如何使用提供的 .cer 文件解码 JWT RS256 令牌?
How to Decode JWT RS256 token using .cer file Provided?
我使用以下代码将证书转换为公钥并传递给 JwtConsumer:
jwt = "eU13VUDPQsLv2fvbCPEyeuQubditVOguIa2UWvaMhx2ES7cMlTL8F6IgplgpG_H7bXpduPnFUncn7zUYRXmvw_Bts8EfqICeGa5db6RGmofeA01OqowgCfxhWLwmU786riJIT0twMFe...............................BzR7DOvqsahbsx93yKqB_5Q";
// read public key from a file or config or something
String publicKeyPEM =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFuDCCBKCgAwIBAgIQXQ/D2sE/XdZYvdViF83mMzANBgkqhkiG9w0BAQsFADB+\n" +
......................................................................................................... "saQRa7TBj6gAdlYwJVR+4hpLngANpwAG+bXHuEs+Ns/dE/s+b7aUb8/IJTWNtaaQ\n" +
"lMvr/4xtT6ZNCiaIM3uvIvzHqPxCn3sWa94FP9FIg3mbIia1ZbUx8NyMpETOjxaO\n" +
"X242VTjKf7mLCqibyn3kj93zZjgNa0AlbF/QdE9z4tQ58BwoDVlNK4mGv7Uq2nca\n" +
"2qTrgWcVVKyhKMnytiQ4LTs5O45R/YNbnEH7CA==\n" +
"-----END CERTIFICATE-----";
RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
PublicKey publicKey = rsaKeyUtil.fromPemEncoded(publicKeyPEM);
// create a JWT consumer
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setRequireExpirationTime()
.setVerificationKey(publicKey)
.build();
// validate and decode the jwt
JwtClaims jwtDecoded = jwtConsumer.processToClaims(jwt);
但是我在创建 PublicKey 实例时遇到以下错误。
Starting Applicationjava.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)
这可能是什么原因? JWT.IO 显示签名有效。
收到的证书是.cer格式。
如果我没记错的话你必须:
- 删除
-----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE-----
- 删除所有
\n 次出现
这是我使用 JCE 读取证书所必须做的 API。
-----BEGIN CERTIFICATE----- 表示您有证书,而不是 public 密钥。证书包含 public 密钥
InputStream is = new ByteArrayInputStream(pemString.getBytes("UTF-8));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(is);
PublicKey publicKey= cert.getPublicKey();
我使用以下代码将证书转换为公钥并传递给 JwtConsumer:
jwt = "eU13VUDPQsLv2fvbCPEyeuQubditVOguIa2UWvaMhx2ES7cMlTL8F6IgplgpG_H7bXpduPnFUncn7zUYRXmvw_Bts8EfqICeGa5db6RGmofeA01OqowgCfxhWLwmU786riJIT0twMFe...............................BzR7DOvqsahbsx93yKqB_5Q";
// read public key from a file or config or something
String publicKeyPEM =
"-----BEGIN CERTIFICATE-----\n" +
"MIIFuDCCBKCgAwIBAgIQXQ/D2sE/XdZYvdViF83mMzANBgkqhkiG9w0BAQsFADB+\n" +
......................................................................................................... "saQRa7TBj6gAdlYwJVR+4hpLngANpwAG+bXHuEs+Ns/dE/s+b7aUb8/IJTWNtaaQ\n" +
"lMvr/4xtT6ZNCiaIM3uvIvzHqPxCn3sWa94FP9FIg3mbIia1ZbUx8NyMpETOjxaO\n" +
"X242VTjKf7mLCqibyn3kj93zZjgNa0AlbF/QdE9z4tQ58BwoDVlNK4mGv7Uq2nca\n" +
"2qTrgWcVVKyhKMnytiQ4LTs5O45R/YNbnEH7CA==\n" +
"-----END CERTIFICATE-----";
RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
PublicKey publicKey = rsaKeyUtil.fromPemEncoded(publicKeyPEM);
// create a JWT consumer
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setRequireExpirationTime()
.setVerificationKey(publicKey)
.build();
// validate and decode the jwt
JwtClaims jwtDecoded = jwtConsumer.processToClaims(jwt);
但是我在创建 PublicKey 实例时遇到以下错误。
Starting Applicationjava.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)
这可能是什么原因?
收到的证书是.cer格式。
如果我没记错的话你必须:
- 删除
-----BEGIN CERTIFICATE-----和-----END CERTIFICATE----- - 删除所有
\n次出现
这是我使用 JCE 读取证书所必须做的 API。
-----BEGIN CERTIFICATE----- 表示您有证书,而不是 public 密钥。证书包含 public 密钥
InputStream is = new ByteArrayInputStream(pemString.getBytes("UTF-8));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(is);
PublicKey publicKey= cert.getPublicKey();