如何使用.cer文件解码JWT RS256令牌?

时间:2017-10-31 05:48:12

标签: java ssl-certificate jwt x509certificate jose4j

我将Certificate转换为publickey并使用以下代码传递给JwtConsumer:

  jwt = "eU13VUDPQsLv2fvbCPEyeuQubditVOguIa2UWvaMhx2ES7cMlTL8F6IgplgpG_H7bXpduPnFUncn7zUYRXmvw_Bts8EfqICeGa5db6RGmofeA01OqowgCfxhWLwmU786riJIT0twMFe...............................BzR7DOvqsahbsx93yKqB_5Q";
            // read public key from a file or config or something
            String publicKeyPEM =
                    "-----BEGIN CERTIFICATE-----\n" +
                            "MIIFuDCCBKCgAwIBAgIQXQ/D2sE/XdZYvdViF83mMzANBgkqhkiG9w0BAQsFADB+\n" +
.........................................................................................................                                                      "saQRa7TBj6gAdlYwJVR+4hpLngANpwAG+bXHuEs+Ns/dE/s+b7aUb8/IJTWNtaaQ\n" +
                            "lMvr/4xtT6ZNCiaIM3uvIvzHqPxCn3sWa94FP9FIg3mbIia1ZbUx8NyMpETOjxaO\n" +
                            "X242VTjKf7mLCqibyn3kj93zZjgNa0AlbF/QdE9z4tQ58BwoDVlNK4mGv7Uq2nca\n" +
                            "2qTrgWcVVKyhKMnytiQ4LTs5O45R/YNbnEH7CA==\n" +
                            "-----END CERTIFICATE-----";


            RsaKeyUtil rsaKeyUtil = new RsaKeyUtil();
            PublicKey publicKey = rsaKeyUtil.fromPemEncoded(publicKeyPEM);

            // create a JWT consumer
            JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                    .setRequireExpirationTime()
                    .setVerificationKey(publicKey)
                    .build();

            // validate and decode the jwt
            JwtClaims jwtDecoded = jwtConsumer.processToClaims(jwt);

但是,在创建PublicKey实例时,我收到以下错误。

Starting Applicationjava.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)

这可能是什么原因?enter image description here JWT.IO显示签名有效。

收到的证书是.cer格式。

2 个答案:

答案 0 :(得分:4)

-----BEGIN CERTIFICATE-----表示您拥有证书,而不是公钥。证书包含公钥

InputStream is = new          ByteArrayInputStream(pemString.getBytes("UTF-8));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(is);
PublicKey publicKey= cert.getPublicKey();

答案 1 :(得分:0)

如果我没记错的话,你必须:

  • 删除-----BEGIN CERTIFICATE----------END CERTIFICATE-----
  • 删除所有\n次出现

这是我使用JCE API读取证书所必须做的。

相关问题
最新问题