在java中使用axiom-api解码X-JWT-Assertion [英] Decode X-JWT-Assertion using axiom-api in java
本文介绍了在java中使用axiom-api解码X-JWT-Assertion的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我希望使用 axiom-api 库解码以下 X-JWT-Assertion ?我需要返回编码的标题,正文和签名 。
任何指针?
我想要解码以下 X-JWT-Assertion :
eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNM
lpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ ==。eyJpc3MiOiJ3c28yL
m9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYW
ltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGl
vbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVs
dEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVb
mxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dH
A6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWl
tcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJP
RFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsI
mh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5 kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy
9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ ==。YtVaDtRYtfUkVDvwe9V8oqsXK8OkB4
HUhsQS2z3ngWRNjAktSKWlH + Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX / Y1O + WSLMLZYQ11WV
zFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g / w8a05UnCvsGyIh5oCP4RUsAhXo =
解决方案
我正在使用来自 http://mvnrepository.com/artifact/org.apache.ws.commons.axiom/axiom-api 。
<这是我开发的示例代码。注意:签名代码不起作用,它只是一个提示。为了使签名正常工作,您需要密钥库并读取别名然后解密。
import java.util.regex。匹配器;
import java.util.regex.Pattern;
import org.apache.axiom.util.base64.Base64Utils;
公共类JWTAssertionReader {
公共静态字符串signedJWTToken =eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNMlpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ == == eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVbmxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ。YtVaDtR YtfUkVDvwe9V8oqsXK8OkB4HUhsQS2z3ngWRNjAktSKWlH + Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX / Y1O + WSLMLZYQ11WVzFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g / w8a05UnCvsGyIh5oCP4RUsAhXo =;
public static void main(String [] args){
String [] split_string = signedJWTToken.split(\\。);
String base64EncodedHeader = split_string [0];
String base64EncodedBody = split_string [1];
String base64EncodedSignature = split_string [2];
String decodingHeader = new String(Base64Utils.decode(base64EncodedHeader));
System.out.println(Decoded Header:);
System.out.println(===========================);
System.out.println(decodingHeader);
System.out.println(Decoded Body:);
System.out.println(============================);
String decodingBody = new String(Base64Utils.decode(base64EncodedBody));
System.out.println(decodingBody);
//我不太确定你不会在没有使用.keystore的情况下获得Signature
//下面的代码不起作用,只会给出提示/指南
系统.out.println(解码签名:);
System.out.println(==================);
byte [] decodingSignature = Base64Utils.decode(base64EncodedSignature);
模式模式= Pattern.compile(^ [^:] *:[^:] *:[^:] *:\(。+)\} $);
Matcher matcher = pattern.matcher(decodingHeader);
String base64EncodedCertThumb = null;
if(matcher.find()){
base64EncodedCertThumb = matcher.group(1);
}
byte [] decodingCertThumb = Base64Utils.decode(base64EncodedCertThumb);
System.out.println(decodingCertThumb);
}
}
以下输出:
解码标题:
========================== =
{typ:JWT,alg:SHA256withRSA,x5t:NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA ==}
解码体:
=== =========================
{iss:wso2.org/products/am\",\"exp\":1372522805177, http://wso2.org/claims/subscriber\":\"lalaji\",\"http://wso2.org/claims/applicationid\":\"1\",\"http://wso2.org/claims/applicationname: DefaultApplication中, http://wso2.org/claims/applicationtier: 无限制, http://wso2.org/claims/apicontext: / API1,http://wso2.org/权利要求/版本 : 1.2.3\" , http://wso2.org/claims/tier: 无限制, http://wso2.org/claims/keytype: 生产,HTTP: //wso2.org/claims/usertype\":\"APPLICATION\",\"http://wso2.org/claims/enduser\":\"lalaji\",\"http://wso2.org/claims/enduserTenantId\":\"-1234 }
I am looking to decode the following X-JWT-Assertion using the axiom-api library ? I need to return the encoded header, body and Signature.
Any pointers?
I'm looking to decode the following X-JWT-Assertion:
eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNM
lpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ==.eyJpc3MiOiJ3c28yL
m9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYW
ltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGl
vbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVs
dEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVb
mxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dH
A6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWl
tcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJP
RFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsI
mh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy
9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ==.YtVaDtRYtfUkVDvwe9V8oqsXK8OkB4
HUhsQS2z3ngWRNjAktSKWlH+Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX/Y1O+WSLMLZYQ11WV
zFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g/w8a05UnCvsGyIh5oCP4RUsAhXo=
解决方案
I am using latest dependency from http://mvnrepository.com/artifact/org.apache.ws.commons.axiom/axiom-api.
Here is the sample code which I developed. Note: Signature code will not works, it's just a hint. In order to make signature working working you need keystore and read the alias and then decrypt it.
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.axiom.util.base64.Base64Utils;
public class JWTAssertionReader {
public static String signedJWTToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNMlpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ==.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTM3MjUyMjgwNTE3NywiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoibGFsYWppIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbmlkIjoiMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiRGVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcHBsaWNhdGlvbnRpZXIiOiJVbmxpbWl0ZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwaWNvbnRleHQiOiIvYXBpMSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMi4zIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImxhbGFqaSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQifQ==.YtVaDtRYtfUkVDvwe9V8oqsXK8OkB4HUhsQS2z3ngWRNjAktSKWlH+Is9T5EQnsg8hrsJQ4nKDdwDWHAUIFxIsb7bX/Y1O+WSLMLZYQ11WVzFaw50BJuqPbL9ZOfux1iRnm4ZbxClVSan72g/w8a05UnCvsGyIh5oCP4RUsAhXo=";
public static void main(String[] args) {
String[] split_string = signedJWTToken.split("\\.");
String base64EncodedHeader = split_string[0];
String base64EncodedBody = split_string[1];
String base64EncodedSignature = split_string[2];
String decodedHeader = new String(Base64Utils.decode(base64EncodedHeader));
System.out.println("Decoded Header :");
System.out.println("===========================");
System.out.println(decodedHeader);
System.out.println("Decoded Body :");
System.out.println("============================");
String decodedBody = new String(Base64Utils.decode(base64EncodedBody));
System.out.println(decodedBody);
// I am not too sure you will not be getting Signature without the use of .keystore
// Below code will not works, just will give hints / guidelines
System.out.println("Decoded Signature :");
System.out.println("==================");
byte[] decodedSignature = Base64Utils.decode(base64EncodedSignature);
Pattern pattern = Pattern.compile("^[^:]*:[^:]*:[^:]*:\"(.+)\"}$");
Matcher matcher = pattern.matcher(decodedHeader);
String base64EncodedCertThumb = null;
if(matcher.find()){
base64EncodedCertThumb = matcher.group(1);
}
byte[] decodedCertThumb = Base64Utils.decode(base64EncodedCertThumb);
System.out.println(decodedCertThumb);
}
}
The output below:
Decoded Header :
===========================
{"typ":"JWT","alg":"SHA256withRSA","x5t":"NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA=="}
Decoded Body :
============================
{"iss":"wso2.org/products/am","exp":1372522805177,"http://wso2.org/claims/subscriber":"lalaji","http://wso2.org/claims/applicationid":"1","http://wso2.org/claims/applicationname":"DefaultApplication","http://wso2.org/claims/applicationtier":"Unlimited","http://wso2.org/claims/apicontext":"/api1","http://wso2.org/claims/version":"1.2.3","http://wso2.org/claims/tier":"Unlimited","http://wso2.org/claims/keytype":"PRODUCTION","http://wso2.org/claims/usertype":"APPLICATION","http://wso2.org/claims/enduser":"lalaji","http://wso2.org/claims/enduserTenantId":"-1234"}
这篇关于在java中使用axiom-api解码X-JWT-Assertion的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
