JWT'RS256'算法问题

时间:2016-03-30 15:58:17

标签: ios swift jwt

我在这里使用这个库生成JWT令牌是我的代码:

func generateJWT() -> String{
    let claim = JWTClaimsSet()
    claim.issuer = "xxxxxx"
    claim.audience = "https://www.googleapis.com/oauth2/v4/token"
    claim.issuedAt = NSDate()
    claim.expirationDate = NSDate()

    let header = ["alg":"RS256","typ":"JWT"]
    let algorithm = JWTAlgorithmFactory.algorithmByName("RS256")

    let encodeBuilder = JWT.encodeClaimsSet(claim)
    let jwt = encodeBuilder.secret("secret").algorithm(algorithm).headers(header).encode

    return jwt
}

但是我收到了这个错误:

2016-03-30 16:51:23.274 JWTObjc[3217:74974] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[2]'

我做错了什么?

提前感谢

2 个答案:

答案 0 :(得分:1)

HMAC签名签名/验证涉及双方都知道的共享秘密,因此在那里使用.secret(" secret")方法。

RSA是公钥/私钥系统,签名者具有私钥,验证者只有公钥。因此,要创建签名的JWT,您需要使用私钥。这些最常用于PKCS12格式,受密码短语保护。看起来这就是JWTAlgorithmRS256类所期望的,因此API看起来更像.secretData(p12FileData).privateKeyCertificatePassphrase("password")而不是.secret("secret")

要进行验证,您可能需要.secretData(certFileData)(证书将包含公钥)。

答案 1 :(得分:0)

我使用PKCS1和RS256 

 func encryptPayload(payload:[AnyHashable:Any])->String?
{
    var resultStr: String?

    var publicKeyCrypto: JWTCryptoKeyProtocol? = nil
    do {
        publicKeyCrypto = try JWTCryptoKeyPublic(pemEncoded: AppConstant.Scurity.publicKey, parameters: nil)
    }
    catch {
        NSLog("error: \(error)")
    }

    guard let theCrypto = publicKeyCrypto else {
        return nil
    }

    do {

        let privateKeyCrypto = try JWTCryptoKeyPrivate(pemEncoded: AppConstant.Scurity.privateKey, parameters: nil)

        guard let holder = JWTAlgorithmRSFamilyDataHolder().signKey(privateKeyCrypto)?.secretData(AppConstant.Scurity.privateKey.data(using: .utf8))?.algorithmName(JWTAlgorithmNameRS256) else {return nil}

        let headers : [AnyHashable:Any] = ["alg": "RS256","typ": "JWT"]

        guard let encoding = JWTEncodingBuilder.encodePayload(payload).headers(headers)?.addHolder(holder) else {return nil}

        let result = encoding.result

        print(result?.successResult?.encoded ?? "Encoding failed")
        print(result?.errorResult?.error ?? "No encoding error")

        let verifyDataHolder = JWTAlgorithmRSFamilyDataHolder().signKey(theCrypto)?.secretData(AppConstant.Scurity.publicKey.data(using: .utf8)!)?.algorithmName(JWTAlgorithmNameRS256)

        let verifyResult = JWTDecodingBuilder.decodeMessage(result?.successResult?.encoded).addHolder(verifyDataHolder)?.result

        if verifyResult?.successResult != nil, let result = verifyResult?.successResult.encoded {
            print("Verification successful, result: \(result)")
        } else {
            print("Verification error: \(verifyResult!.errorResult.error)")
        }
        resultStr = result?.successResult.encoded
    } catch {
        print(error)
    }
    return resultStr
}
相关问题
最新问题