ajv(token应用案例)

精英怪
广告

Json web token (JWT)

ajv(token应用案例)

网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519),该token被设计为紧凑且安全的,特别适用于分布式站点的单点登录(SSO)场景。

java-jwt实现

java-jwt 是JSON Web Token(JWT) - RFC 7519 的实现。

可用的算法:

HS256,HMAC256,HMAC with SHA-256

HS384,HMAC384,HMAC with SHA-384

HS512,HMAC512,HMAC with SHA-512

RS256,RSA256,RSASSA-PKCS1-v1_5 with SHA-256

RS384,RSA384,RSASSA-PKCS1-v1_5 with SHA-384

RS512,RSA512,RSASSA-PKCS1-v1_5 with SHA-512

ES256,ECDSA256,ECDSA with curve P-256 and SHA-256

ES256K,ECDSA256,ECDSA with curve secp256k1 and SHA-256

ES384,ECDSA384,ECDSA with curve P-384 and SHA-384

ES512,ECDSA512,ECDSA with curve P-521 and SHA-512

HMAC(Hash-based Message Authentication Code),密钥相关的哈希运算消息认证码。

ECDSA(Elliptic Curve Digital Signature Algorithm),基于椭圆曲线私钥/公钥对的数字签名的算法。

代码案例(Demo):

<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.13.0</version> </dependency>

HMAC、RSA、ECDSA算法

import com.auth0.jwt.algorithms.Algorithm; import java.security.*; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.ECGenParameterSpec; public class AlgorithmDemo { public static void main(String[] args) { //HMAC Algorithm algorithmHS = Algorithm.HMAC256("secret"); System.out.println(algorithmHS); //RSA KeyPair rsaKeyPair = generateRSAKeyPair(); RSAPublicKey publicKey = (RSAPublicKey) rsaKeyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) rsaKeyPair.getPrivate(); Algorithm algorithmRS = Algorithm.RSA256(publicKey, privateKey); System.out.println(algorithmRS); //ECDSA KeyPair keyPair = generateECKeyPair(); ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate(); ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic(); Algorithm algorithmEC = Algorithm.ECDSA256(ecPublicKey, ecPrivateKey); System.out.println(algorithmEC); } public static KeyPair generateRSAKeyPair() { // KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = null; try { keyPairGen = KeyPairGenerator.getInstance("RSA"); // 初始化密钥对生成器,密钥大小为96-1024位 keyPairGen.initialize(1024, new SecureRandom()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } // 生成一个密钥对,保存在keyPair中 KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); return keyPair; } public static KeyPair generateECKeyPair() { KeyPairGenerator kpg = null; try { kpg = KeyPairGenerator.getInstance("EC"); kpg.initialize(new ECGenParameterSpec("secp521r1"), new SecureRandom()); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { e.printStackTrace(); } KeyPair keyPair = kpg.generateKeyPair(); ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate(); ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic(); return keyPair; } }

算法HMAC256,Token操作:

import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import java.util.*; public class CreateAndSignTokenDemo { static String key = "secret"; public static void main(String[] args) { String token = generalToken(); System.out.println(token); // 输出: // eyJraWQiOiI2Yzc3MzM3NS02MDA1LTQ1MjEtYmQwMi02Yzg1YWQzYzE0YWQiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VycyIsImNsYWltcyI6eyJ1c2VySWQiOiLnlKjmiLdJRCIsInVzZXJuYW1lIjoi55So5oi35ZCN56ewIn0sImlzcyI6ImF1dGgwIiwiZXhwIjoxNjEzNjQxNDE3LCJpYXQiOjE2MTM2NDA4MTcsImp0aSI6IjAzMjYxMjc5LWMzNjUtNDFjMC04MGQzLTAyNjQ5MTIxOWMxOCJ9.rISbHUYQDbwrEoRpauMoNb7CmWO5iBjwK6Rq5FkdjDE Map<String, Claim> claims = parseToken(token); System.out.println(claims); //输出: //{sub="users", claims={"userId":"用户ID","username":"用户名称"}, iss="auth0", exp=1613641417, iat=1613640817, jti="03261279-c365-41c0-80d3-026491219c18"} } /** * @return */ public static String generalToken() { try { Algorithm algorithm = Algorithm.HMAC256(key); // 设置私有声明 Map<String, Object> claims = new HashMap<>(16); claims.put("userId", "用户ID"); claims.put("username", "用户名称"); // 记录生成JWT的时间 long nowMillis = System.currentTimeMillis(); Date nowTime = new Date(nowMillis); // 设置过期时间 6分钟 long expMillis = nowMillis + 10 * 60 * 1000; Date expTime = new Date(expMillis); // 创建tocken构建器实例 String token = JWT.create() // 设置自己的私有声明 .withClaim("claims", claims) .withJWTId(UUID.randomUUID().toString()) .withKeyId(UUID.randomUUID().toString()) // 设置签发者 .withIssuer("auth0") // 设置签发时间 .withIssuedAt(nowTime) // 设置过期时间 .withExpiresAt(expTime) // 设置tocken的签发对象 .withSubject("users") // 设置签发算法和密钥 .sign(algorithm); return token; } catch (Exception e) { e.printStackTrace(); return "生成tocken失败"; } } /** * @return */ public static Map<String, Claim> parseToken(String token) { try { // 设置签发算法 Algorithm algorithm = Algorithm.HMAC256(key); JWTVerifier verifier = JWT.require(algorithm) .withIssuer("auth0") .build(); DecodedJWT jwt = verifier.verify(token); return jwt.getClaims(); } catch (Exception e) { e.printStackTrace(); return null; } } }

算法RSA,Token操作:

import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import java.security.KeyPair; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.util.*; public class CreateAndSignTokenDemo2 { static KeyPair rsaKeyPair = AlgorithmDemo.generateRSAKeyPair(); public static void main(String[] args) { String token = generalToken(); System.out.println(token); // 输出: // eyJraWQiOiIyZWZkMjcxOC05NDMzLTQ4NTQtOTVhZi1hZWQwODgyNzIyZjAiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VycyIsImNsYWltcyI6eyJ1c2VySWQiOiLnlKjmiLdJRCIsInVzZXJuYW1lIjoi55So5oi35ZCN56ewIn0sImlzcyI6ImF1dGgwIiwiZXhwIjoxNjEzNjQxMDU2LCJpYXQiOjE2MTM2NDA0NTYsImp0aSI6IjUwMWU0MGIzLTQ0NzItNDMwZS1hZDJjLTdhOTdlNDE0YTZiZiJ9.kWW122dkmq81YpgYBLh7k2b1A9ghjq9VKs6aHiTbfPZHQ7dRrY-un86JfLYvkY3-z1rLuenkOWCrDDfatYCfxl-y3fxb_kP3MOofgVYxva062mRNnsCwr0N0gp3SZPgNCpp5q4iTnLxh6RVDQRgXYZnJ76L7oFtQaecnQsTjYTA Map<String,Claim> claims = parseToken(token); System.out.println(claims); //输出: //{sub="users", claims={"userId":"用户ID","username":"用户名称"}, iss="auth0", exp=1613641056, iat=1613640456, jti="501e40b3-4472-430e-ad2c-7a97e414a6bf"} } /** * @return */ public static String generalToken() { try { RSAPublicKey publicKey = (RSAPublicKey) rsaKeyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) rsaKeyPair.getPrivate(); // 设置签发算法 Algorithm algorithmRS = Algorithm.RSA256(publicKey, privateKey); // 设置私有声明 Map<String, Object> claims = new HashMap<>(16); claims.put("userId", "用户ID"); claims.put("username", "用户名称"); // 记录生成JWT的时间 long nowMillis = System.currentTimeMillis(); Date nowTime = new Date(nowMillis); // 设置过期时间 6分钟 long expMillis = nowMillis + 10 * 60 * 1000; Date expTime = new Date(expMillis); // 创建tocken构建器实例 String token = JWT.create() // 设置自己的私有声明 .withClaim("claims",claims) .withJWTId(UUID.randomUUID().toString()) .withKeyId(UUID.randomUUID().toString()) // 设置签发者 .withIssuer("auth0") // 设置签发时间 .withIssuedAt(nowTime) // 设置过期时间 .withExpiresAt(expTime) // 设置tocken的签发对象 .withSubject("users") // 设置签发算法和密钥 .sign(algorithmRS); return token; } catch (Exception e) { e.printStackTrace(); return "生成tocken失败"; } } /** * @return */ public static Map<String, Claim> parseToken(String token) { try { RSAPublicKey publicKey = (RSAPublicKey) rsaKeyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) rsaKeyPair.getPrivate(); // 设置签发算法 Algorithm algorithmRS = Algorithm.RSA256(publicKey, privateKey); JWTVerifier verifier = JWT.require(algorithmRS) .withIssuer("auth0") .build(); DecodedJWT jwt = verifier.verify(token); return jwt.getClaims(); } catch (Exception e) { e.printStackTrace(); return null; } } }

算法ECDSA,Token操作:

import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import java.security.KeyPair; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.UUID; public class CreateAndSignTokenDemo3 { static KeyPair ecKeyPair = AlgorithmDemo.generateECKeyPair(); public static void main(String[] args) { String token = generalToken(); System.out.println(token); // 输出: // eyJraWQiOiIxMTM2NmMyMi01MWJiLTRlZjktOTQwNy04M2U4MjU5ZGU5NWYiLCJ0eXAiOiJKV1QiLCJhbGciOiJFUzUxMiJ9.eyJzdWIiOiJ1c2VycyIsImNsYWltcyI6eyJ1c2VySWQiOiLnlKjmiLdJRCIsInVzZXJuYW1lIjoi55So5oi35ZCN56ewIn0sImlzcyI6ImF1dGgwIiwiZXhwIjoxNjEzNjQwOTkzLCJpYXQiOjE2MTM2NDAzOTMsImp0aSI6IjYxM2Y0NmFkLTc2NjQtNDA3MS1iNGMxLTE5ZTk3N2RlNTYxNiJ9.ACHW7HaCQDU_SrzgicSQ6PptyAlCl-tXwUPdnTGmvL599jQBzbWuiurAXrFfDx6Pviv0B8PjJq6EhQM99XoLTB5vAeewblR3diaCwOvrA4ih4bQNF5-g5lIr7WMKnoOf2VIajUpgXDGwAErHktlxv2K4YUV6ckajV_lUPgTS3SplOsvz Map<String, Claim> claims = parseToken(token); System.out.println(claims); //输出: //{sub="users", claims={"userId":"用户ID","username":"用户名称"}, iss="auth0", exp=1613640993, iat=1613640393, jti="613f46ad-7664-4071-b4c1-19e977de5616"} } /** * @return */ public static String generalToken() { try { ECPrivateKey ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); ECPublicKey ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); // 设置签发算法 Algorithm algorithmRS = Algorithm.ECDSA512(ecPublicKey, ecPrivateKey); // 设置私有声明 Map<String, Object> claims = new HashMap<>(16); claims.put("userId", "用户ID"); claims.put("username", "用户名称"); // 记录生成JWT的时间 long nowMillis = System.currentTimeMillis(); Date nowTime = new Date(nowMillis); // 设置过期时间 6分钟 long expMillis = nowMillis + 10 * 60 * 1000; Date expTime = new Date(expMillis); // 创建tocken构建器实例 String token = JWT.create() // 设置自己的私有声明 .withClaim("claims", claims) .withJWTId(UUID.randomUUID().toString()) .withKeyId(UUID.randomUUID().toString()) // 设置签发者 .withIssuer("auth0") // 设置签发时间 .withIssuedAt(nowTime) // 设置过期时间 .withExpiresAt(expTime) // 设置tocken的签发对象 .withSubject("users") // 设置签发算法和密钥 .sign(algorithmRS); return token; } catch (Exception e) { e.printStackTrace(); return "生成tocken失败"; } } /** * @return */ public static Map<String, Claim> parseToken(String token) { try { ECPrivateKey ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate(); ECPublicKey ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); // 设置签发算法 Algorithm algorithmRS = Algorithm.ECDSA512(ecPublicKey, ecPrivateKey); JWTVerifier verifier = JWT.require(algorithmRS) .withIssuer("auth0") .build(); DecodedJWT jwt = verifier.verify(token); return jwt.getClaims(); } catch (Exception e) { e.printStackTrace(); return null; } } }

发表评论

快捷回复: 表情:
AddoilApplauseBadlaughBombCoffeeFabulousFacepalmFecesFrownHeyhaInsidiousKeepFightingNoProbPigHeadShockedSinistersmileSlapSocialSweatTolaughWatermelonWittyWowYeahYellowdog
评论列表 (暂无评论,214人围观)

还没有评论,来说两句吧...