我正在尝试从ASP.NET Core API调用Apple DeviceCheck API。为此,我需要创建一个JWT。我为此使用Jose和BouncyCastle lib。我尝试了两种不同的密钥创建方法,每次从DeviceCheck开发v1 API返回401(无法验证授权令牌)HTTP状态。
private const string MembershipTeamId = "QWERTYUIOP";
private const string P8KeyId = "QWERTYUIOP";
public static string CreateJwt()
{
var extraHeaders = new Dictionary<string, object>()
{
{ "kid", P8KeyId },
{ "typ", "JWT" }
};
var payload = new Dictionary<string, object>()
{
{ "iss", MembershipTeamId },
{ "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
};
var key = GetCngKey();
return JWT.Encode(payload, key, JwsAlgorithm.ES256, extraHeaders);
}
在2种不同的方法下,我尝试创建CngKey
// using BouncyCastle
private static CngKey GetCngKey()
{
using (var reader = System.IO.File.OpenText(@"C:\pathto\key.p8"))
{
var param = (ECPrivateKeyParameters)new PemReader(reader).ReadObject();
return EccKey.New(
param.Parameters.G.AffineXCoord.GetEncoded(),
param.Parameters.G.AffineYCoord.GetEncoded(),
param.D.ToByteArrayUnsigned());
}
}
// using CngKey
private static CngKey GetCngKey2()
{
var keyBytes = Convert.FromBase64String("inline .p8 content without -----BEGIN/END PRIVATE KEY-----");
return CngKey.Import(keyBytes, CngKeyBlobFormat.Pkcs8PrivateBlob);
}