大家! 我正在尝试使用auth0 ECDSA256算法通过ES256对JWT信息和JWT数据进行签名。
ECPublicKey publicKeyRs = getPublicKey();
ECPrivateKey privateKeyRs = getPrivateKey();
Algorithm algorithmRs = Algorithm.ECDSA256(publicKeyRs, privateKeyRs);
signedToken = JWT.create()
.withExpiresAt(new Date())
.withSubject(jwtData.getSub()).
withAudience(jwtData.getAud()).sign(algorithmRs);
但是当我运行sign函数创建JWT时,我会遇到此错误:
Exception in thread "main" com.auth0.jwt.exceptions.SignatureGenerationException: The Token's Signature couldn't be generated when signing using the Algorithm: SHA256withECDSA
at com.auth0.jwt.algorithms.ECDSAAlgorithm.sign(ECDSAAlgorithm.java:65)
at com.auth0.jwt.JWTCreator.sign(JWTCreator.java:441)
at com.auth0.jwt.JWTCreator.access$100(JWTCreator.java:26)
at com.auth0.jwt.JWTCreator$Builder.sign(JWTCreator.java:419)
它是由于:
Caused by: java.security.SignatureException: Invalid DER signature format.
at com.auth0.jwt.algorithms.ECDSAAlgorithm.DERToJOSE(ECDSAAlgorithm.java:118)
at com.auth0.jwt.algorithms.ECDSAAlgorithm.sign(ECDSAAlgorithm.java:63)
... 6 more
请帮助您解决这些错误,并告诉我我哪里出问题了吗?
答案 0 :(得分:0)
下面是一个简单的示例,说明如何使用ES256获得签名的JWT令牌以及如何进行验证:
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.KeyPair;
import java.time.LocalDate;
public class Jwt {
public static void main(String[] args) {
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.ES256);
//generate signed JWT token
String signedToken = Jwts.builder()
.setExpiration(java.sql.Date.valueOf(LocalDate.now().plusWeeks(2)))
.setSubject("your subject")
.setAudience("your audience")
.signWith(keyPair.getPrivate())
.compact();
//verify signed JWT token (no exceptions means check is OK)
Jws<Claims> claimsJws = Jwts.parser()
.setSigningKey(keyPair.getPublic())
.parseClaimsJws(signedToken);
}
}