在java中使用axiom-api解码X-JWT-Assertion [英] Decode X-JWT-Assertion using axiom-api in java

查看:195
本文介绍了在java中使用axiom-api解码X-JWT-Assertion的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我希望使用 axiom-api 库解码以下 X-JWT-Assertion ?我需要返回编码的标题正文签名
任何指针?



我想要解码以下 X-JWT-Assertion

  eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNM 
lpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ ==。eyJpc3MiOiJ3c28yL
m9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYW
ltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGl
vbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVs
dEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVb
mxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dH
A6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWl
tcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJP
RFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsI
mh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5 kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy
9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ ==。YtVaDtRYtfUkVDvwe9V8oqsXK8OkB4
HUhsQS2z3ngWRNjAktSKWlH + Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX / Y1O + WSLMLZYQ11WV
zFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g / w8a05UnCvsGyIh5oCP4RUsAhXo =


解决方案

我正在使用来自 http://mvnrepository.com/artifact/org.apache.ws.commons.axiom/axiom-api



<这是我开发的示例代码。注意:签名代码不起作用,它只是一个提示。为了使签名正常工作,您需要密钥库并读取别名然后解密。

  import java.util.regex。匹配器; 
import java.util.regex.Pattern;

import org.apache.axiom.util.base64.Base64Utils;

公共类JWTAssertionReader {

公共静态字符串signedJWTToken =eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNMlpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ == == eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVbmxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ。YtVaDtR YtfUkVDvwe9V8oqsXK8OkB4HUhsQS2z3ngWRNjAktSKWlH + Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX / Y1O + WSLMLZYQ11WVzFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g / w8a05UnCvsGyIh5oCP4RUsAhXo =;

public static void main(String [] args){
String [] split_string = signedJWTToken.split(\\。);
String base64EncodedHeader = split_string [0];
String base64EncodedBody = split_string [1];
String base64EncodedSignature = split_string [2];

String decodingHeader = new String(Base64Utils.decode(base64EncodedHeader));
System.out.println(Decoded Header:);
System.out.println(===========================);
System.out.println(decodingHeader);


System.out.println(Decoded Body:);
System.out.println(============================);
String decodingBody = new String(Base64Utils.decode(base64EncodedBody));
System.out.println(decodingBody);

//我不太确定你不会在没有使用.keystore的情况下获得Signature
//下面的代码不起作用,只会给出提示/指南
系统.out.println(解码签名:);
System.out.println(==================);
byte [] decodingSignature = Base64Utils.decode(base64EncodedSignature);
模式模式= Pattern.compile(^ [^:] *:[^:] *:[^:] *:\(。+)\} $);
Matcher matcher = pattern.matcher(decodingHeader);
String base64EncodedCertThumb = null;
if(matcher.find()){
base64EncodedCertThumb = matcher.group(1);
}
byte [] decodingCertThumb = Base64Utils.decode(base64EncodedCertThumb);
System.out.println(decodingCertThumb);
}
}

以下输出:

 解码标题:
========================== =
{typ:JWT,alg:SHA256withRSA,x5t:NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA ==}

解码体:
=== =========================
{iss:wso2.org/products/am\",\"exp\":1372522805177, http://wso2.org/claims/subscriber\":\"lalaji\",\"http://wso2.org/claims/applicationid\":\"1\",\"http://wso2.org/claims/applicationname: DefaultApplication中, http://wso2.org/claims/applicationtier: 无限制, http://wso2.org/claims/apicontext: / API1,http://wso2.org/权利要求/版本 : 1.2.3\" , http://wso2.org/claims/tier: 无限制, http://wso2.org/claims/keytype: 生产,HTTP: //wso2.org/claims/usertype\":\"APPLICATION\",\"http://wso2.org/claims/enduser\":\"lalaji\",\"http://wso2.org/claims/enduserTenantId\":\"-1234 }


I am looking to decode the following X-JWT-Assertion using the axiom-api library ? I need to return the encoded header, body and Signature. Any pointers?

I'm looking to decode the following X-JWT-Assertion:

    eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNM
lpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ==.eyJpc3MiOiJ3c28yL
m9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYW
ltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGl
vbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVs
dEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVb
mxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dH
A6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWl
tcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJP
RFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsI
mh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy
9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ==.YtVaDtRYtfUkVDvwe9V8oqsXK8OkB4
HUhsQS2z3ngWRNjAktSKWlH+Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX/Y1O+WSLMLZYQ11WV
zFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g/w8a05UnCvsGyIh5oCP4RUsAhXo=

解决方案

I am using latest dependency from http://mvnrepository.com/artifact/org.apache.ws.commons.axiom/axiom-api.

Here is the sample code which I developed. Note: Signature code will not works, it's just a hint. In order to make signature working working you need keystore and read the alias and then decrypt it.

import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.axiom.util.base64.Base64Utils;

public class JWTAssertionReader {

    public static String signedJWTToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNMlpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ==.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVbmxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ==.YtVaDtRYtfUkVDvwe9V8oqsXK8OkB4HUhsQS2z3ngWRNjAktSKWlH+Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX/Y1O+WSLMLZYQ11WVzFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g/w8a05UnCvsGyIh5oCP4RUsAhXo=";

    public static void main(String[] args) {
        String[] split_string = signedJWTToken.split("\\.");
        String base64EncodedHeader = split_string[0];
        String base64EncodedBody = split_string[1];
        String base64EncodedSignature = split_string[2];

        String decodedHeader = new String(Base64Utils.decode(base64EncodedHeader));
        System.out.println("Decoded Header :");
        System.out.println("===========================");
        System.out.println(decodedHeader);


        System.out.println("Decoded Body :");
        System.out.println("============================");
        String decodedBody = new String(Base64Utils.decode(base64EncodedBody));
        System.out.println(decodedBody);

        // I am not too sure you will not be getting Signature without the use of .keystore
        // Below code will not works, just will give hints / guidelines
        System.out.println("Decoded Signature :");
        System.out.println("==================");
        byte[] decodedSignature = Base64Utils.decode(base64EncodedSignature);
        Pattern pattern = Pattern.compile("^[^:]*:[^:]*:[^:]*:\"(.+)\"}$");
        Matcher matcher = pattern.matcher(decodedHeader);
        String base64EncodedCertThumb = null;
        if(matcher.find()){
            base64EncodedCertThumb = matcher.group(1);
        }
        byte[] decodedCertThumb = Base64Utils.decode(base64EncodedCertThumb);
        System.out.println(decodedCertThumb);
    }
}

The output below:

Decoded Header :
===========================
{"typ":"JWT","alg":"SHA256withRSA","x5t":"NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA=="}

Decoded Body :
============================
{"iss":"wso2.org/products/am","exp":1372522805177,"http://wso2.org/claims/subscriber":"lalaji","http://wso2.org/claims/applicationid":"1","http://wso2.org/claims/applicationname":"DefaultApplication","http://wso2.org/claims/applicationtier":"Unlimited","http://wso2.org/claims/apicontext":"/api1","http://wso2.org/claims/version":"1.2.3","http://wso2.org/claims/tier":"Unlimited","http://wso2.org/claims/keytype":"PRODUCTION","http://wso2.org/claims/usertype":"APPLICATION","http://wso2.org/claims/enduser":"lalaji","http://wso2.org/claims/enduserTenantId":"-1234"}

这篇关于在java中使用axiom-api解码X-JWT-Assertion的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆