生成私钥公钥
采⽤JWT私钥颁发令牌,公钥校验令牌,这⾥先使用keytool⼯具⽣成公钥私钥证书
⽣成密钥证书 下边命令⽣成密钥证书,采⽤RSA 算法每个证书包含公钥和私钥
创建⼀个⽂件夹,在该⽂件夹下执⾏如下命令⾏:
keytool -genkeypair -alias kaikeba -keyalg RSA -keypass kaikeba -keystore kaikeba.jks -storepass kaikeba
Keytool 是⼀个java提供的证书管理⼯具
-alias:密钥的别名
-keyalg:使⽤的hash算法
-keypass:密钥的访问密码
-keystore:密钥库⽂件名
-storepass:密钥库的访问密码
查询证书信息
keytool -list -keystore kaikeba.jks
删除别名
keytool -delete -alias kaikeba -keystore kaikeba.jsk
导出公钥
openssl是⼀个加解密⼯具包,这⾥使⽤openssl来导出公钥信息。
安装 openssl:slproweb.com/products/Wi…
安装资料⽬录下的Win64OpenSSL-1_1_0g.exe
配置openssl的path环境变量,如下图:
cmd进⼊kaikeba.jks⽂件所在⽬录执⾏如下命令(如下命令在windows下执⾏,会把-变成中⽂⽅式,请将它改成英⽂的-):
keytool -list -rfc --keystore kaikeba.jks | openssl x509 -inform pem -pubkey
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFsEiaLvij9C1Mz+oyAm
t47whAaRkRu/8kePM+X8760UGU0RMwGti6Z9y3LQ0RvK6I0brXmbGB/RsN38PVnh
cP8ZfxGUH26kX0RK+tlrxcrG+HkPYOH4XPAL8Q1lu1n9x3tLcIPxq8ZZtuIyKYEm
oLKyMsvTviG5flTpDprT25unWgE4md1kthRWXOnfWHATVY7Y/r4obiOL1mS5bEa/
iNKotQNnvIAKtjBM4RlIDWMa6dmz+lHtLtqDD2LF1qwoiSIHI75LQZ/CNYaHCfZS
xtOydpNKq8eb1/PGiLNolD4La2zf0/1dlcr5mkesV570NxRmU1tFm8Zd3MZlZmyv
9QIDAQAB
-----END PUBLIC KEY-----
将上边的公钥拷⻉到⽂本public.key⽂件中,放到资源服务器中。
JWT测试
pom.xml
引⼊oauth2依赖构件
<!--oauth2-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
kaikeba.jks
测试需要公钥和私钥,准备好
测试代码
public class JwtTest {
//⽣成⼀个jwt令牌
@Test
public void testCreateJwt() throws Exception {
//证书⽂件
String key_location = "kaikeba.jks";
//密钥库密码
String keystore_password = "kaikeba";
//访问证书路径
ClassPathResource resource = new ClassPathResource(key_location);
//密钥⼯⼚
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(resource, keystore_password.toCharArray());
//密钥的密码,此密码和别名要匹配
String keypassword = "kaikeba";
//密钥别名
String alias = "kaikeba";
//密钥对(密钥和公钥)
KeyPair keyPair = keyStoreKeyFactory.getKeyPair(alias, keypassword.toCharArray());
//私钥
RSAPrivateKey aPrivate = (RSAPrivateKey) keyPair.getPrivate();
//定义payload信息
Map<String, Object> tokenMap = new HashMap<String, Object>();
tokenMap.put("id", "123");
tokenMap.put("name", "malong");
tokenMap.put("roles", "r01,r02");
tokenMap.put("ext", "1");
//⽣成jwt令牌
Jwt jwt = JwtHelper.encode(new ObjectMapper().writeValueAsString(tokenMap), new RsaSigner(aPrivate));
//取出jwt令牌
String token = jwt.getEncoded();
System.out.println(token);
}
//资源服务使⽤公钥验证jwt的合法性,并对jwt解码
@Test
public void testVerify() {
//jwt令牌
String token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHQiOiIxIiwicm9sZXMiOiJyMDEscjAyIiwibmFtZSI6Im1hbG9uZyIsImlkIjoiMTIzIn0.B5H3JBVEl1Ntw_5mMqXGCDqDZn05IYYv8i Lex3xMpP6K7TlQ07W4zibgDSo5GwQbMblNL1hbS3vhbJRNg9XVuHYD - 6 VsmDO - muopPLZ70wS191jZg_LEKIV81GCcGfKsKYOqJ_B8tR7as7N4AFJnxYhFuppBK0TOnWqgIDH9s - Qa5y_h9fQHnB7qaKV3WJ7ks-- SkJUor5tzJTmmp74tFb - tAQE5lkq1oR068fNfTk8yL_6SaPqtFZIntCcZCQzXZCRzT6YaDOGXI9GciEjr6A5fg8V4Nk4xE 8 M1VE - 7 APDaYRU5HAB2XI5sb0bODsCJs6f2K1Q1N13Ff071vcZlzQ ";
//公钥
String publickey = "-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtYpjt7NtpS1B51x6PUK7ryvKySK4V Qi7KUCGBm6kisErNM + FwdgKMbpQxTtWoYyXfQsWwuhBW45 + uF + Z5DUDaLtHlMV55eA5fkGLFZ1 F9ppZC + 2E tsy1CyPqA0Mx8R0 / HbMB1no4KTlQpqST7JjCdtwLWqUd68zDlfToIsWB1fHuYHbH / DCGUBmZb + 16805 / SjWkYvj3B6F + WJ8Gm47 / OJBH + wo7k4GWZ7OXdMcNnYWMyBfa4abjo7cxjoH L2fDanS6And4Sh3cZEJde4WgXsEktvR / EaZR7CeQzwzOg47 + 5 cCcFSYgmVfpDyLsBnFkG3WFs / qZ3yPzy + DQKLIF2wIDAQAB---- - END PUBLIC KEY -----";
//校验jwt
Jwt jwt = JwtHelper.decodeAndVerify(token, new RsaVerifier(publickey));
//获取jwt原始内容
String claims = jwt.getClaims();
System.out.println(claims);
try {
Map<String, String> map = new ObjectMapper().readValue(claims, Map.class);
System.out.println(map.get("user_name"));
} catch (IOException e) {
e.printStackTrace();
}
}
}
