbJ+805kOh9kxlIdsfmQuB8wkxxyysgZMC\n" +
"y+7R2hx5m6QAlW/TCON1Mv8k6TwDMr3Cj0VF5sc2gsqkZemgPwsLjA7U8hg91zeP\n" +
"M6Ca3I09CynzewhqxTMmkqtX2wB0S8GWWC1ftIC8BTKuHs+Q4kMU5HUgBjwMaHE2\n" +
"YxnO4LeAwOxMIZqyDRVZLlgHKb10jzcKwvqZ05EDE5WwxWHGSQKcIWKzGnW5+u6q\n" +
"DvLT/XzN4zaaGQ6ZYaZn63hJZoFynjUYBltw/K0pC7ZEPqim2kkvxTalCtlkkNjL\n" +
"+o00Yfa055c3/rBAHN3eB/X2rFYkynB+\n" +
"-----END PRIVATE KEY-----";
public static void main(String[] args) throws Exception{
jwttest1();
}
static void jwttest1() throws Exception{
SimpleDateFormat sdf = new SimpleDateFormat(" yyyy-MM-dd HH:mm:ss ");
String compactJws = Jwts.builder()
.setHeaderParam("typ", "JWT")
//.setHeaderParam("alg", "RS256") //有或者没有,都能成功,调用signWith(SignatureAlgorithm.RS256,key)的时候,会自检header签名内容,如没有会自动添加上.此行,可去掉.
.setIssuer("e9d24e5d802743b8822d8e0e6e7e64bf")
.setExpiration(sdf.parse( " 2017-09-18 19:20:00 "))
//.signWith(SignatureAlgorithm.RS256, getPrivateKey(strPk)) //test result: success.
.signWith(SignatureAlgorithm.RS256, getPKCS8PrivateKey(pkcs8PrivateKey)) //test result: success.
.compact();
log.info("jwt token:Bearer {}", compactJws);
}
/**
* @param strPk RSA PRIVATE key
* test result: success
* */
private static PrivateKey getPrivateKey(String strPk) throws Exception {
// Remove markers and new line characters in private key
String realPK = strPk.replaceAll("-----END RSA PRIVATE KEY-----", "")
.replaceAll("-----BEGIN RSA PRIVATE KEY-----", "")
.replaceAll("\n", "");
byte[] b1 = Base64.getDecoder().decode(realPK);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(b1);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}
/**
* * @param strPk PKCS8 RSA PRIVATE key
* test result: success
* */
private static PrivateKey getPKCS8PrivateKey(String strPk) throws Exception {
// Remove markers and new line characters in private key
String realPK = strPk.replaceAll("-----END PRIVATE KEY-----", "")
.replaceAll("-----BEGIN PRIVATE KEY-----", "")
.replaceAll("\n", "");
byte[] b1 = Base64.getDecoder().decode(realPK);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(b1);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}
}
2.3 计算签名 2.3.1 执行计算签名 按照2.2.5编写完成签名算法,执行main方法,输出签名。
得到签名:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJlOWQyNGU1ZDgwMjc0M2I4ODIyZDhlMGU2ZTdlNjRiZiIsImV4cCI6MTUwNTczMzYwMH0.irjqj-13xTZbddT8OyvP9lhFqSG8EpZi4UPRqBwRcj5TBwA7ju0NvZogEUvab674c9NL7cPKd4MWyjRCV9fPZTc-Wb7V7V1JEPMf1-WS29QsKUB6lYJ4sR217l2OLnwGV_mzZpHz5-TqMp5zCDz_gYY6c22zVJPIC-znf1RLu4EvytsD6MxxLRTnEEhmJfP8V3T5K7S_8fYm87XSFB5BADgDiWReEKhukzDH4Z8ryB1cCAhApbbgMA9EhI1jWJUgMImJMsersx3dBUOrwF33Qq2zFyn-8jv6dGR_aGP0ZjDiTP5wdZDqYKA_QL6li0UrYNmr7-Guw6x9yxPYCYap2W6EjQrbyM54L1acSZNtVWXFwmV8l8L2JcgAK45ejrA0U-FhTZVFoPbhzTn9Vl99ICaIQYiS7TaK3myEZvkuHE3W7ieBfiL6CVxcU0BhUIaB5f6kt58T26-J7f1YpEPDJPXlETNOA7kTeWEe86B6xII_olNY_EV1bfw8f5de8zE45Dq3JycNtgwoDZB5Al48EMak9rodBko8qH1U2QuG3NCEC_AXxUEmEVJykzm8cZn4PYdk2u58y1ieVgfvbMeYfuwW7H9u7AHOenNIz1C2KOvQiecAptgE2VOGWpPm7A_1Ycppm0c4erY2gDAsadjm72AA_Ez_zZ9eEciCjG3gUnk
注意:以上签名只有一行。
2.3.2 校验签名 利用www.jwt.io 工具验证签名是否正确。
验证结果显示:Signature Verified true!通过。
2.4 模拟客户端调用
curl -X POST \
http://10.110.2.3:8000/testJWT \
-H 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJlOWQyNGU1ZDgwMjc0M2I4ODIyZDhlMGU2ZTdlNjRiZiIsImV4cCI6MTUwNTczMzYwMH0.irjqj-13xTZbddT8OyvP9lhFqSG8EpZi4UPRqBwRcj5TBwA7ju0NvZogEUvab674c9NL7cPKd4MWyjRCV9fPZTc-Wb7V7V1JEPMf1-WS29QsKUB6lYJ4sR217l2OLnwGV_mzZpHz5-TqMp5zCDz_gYY6c22zVJPIC-znf1RLu4EvytsD6MxxLRTnEEhmJfP8V3T5K7S_8fYm87XSFB5BADgDiWReEKhukzDH4Z8ryB1cCAhApbbgMA9EhI1jWJUgMImJMsersx3dBUOrwF33Qq2zFyn-8jv6dGR_aGP0ZjDiTP5wdZDqYKA_QL6li0UrYNmr7-Guw6x9yxPYCYap2W6EjQrbyM54L1acSZNtVWXFwmV8l8L2JcgAK45ejrA0U-FhTZVFoPbhzTn9Vl99ICaIQYiS7TaK3myEZvkuHE3W7ieBfiL6CVxcU0BhUIaB5f6kt58T26-J7f1YpEPDJPXlETNOA7kTeWEe86B6xII_olNY_EV1bfw8f5de8zE45Dq3JycNtgwoDZB5Al48EMak9rodBko8qH1U2QuG3NCEC_AXxUEmEVJykzm8cZn4PYdk2u58y1ieVgfvbMeYfuwW7H9u7AHOenNIz1C2KOvQiecAptgE2VOGWpPm7A_1Ycppm0c4erY2gDAsadjm72AA_Ez_zZ9eEciCjG3gUnk'
返回结果:
{
"success": true,
"result": "成功了,恭喜你.",
"error": null
}
以上内容由源接口返回。
至此,JWT插件RSA256非对称加密验证通过。