io.jsonwebtoken.security.SignatureException#io.jsonwebtoken.Jwt源码实例Demo

@Override
protected void validateToken(String token, RSAPublicKey publicKey, String issuer, int expGracePeriodSecs) throws Exception {
    JwtParser parser = Jwts.parser()
        .setSigningKey(publicKey)
        .requireIssuer(issuer)
        ;
    if(expGracePeriodSecs > 0) {
        parser = parser.setAllowedClockSkewSeconds(expGracePeriodSecs);
    }

    Jwt jwt = parser.parse(token);
    String alg = jwt.getHeader().get("alg").toString();
    if(alg == null || !alg.equals(SignatureAlgorithm.RS256.getValue())) {
        throw new SignatureException("Non-RS256 alg: "+alg);
    }
    Jws<Claims> claims = parser.parseClaimsJws(token);
}
 

@Test
public void foo() {
    final Map<String, Object> claims = new HashMap<>();
    claims.put(Claims.ISSUER, KNOWN_ISS);
    claims.put(Claims.SUBJECT, KNOWN_SUB);
    final String compact = Jwts.builder()
            .serializeToJsonWith(JjwtSerializer.getInstance())
            .setClaims(claims)
            .setExpiration(KNOWN_EXP)
            .compact();

    final Jwt jwt = Jwts.parser()
            .deserializeJsonWith(JjwtDeserializer.getInstance())
            .parse(compact);

    final Object jwtBody = jwt.getBody();

    Assertions.assertThat(jwtBody).isInstanceOf(Claims.class);
    Assertions.assertThat(((Claims) jwtBody).get(Claims.ISSUER)).isEqualTo(KNOWN_ISS);
    Assertions.assertThat(((Claims) jwtBody).get(Claims.SUBJECT)).isEqualTo(KNOWN_SUB);
    Assertions.assertThat(((Claims) jwtBody).get(Claims.EXPIRATION)).isEqualTo((int) (KNOWN_EXP.getTime() / 1000L));
}
 

@Test
public void testSerializeSecretKey() {
    SecretKey secretKey = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);

    String token = Jwts.builder()
            .setSubject(SUBJECT)
            .signWith(secretKey)
            .compact();

    @SuppressWarnings("unchecked")
    Jwt<?, Claims> jwt = Jwts.parser()
            .setSigningKey(AuthTokenUtils.decodeSecretKey(secretKey.getEncoded()))
            .parse(token);

    assertNotNull(jwt);
    assertNotNull(jwt.getBody());
    assertEquals(jwt.getBody().getSubject(), SUBJECT);
}
 

@Test
public void testSerializeKeyPair() throws Exception {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);

    String privateKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
    String publicKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());

    String token = AuthTokenUtils.createToken(AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKey), SignatureAlgorithm.RS256),
            SUBJECT,
            Optional.empty());

    @SuppressWarnings("unchecked")
    Jwt<?, Claims> jwt = Jwts.parser()
            .setSigningKey(AuthTokenUtils.decodePublicKey(Decoders.BASE64.decode(publicKey), SignatureAlgorithm.RS256))
            .parse(token);

    assertNotNull(jwt);
    assertNotNull(jwt.getBody());
    assertEquals(jwt.getBody().getSubject(), SUBJECT);
}
 

@Override
public Jwt<Header, String> parsePlaintextJwt(String plaintextJwt) {
    return parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() {
        @Override
        public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {
            return jwt;
        }
    });
}
 

@Override
public Jwt<Header, Claims> parseClaimsJwt(String claimsJwt) {
    try {
        return parse(claimsJwt, new JwtHandlerAdapter<Jwt<Header, Claims>>() {
            @Override
            public Jwt<Header, Claims> onClaimsJwt(Jwt<Header, Claims> jwt) {
                return jwt;
            }
        });
    } catch (IllegalArgumentException iae) {
        throw new UnsupportedJwtException("Signed JWSs are not supported.", iae);
    }
}
 

@SuppressWarnings("unchecked")
private Jwt<?, Claims> authenticateToken(final String token) throws AuthenticationException {
    try {
        Jwt<?, Claims> jwt = Jwts.parser()
                .setSigningKey(validationKey)
                .parse(token);

        if (audienceClaim != null) {
            Object object = jwt.getBody().get(audienceClaim);
            if (object == null) {
                throw new JwtException("Found null Audience in token, for claimed field: " + audienceClaim);
            }

            if (object instanceof List) {
                List<String> audiences = (List<String>) object;
                // audience not contains this broker, throw exception.
                if (!audiences.stream().anyMatch(audienceInToken -> audienceInToken.equals(audience))) {
                    throw new AuthenticationException("Audiences in token: [" + String.join(", ", audiences)
                                                      + "] not contains this broker: " + audience);
                }
            } else if (object instanceof String) {
                if (!object.equals(audience)) {
                    throw new AuthenticationException("Audiences in token: [" + object
                                                      + "] not contains this broker: " + audience);
                }
            } else {
                // should not reach here.
                throw new AuthenticationException("Audiences in token is not in expected format: " + object);
            }
        }

        return jwt;
    } catch (JwtException e) {
        throw new AuthenticationException("Failed to authentication token: " + e.getMessage());
    }
}
 

@Override
public Map<String, Object> onPlaintextJwt(@SuppressWarnings("rawtypes") Jwt<Header, String> jwt) {
    if (config.getRequireSigned()) {
        super.onPlaintextJwt(jwt);
    }
    return Collections.emptyMap();
}
 

@Override
public Jwt<Header, String> parsePlaintextJwt(String plaintextJwt) {
    return parse(plaintextJwt, new JwtHandlerAdapter<Jwt<Header, String>>() {
        @Override
        public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {
            return jwt;
        }
    });
}
 

@Override
public Jwt<Header, Claims> parseClaimsJwt(String claimsJwt) {
    try {
        return parse(claimsJwt, new JwtHandlerAdapter<Jwt<Header, Claims>>() {
            @Override
            public Jwt<Header, Claims> onClaimsJwt(Jwt<Header, Claims> jwt) {
                return jwt;
            }
        });
    } catch (IllegalArgumentException iae) {
        throw new UnsupportedJwtException("Signed JWSs are not supported.", iae);
    }
}
 

private String getPrincipal(Jwt<?, Claims> jwt) {
    return jwt.getBody().get(roleClaim, String.class);
}
 

@Override
public Map<String, Object> onClaimsJwt(@SuppressWarnings("rawtypes") Jwt<Header, Claims> jwt) {
    return config.getRequireSigned() ? super.onClaimsJwt(jwt) : jwt.getBody();
}
 

@Override
public Jwt parse(String jwt) throws ExpiredJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parse(jwt);
}
 

@Override
public Jwt<Header, String> parsePlaintextJwt(String plaintextJwt) throws UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parsePlaintextJwt(plaintextJwt);
}
 

@Override
public Jwt<Header, Claims> parseClaimsJwt(String claimsJwt) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parseClaimsJwt(claimsJwt);
}
 

private void getResponse(Jwt parsed, Promise callback) {
    ObjectMapper mapper = new ObjectMapper();

    Map<String, Object> headersMap = mapper.convertValue(parsed.getHeader(), DefaultClaims.class);
    Map<String, Object> payload = mapper.convertValue(parsed.getBody(), DefaultClaims.class);

    WritableMap response = Arguments.createMap();

    response.putMap("headers", Arguments.makeNativeMap(headersMap));
    response.putMap("payload", Arguments.makeNativeMap(payload));

    callback.resolve(response);
}