在Java中验证jwt:无法为RSA签名指定密钥字节 [英] Validating jwt in java: Key bytes cannot be specified for RSA signatures
问题描述
我从OAuth服务器收到jwt(访问令牌). OAuth服务器已经向我提供了秘密,公钥和自签名的CA证书.
I receive the jwt (access token) from an OAuth Server. The OAuth server has already provided me with the secret, public key, and self-signed CA certificate.
我想编写一个代码,当我收到jwt时,可以对其进行验证并检查此服务器是否已将其发送给我.我使用以下代码在Java中验证我的jwt.
I want to write a code that when I receive a jwt, I can validate it and check if this server has sent it to me. I use the following code to validat my jwt in java.
String jwt = "xxx.yyy.zzz";
//This line will throw an exception if it is not a signed JWS (as expected)
Claims claims = Jwts.parser().setSigningKey(DatatypeConverter.parseBase64Binary(self_signed_CA_Certificate))
.parseClaimsJws(jwt).getBody();
我收到错误:Key bytes cannot be specified for RSA signatures. Please specify a PublicKey or PrivateKey instance.
感谢您的帮助.
推荐答案
我遇到了同样的问题,这是我的解决方法
I had the same problem, it was my solution
在我的情况下,我获得了一个证书,该证书提供了可以用不同密钥签名的功能,
in my case I gad a certificate that give the ability that can be signed with different keys,
CertificateFactory fact = CertificateFactory.getInstance("X.509");
FileInputStream is = new FileInputStream ("yourcertificate.jks");
Certificate cer = fact.generateCertificate(is);
PublicKey publicKey = cer.getPublicKey();
,然后验证使用的jwt令牌:
and then to verify the jwt token used:
Claims body = Jwts.parser()
.setSigningKey(publicKey)
.parseClaimsJws(token)
.getBody();
这篇关于在Java中验证jwt:无法为RSA签名指定密钥字节的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!