nimbus-jose-jwt库简单使用
maven坐标
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>9.37.3</version>
</dependency>
对称密钥签名
密钥长度有限制。需大于等于 对应算法所需的密钥长度。
256 / 8
354 / 8
512 / 8
String macKey = "d^d&4mpSz^Pd@JyKYQR=AZhm7PQzQKgsSY*";
JWSSigner signer = new MACSigner(macKey);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("zs")
.claim("role", "admin")
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
signedJWT.sign(signer);
String jwtString = signedJWT.serialize();
System.out.println("Generated JWT: " + jwtString);
JWSVerifier verifier = new MACVerifier(macKey);
SignedJWT parsedJWT = SignedJWT.parse(jwtString);
if (parsedJWT.verify(verifier)) {
System.out.println("JWT verification successful.");
System.out.println("Subject: " + parsedJWT.getJWTClaimsSet().getSubject());
System.out.println("Role: " + parsedJWT.getJWTClaimsSet().getClaim("role"));
} else {
System.out.println("JWT verification failed.");
}
非对称密钥对
包括生成RSA密钥对
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
JWSSigner signer = new RSASSASigner(privateKey);
JWSVerifier verifier = new RSASSAVerifier(publicKey);
// 测试生效时间,到了哪个时刻才能使用
Date date = Date.from(LocalDateTime.now().plusYears(1).atZone(ZoneId.of("Asia/Shanghai"))
.toInstant());
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("zs")
.claim("role", "admin")
.notBeforeTime(date)
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("kid").build(), claimsSet);
signedJWT.sign(signer);
String jwtString = signedJWT.serialize();
System.out.println("Generated JWT: " + jwtString);
// Verify the JWT token
SignedJWT parsedJWT = SignedJWT.parse(jwtString);
if (parsedJWT.verify(verifier)) {
// 校验通过后,可以取出生效时间与当前时刻比较,判断是否可以使用
Date notBeforeTime = parsedJWT.getJWTClaimsSet().getNotBeforeTime();
System.out.println("JWT verification successful.");
System.out.println("Subject: " + parsedJWT.getJWTClaimsSet().getSubject());
System.out.println("Role: " + parsedJWT.getJWTClaimsSet().getClaim("role"));
} else {
System.out.println("JWT verification failed.");
}
公私钥与字符串互相转换
生成密钥对
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
公私钥转字符串
Base64.getEncoder().encodeToString(key.getEncoded());
字符串转公私钥
公钥字符串转公钥对象
byte[] keyBytes = Base64.getDecoder().decode(keyString);
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(spec);
私钥字符串转私钥对象
byte[] keyBytes = Base64.getDecoder().decode(keyString);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(spec);