Question

我需要生成一个公钥来验证来自Cognito的JWT令牌。这是按键：

{
  keys: [
    {
      alg: "RS256",
      e: "AQAB",
      kid: "7sbG73+G/8A+wPT4Vaf/+ttnBHuLZcjEmfiBXl3E8Fk=",
      kty: "RSA",
      n: "blablablablabla",
      use: "sig"
    },
    {
      alg: "RS256",
      e: "AQAB",
      kid: "Zbf1euSHNj4lXgXHIQwYZfERTdm1Rkeqrm1ppnpClRR=",
      kty: "RSA",
      n: "blablablablabla",
      use: "sig"
    }
  ]
}

我可以使用Azure的x5c密钥轻松创建它，但是我不能使用Cognito做到这一点。我应该使用哪个密钥来创建RSAPublicKey？

 CertificateFactory factory = CertificateFactory.getInstance("X.509");

//Creating a cert from x5c key   
X509Certificate cert = (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(x5c)));

RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey();
RSAPrivateKey privateKey = null;

Answer 1

我在auth0库中找到了解决方案。

 String keyUrl = "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxx/.well-known/jwks.json";
 JwkProvider provider = new UrlJwkProvider(new URL(keyUrl));
 Jwk jwk = provider.get(kid);
 RSAPublicKey publicKey = (RSAPublicKey) jwk.getPublicKey();

如何使用Cognito密钥生成RSAPublicKey

1 个答案: