下面列出了io.jsonwebtoken.security.Keys#keyPairFor ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static String getJwt(String issuer, String nonce, Date expiredDate, Date issuedAt,
String... audience) {
JwtBuilder builder = Jwts.builder();
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
Map<String, Object> map = new HashMap<>();
map.put(Claims.AUDIENCE, Arrays.asList(audience));
return builder
.addClaims(map)
.claim("nonce", nonce)
.setIssuer(issuer)
.setSubject("sub")
.setExpiration(expiredDate)
.setIssuedAt(issuedAt)
.signWith(keyPair.getPrivate(), SignatureAlgorithm.RS256)
.compact();
}
public static String getValidTokenResponse(String baseUrl, String nonce) {
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
Map<String,Object> additionalParameters = new HashMap<>();
additionalParameters.put("nonce", nonce);
String jws = Jwts.builder()
.setSubject(TEST_CLIENT_ID)
.setAudience(TEST_CLIENT_ID)
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + 24*60*60*1000))
.setIssuer(baseUrl+"/")
.addClaims(additionalParameters)
.signWith(keyPair.getPrivate()).compact();
return "{" +
"\"access_token\":\"eyJraWQiOiJHYjl2VDBSS0xPWjYyYmN6WVFJckJtY0FBYkVUcDJaVTdudWVCVFlsUkdVIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULlY4UmdqQUhabWFXUzkxZEFORHpJNmFFdVVFeDNHYUpXTVdzXzExMlRPRjAiLCJpc3MiOiJodHRwczovL2xvaGlrYS11bS5va3RhcHJldmlldy5jb20vb2F1dGgyL2RlZmF1bHQiLCJhdWQiOiJhcGk6Ly9kZWZhdWx0IiwiaWF0IjoxNTQ1NDAwMDIxLCJleHAiOjE1NDU0ODY0MjEsImNpZCI6IjBvYWhuemhzZWd6WWpxRVRjMGg3IiwidWlkIjoiMDB1aHR3c3JyaUFDNXVpNDcwaDciLCJzY3AiOlsib3BlbmlkIiwicHJvZmlsZSJdLCJzdWIiOiJpbWFydHNla2hhQGxvaGlrYS5jb20ifQ.Bp-r0st5yyMFLKqoheh3mUTH_JhqubfBWXABWwApBoB_QqMB05EDskIBAhKfyc3KGMynoBK7fftP1KwNBhznYBQWUeueyXb5oHhKkPDYj8ds5Leu4758gLIDW2Ybj_eWspCR6aC1-eGWQZ-IbMz_rEpElmYC9TTXRPFngderPvqNW3dFU7VNJN-NFI18qEMRNf8-bIS8Qp9M1cU0WGKGi1wFDdgPM3761_R8beGMlWvulyA9B6mxZUs7M-ZxivJIdFbCKoFvxBo54ZBWXeMe-moEJA_tzXEuZf-Rq0mETwma-zBDCUWN3unZ51KRqEAtnZzGKDnt58on-olztbj1eA\"," +
"\"token_type\":\"Bearer\"," +
"\"expires_in\":86400," +
"\"scope\":\"openid profile\"," +
"\"id_token\":\""+jws+"\"" +
"}";
}
@Test
public void testSerializeKeyPair() throws Exception {
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
String privateKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
String publicKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());
String token = AuthTokenUtils.createToken(AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKey), SignatureAlgorithm.RS256),
SUBJECT,
Optional.empty());
@SuppressWarnings("unchecked")
Jwt<?, Claims> jwt = Jwts.parser()
.setSigningKey(AuthTokenUtils.decodePublicKey(Decoders.BASE64.decode(publicKey), SignatureAlgorithm.RS256))
.parse(token);
assertNotNull(jwt);
assertNotNull(jwt.getBody());
assertEquals(jwt.getBody().getSubject(), SUBJECT);
}
@Test
public void testAuthSecretKeyPair() throws Exception {
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
String privateKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
String publicKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());
AuthenticationProviderToken provider = new AuthenticationProviderToken();
Properties properties = new Properties();
// Use public key for validation
properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_KEY, publicKeyStr);
ServiceConfiguration conf = new ServiceConfiguration();
conf.setProperties(properties);
provider.initialize(conf);
// Use private key to generate token
PrivateKey privateKey = AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKeyStr), SignatureAlgorithm.RS256);
String token = AuthTokenUtils.createToken(privateKey, SUBJECT, Optional.empty());
// Pulsar protocol auth
String subject = provider.authenticate(new AuthenticationDataSource() {
@Override
public boolean hasDataFromCommand() {
return true;
}
@Override
public String getCommandData() {
return token;
}
});
assertEquals(subject, SUBJECT);
provider.close();
}
@Test
public void testAuthSecretKeyPairWithECDSA() throws Exception {
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.ES256);
String privateKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
String publicKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());
AuthenticationProviderToken provider = new AuthenticationProviderToken();
Properties properties = new Properties();
// Use public key for validation
properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_KEY, publicKeyStr);
// Set that we are using EC keys
properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_ALG, SignatureAlgorithm.ES256.getValue());
ServiceConfiguration conf = new ServiceConfiguration();
conf.setProperties(properties);
provider.initialize(conf);
// Use private key to generate token
PrivateKey privateKey = AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKeyStr), SignatureAlgorithm.ES256);
String token = AuthTokenUtils.createToken(privateKey, SUBJECT, Optional.empty());
// Pulsar protocol auth
String subject = provider.authenticate(new AuthenticationDataSource() {
@Override
public boolean hasDataFromCommand() {
return true;
}
@Override
public String getCommandData() {
return token;
}
});
assertEquals(subject, SUBJECT);
provider.close();
}
@Test
public void testAuthSecretKeyPairWithCustomClaim() throws Exception {
String authRoleClaim = "customClaim";
String authRole = "my-test-role";
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
String privateKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
String publicKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());
AuthenticationProviderToken provider = new AuthenticationProviderToken();
Properties properties = new Properties();
// Use public key for validation
properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_KEY, publicKeyStr);
// Set custom claim field
properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_AUTH_CLAIM, authRoleClaim);
ServiceConfiguration conf = new ServiceConfiguration();
conf.setProperties(properties);
provider.initialize(conf);
// Use private key to generate token
PrivateKey privateKey = AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKeyStr), SignatureAlgorithm.RS256);
String token = Jwts.builder()
.setClaims(new HashMap<String, Object>() {{
put(authRoleClaim, authRole);
}})
.signWith(privateKey)
.compact();
// Pulsar protocol auth
String role = provider.authenticate(new AuthenticationDataSource() {
@Override
public boolean hasDataFromCommand() {
return true;
}
@Override
public String getCommandData() {
return token;
}
});
assertEquals(role, authRole);
provider.close();
}
public void run() throws IOException {
KeyPair pair = Keys.keyPairFor(algorithm);
Files.write(Paths.get(publicKeyFile), pair.getPublic().getEncoded());
Files.write(Paths.get(privateKeyFile), pair.getPrivate().getEncoded());
}