io.jsonwebtoken.security.Keys#keyPairFor ( )源码实例Demo

public static String getJwt(String issuer, String nonce, Date expiredDate, Date issuedAt,
                            String... audience) {
    JwtBuilder builder = Jwts.builder();
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
    Map<String, Object> map = new HashMap<>();
    map.put(Claims.AUDIENCE, Arrays.asList(audience));

    return builder
            .addClaims(map)
            .claim("nonce", nonce)
            .setIssuer(issuer)
            .setSubject("sub")
            .setExpiration(expiredDate)
            .setIssuedAt(issuedAt)
            .signWith(keyPair.getPrivate(), SignatureAlgorithm.RS256)
            .compact();
}
 

public static String getValidTokenResponse(String baseUrl, String nonce) {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);

    Map<String,Object> additionalParameters = new HashMap<>();
    additionalParameters.put("nonce", nonce);
    String jws = Jwts.builder()
            .setSubject(TEST_CLIENT_ID)
            .setAudience(TEST_CLIENT_ID)
            .setIssuedAt(new Date())
            .setExpiration(new Date(System.currentTimeMillis() + 24*60*60*1000))
            .setIssuer(baseUrl+"/")
            .addClaims(additionalParameters)
            .signWith(keyPair.getPrivate()).compact();



    return "{" +
            "\"access_token\":\"eyJraWQiOiJHYjl2VDBSS0xPWjYyYmN6WVFJckJtY0FBYkVUcDJaVTdudWVCVFlsUkdVIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULlY4UmdqQUhabWFXUzkxZEFORHpJNmFFdVVFeDNHYUpXTVdzXzExMlRPRjAiLCJpc3MiOiJodHRwczovL2xvaGlrYS11bS5va3RhcHJldmlldy5jb20vb2F1dGgyL2RlZmF1bHQiLCJhdWQiOiJhcGk6Ly9kZWZhdWx0IiwiaWF0IjoxNTQ1NDAwMDIxLCJleHAiOjE1NDU0ODY0MjEsImNpZCI6IjBvYWhuemhzZWd6WWpxRVRjMGg3IiwidWlkIjoiMDB1aHR3c3JyaUFDNXVpNDcwaDciLCJzY3AiOlsib3BlbmlkIiwicHJvZmlsZSJdLCJzdWIiOiJpbWFydHNla2hhQGxvaGlrYS5jb20ifQ.Bp-r0st5yyMFLKqoheh3mUTH_JhqubfBWXABWwApBoB_QqMB05EDskIBAhKfyc3KGMynoBK7fftP1KwNBhznYBQWUeueyXb5oHhKkPDYj8ds5Leu4758gLIDW2Ybj_eWspCR6aC1-eGWQZ-IbMz_rEpElmYC9TTXRPFngderPvqNW3dFU7VNJN-NFI18qEMRNf8-bIS8Qp9M1cU0WGKGi1wFDdgPM3761_R8beGMlWvulyA9B6mxZUs7M-ZxivJIdFbCKoFvxBo54ZBWXeMe-moEJA_tzXEuZf-Rq0mETwma-zBDCUWN3unZ51KRqEAtnZzGKDnt58on-olztbj1eA\"," +
            "\"token_type\":\"Bearer\"," +
            "\"expires_in\":86400," +
            "\"scope\":\"openid profile\"," +
            "\"id_token\":\""+jws+"\"" +
            "}";
}
 

@Test
public void testSerializeKeyPair() throws Exception {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);

    String privateKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
    String publicKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());

    String token = AuthTokenUtils.createToken(AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKey), SignatureAlgorithm.RS256),
            SUBJECT,
            Optional.empty());

    @SuppressWarnings("unchecked")
    Jwt<?, Claims> jwt = Jwts.parser()
            .setSigningKey(AuthTokenUtils.decodePublicKey(Decoders.BASE64.decode(publicKey), SignatureAlgorithm.RS256))
            .parse(token);

    assertNotNull(jwt);
    assertNotNull(jwt.getBody());
    assertEquals(jwt.getBody().getSubject(), SUBJECT);
}
 

@Test
public void testAuthSecretKeyPair() throws Exception {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);

    String privateKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
    String publicKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());

    AuthenticationProviderToken provider = new AuthenticationProviderToken();

    Properties properties = new Properties();
    // Use public key for validation
    properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_KEY, publicKeyStr);

    ServiceConfiguration conf = new ServiceConfiguration();
    conf.setProperties(properties);
    provider.initialize(conf);

    // Use private key to generate token
    PrivateKey privateKey = AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKeyStr), SignatureAlgorithm.RS256);
    String token = AuthTokenUtils.createToken(privateKey, SUBJECT, Optional.empty());

    // Pulsar protocol auth
    String subject = provider.authenticate(new AuthenticationDataSource() {
        @Override
        public boolean hasDataFromCommand() {
            return true;
        }

        @Override
        public String getCommandData() {
            return token;
        }
    });
    assertEquals(subject, SUBJECT);

    provider.close();
}
 

@Test
public void testAuthSecretKeyPairWithECDSA() throws Exception {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.ES256);

    String privateKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
    String publicKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());

    AuthenticationProviderToken provider = new AuthenticationProviderToken();

    Properties properties = new Properties();
    // Use public key for validation
    properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_KEY, publicKeyStr);
    // Set that we are using EC keys
    properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_ALG, SignatureAlgorithm.ES256.getValue());

    ServiceConfiguration conf = new ServiceConfiguration();
    conf.setProperties(properties);
    provider.initialize(conf);

    // Use private key to generate token
    PrivateKey privateKey = AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKeyStr), SignatureAlgorithm.ES256);
    String token = AuthTokenUtils.createToken(privateKey, SUBJECT, Optional.empty());

    // Pulsar protocol auth
    String subject = provider.authenticate(new AuthenticationDataSource() {
        @Override
        public boolean hasDataFromCommand() {
            return true;
        }

        @Override
        public String getCommandData() {
            return token;
        }
    });
    assertEquals(subject, SUBJECT);

    provider.close();
}
 

@Test
public void testAuthSecretKeyPairWithCustomClaim() throws Exception {
    String authRoleClaim = "customClaim";
    String authRole = "my-test-role";

    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);

    String privateKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
    String publicKeyStr = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());

    AuthenticationProviderToken provider = new AuthenticationProviderToken();

    Properties properties = new Properties();
    // Use public key for validation
    properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_PUBLIC_KEY, publicKeyStr);
    // Set custom claim field
    properties.setProperty(AuthenticationProviderToken.CONF_TOKEN_AUTH_CLAIM, authRoleClaim);

    ServiceConfiguration conf = new ServiceConfiguration();
    conf.setProperties(properties);
    provider.initialize(conf);


    // Use private key to generate token
    PrivateKey privateKey = AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKeyStr), SignatureAlgorithm.RS256);
    String token = Jwts.builder()
            .setClaims(new HashMap<String, Object>() {{
                put(authRoleClaim, authRole);
            }})
            .signWith(privateKey)
            .compact();


    // Pulsar protocol auth
    String role = provider.authenticate(new AuthenticationDataSource() {
        @Override
        public boolean hasDataFromCommand() {
            return true;
        }

        @Override
        public String getCommandData() {
            return token;
        }
    });
    assertEquals(role, authRole);

    provider.close();
}
 

public void run() throws IOException {
    KeyPair pair = Keys.keyPairFor(algorithm);

    Files.write(Paths.get(publicKeyFile), pair.getPublic().getEncoded());
    Files.write(Paths.get(privateKeyFile), pair.getPrivate().getEncoded());
}