如何从 .key 文件加载私钥

how to load Private Key from .key file

我想从 .key 文件加载 PrivateKey 并用它来生成 jwt 令牌。 我有以下方法来生成令牌

    public String gen(String privateFile, String crtFile) {

        long nowMillis = System.currentTimeMillis();
        Date now = new Date(nowMillis);
        long expMillis = nowMillis + 50000;
        Date exp = new Date(expMillis);

        // load private key
        PrivateKey privKey= loadPrivateKey(privateFile);
        // load public key
        PublicKey pubKey= loadPublicKey(crtFile);

        String jws = Jwts.builder()
                .setSubject(jwtSubject)
                .setAudience(jwtAudience)
                .setExpiration(exp)
                .setIssuedAt(now)
                .setIssuer(jwtIssuer)
                .setNotBefore(now)
                .signWith(privKey, SignatureAlgorithm.RS512)
                .compact();

        return jws;

}

loadPrivateKey 方法如下所示:

    public static PrivateKey loadPrivateKey(String filename)
        throws Exception {

    String privateKeyContent = new String(Files.readAllBytes(Paths.get(ClassLoader.getSystemResource(filename).toURI())));
    privateKeyContent = privateKeyContent.replaceAll("\n", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");

    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));

    PrivateKey privKey = kf.generatePrivate(keySpecPKCS8);
    return privKey;

}

编译我得到java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:663) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)

我不明白,因为我正在打开 PKCS8 私钥。有人知道如何解决这个问题吗?

希望这对您生成令牌有所帮助。 将 .key.der 文件保存到 class 路径 src/main/resources 中。

public class JWTClientService {

    public String generateJWTToken(ProjectConfig jwtConfig) {
        return Jwts.builder()
                .setSubject(jwtConfig.getSubject())
                .setIssuer(jwtConfig.getIssuer())
                .setExpiration(getExpiryDate(jwtConfig.getTokenExpiryUnit(), jwtConfig.getTokenExpiryFrequency()))
                .setAudience(jwtConfig.getAudience())
                .claim(jwtConfig.getClaimKey(), Boolean.valueOf(jwtConfig.getClaimValue()))
                .signWith(SignatureAlgorithm.RS512, privateKey(jwtConfig))
                .compact();
    }

    private Date getExpiryDate(String tokenExp, String tokenExpFreq) {
        Calendar calendar = Calendar.getInstance();
        int expiry = Integer.parseInt(tokenExp);
        switch (tokenExpFreq.toLowerCase()) {

            case "second": {
                calendar.add(Calendar.SECOND, expiry);
                break;
            }
            case "minute": {
                calendar.add(Calendar.MINUTE, expiry);
                break;
            }
            case "hour": {
                calendar.add(Calendar.HOUR, expiry);
                break;
            }
            case "day": {
                calendar.add(Calendar.DATE, expiry);
                break;
            }
            case "month": {
                calendar.add(Calendar.MONTH, expiry);
                break;
            }
            default: {
                calendar.add(Calendar.HOUR, expiry);
                break;
            }
        }
        return calendar.getTime();
    }

    private PrivateKey privateKey(ProjectConfig jwtConfig) {
        PrivateKey privateKey = null;
        try {
            InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream(jwtConfig.getKeyPath());
            ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
            assert inputStream != null;
            IOUtils.copy(inputStream, byteOutputStream);
            byte[] privKeyByteArray = byteOutputStream.toByteArray();
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyByteArray);

            KeyFactory keyFactory = KeyFactory.getInstance(jwtConfig.getKeyAlgorithm());

            privateKey = keyFactory.generatePrivate(keySpec);
        } catch (Exception ex) {
            throw new RuntimeException("Unable to generate private key..." + ex.getMessage());
        }
        return privateKey;
    }

}

找到项目配置 class:

 @JsonInclude(JsonInclude.Include.NON_NULL)
    public class ProjectConfig {
        private String clientId;
        private String clientSecret;
        private String jwtTokenUrl;
        private String keyAlgorithm;
        private String keyPath;
        private String subject;
        private String issuer;
        private String audience;
        private String claimKey;
        private String claimValue;
        private String tokenExpiryFrequency;
        private String tokenExpiryUnit;

        public String getClientId() {
            return clientId;
        }

        public void setClientId(String clientId) {
            this.clientId = clientId;
        }

        public String getClientSecret() {
            return clientSecret;
        }

        public void setClientSecret(String clientSecret) {
            this.clientSecret = clientSecret;
        }

        public String getJwtTokenUrl() {
            return jwtTokenUrl;
        }

        public void setJwtTokenUrl(String jwtTokenUrl) {
            this.jwtTokenUrl = jwtTokenUrl;
        }

        public String getKeyAlgorithm() {
            return keyAlgorithm;
        }

        public void setKeyAlgorithm(String keyAlgorithm) {
            this.keyAlgorithm = keyAlgorithm;
        }

        public String getKeyPath() {
            return keyPath;
        }

        public void setKeyPath(String keyPath) {
            this.keyPath = keyPath;
        }

        public String getSubject() {
            return subject;
        }

        public void setSubject(String subject) {
            this.subject = subject;
        }

        public String getIssuer() {
            return issuer;
        }

        public void setIssuer(String issuer) {
            this.issuer = issuer;
        }

        public String getAudience() {
            return audience;
        }

        public void setAudience(String audience) {
            this.audience = audience;
        }

        public String getClaimKey() {
            return claimKey;
        }

        public void setClaimKey(String claimKey) {
            this.claimKey = claimKey;
        }

        public String getClaimValue() {
            return claimValue;
        }

        public void setClaimValue(String claimValue) {
            this.claimValue = claimValue;
        }

        public String getTokenExpiryFrequency() {
            return tokenExpiryFrequency;
        }

        public void setTokenExpiryFrequency(String tokenExpiryFrequency) {
            this.tokenExpiryFrequency = tokenExpiryFrequency;
        }

        public String getTokenExpiryUnit() {
            return tokenExpiryUnit;
        }

        public void setTokenExpiryUnit(String tokenExpiryUnit) {
            this.tokenExpiryUnit = tokenExpiryUnit;
        }
    }

主要 Class :

public class TokenApplication {
    static ObjectMapper objectMapper = new ObjectMapper()
            .configure(JsonParser.Feature.AUTO_CLOSE_SOURCE, true);

    public static void main(String[] args) {
        ProjectConfig projectConfig = loadConfiguration("application-stg.properties");

        if (args.length > 0 && args[0].equals("PROD")) {
            projectConfig = loadConfiguration("application-prod.properties");
        }
        try {
            JWTTokenService jwtTokenService = new JWTTokenService();
            System.out.println(jwtTokenService.getJwtToken(projectConfig).getAccessToken());
            System.exit(JobStatus.SUCCESS.getCode());
        } catch (Exception ex) {
            System.exit(JobStatus.PROCESS_FAILED.getCode());
        }

    }


    private static ProjectConfig loadConfiguration(String filePath) {
        try (InputStream input = TokenApplication.class.getClassLoader().getResourceAsStream(filePath)) {
            Properties props = new Properties();
            props.load(input);
            return objectMapper.convertValue(new HashMap(props), ProjectConfig.class);
        } catch (Exception ex) {
            throw new RuntimeException("Not able to load configuration" + ex.getMessage());
        }
    }

}

申请-stg.properties

keyAlgorithm=RSA
keyPath=private-stage.der
subject=
issuer=
audience=
claimKey=
claimValue=true
tokenExpiryFrequency=DAY
tokenExpiryUnit=1
clientId=
clientSecret=
jwtTokenUrl=