我正在验证来自Azure的JWT令牌并使用JJWT。我从与我的tid相关的密钥文档中检索模数和指数,这些是字段 n和e分别。验证失败并出现错误:JWT签名与本地计算的签名不匹配。 JWT有效性不能被断言,也不应该被信任。
这是代码。有人看到我犯的错误吗?代码运行正常,直到它抛出签名不匹配错误的验证。
private Claims extractClaimsForRsaSignedJwts(String token, String mod, String exp) {
Claims claims = null;
byte[] modBytes = Base64.decodeBase64(mod.getBytes());
byte[] expBytes = Base64.decodeBase64(exp.getBytes());
BigInteger modulus = new BigInteger(modBytes);
BigInteger exponent = new BigInteger(expBytes);
RSAPublicKeySpec pubKeySpecification = new RSAPublicKeySpec(modulus, exponent);
KeyFactory keyFac = null;
try {
keyFac = KeyFactory.getInstance("RSA");
} catch (NoSuchAlgorithmException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
RSAPublicKey rsaPub = null;
try {
rsaPub = (RSAPublicKey) keyFac.generatePublic(pubKeySpecification);
} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
JwtParser jwtParser = Jwts.parser().setSigningKey(rsaPub);
try {
claims = jwtParser.parseClaimsJws(token).getBody();
} catch (Exception e) {
// JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
System.out.println("The RSA JWT key validation failed: " + e.getMessage());
}
return claims;
}
谢谢!
扬
答案 0 :(得分:0)
我发现了问题!对于正数,BigInteger应该用signum 1构造!现在,代码就像AzureAD JWT签名验证的魅力一样。
BigInteger modulus = new BigInteger(1, modBytes);
BigInteger exponent = new BigInteger(1, expBytes);
这是最终的代码: Screen Shot Of Code With Correction
