Fis*_*her 3 java signature jwt box-api box
我再次需要你的帮助......
我想访问 Box API 并使用 JWT(Json Web 令牌)进行授权。为此,我需要创建一个断言:
“每个 JWT 断言都由三个组件组成,标头、声明和签名。-
标头指定用于 JWT 签名的算法。-
声明包含必要的信息。验证和提供正确的标记
-签名被用来验证识别应用,并使用公钥验证
一旦被编码,然后连接起来,智威汤逊断言将是这样的:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9eyJpc3MiOiJ2Z3 B2bWFvaDJjZ2ZjNGRuMzFnMWx0cmlhbmdlZCIsInN1YiI 6IjE2ODczOTQzIiwiZXhwIjoxNDI5MDM3ODYwLCJqdGkiOiJ”。
因此,我之前必须创建一个 RSA 密钥对,并且必须将公钥存放在 Box devolper 应用程序中。
现在,我不知道如何创建签名。我找到了创建密钥对的解决方案,但由于我已经有了这个,我不知道如何修改代码。
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import sun.misc.BASE64Encoder;
public class MainClass {
public static void main(String[] args) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.genKeyPair();
byte[] data = "test".getBytes("UTF8");
Signature sig = Signature.getInstance("MD5WithRSA");
sig.initSign(keyPair.getPrivate());
sig.update(data);
byte[] signatureBytes = sig.sign();
System.out.println("Singature:" + new
BASE64Encoder().encode(signatureBytes));
sig.initVerify(keyPair.getPublic());
sig.update(data);
System.out.println(sig.verify(signatureBytes));
}
}
Box Api says
RSA keypair must be in PEM format
So, you need to export your public key to PEM. Use this code (java8)
public static String exportPublicKeyAsPem(PublicKey publicKey) throws Exception {
StringWriter sw = new StringWriter();
sw.write("-----BEGIN PUBLIC KEY-----\n");
sw.write(Base64.getEncoder().encodeToString(publicKey.getEncoded()));
sw.write("\n-----END PUBLIC KEY-----\n");
return sw.toString();
}
Creating a signed JWT token can be done in this way (You can also use a library)
public static String signJWT (String header, String payload, PrivateKey privateKey) throws Exception{
String token =
Base64.getUrlEncoder().encodeToString(header.getBytes())
+ "."
+Base64.getUrlEncoder().encodeToString(payload.getBytes());
Signature sig = Signature.getInstance("SHA256WithRSA");
sig.initSign(privateKey);
sig.update(token.getBytes());
byte[] signature = sig.sign();
return token + "." + Base64.getUrlEncoder().encodeToString(signature);
}
Using the code:
public final static void main(String argv[]) throws Exception{
String header = "{\"alg\": \"RS256\",\"typ\": \"JWT\"}";
String payload = "{\"sub\": \"1234567890\",\"name\": \"John Doe\"}";
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair keyPair = kpg.genKeyPair();
String publicKeyPem = exportPublicKeyAsPem(keyPair.getPublic());
String signedToken = signJWT (header, payload, keyPair.getPrivate());
System.out.println(publicKeyPem);
System.out.println(signedToken);
}
最后,您需要存储密钥对并在使用前加载。我建议您使用 openssl 预生成密钥对,如BoxApi 文档所述
| 归档时间: |
|
| 查看次数: |
4400 次 |
| 最近记录: |