Shi Shi
Beginner
Asked At:
1712487686000
In:
Java
jwt in java
em chào mọi người, mọi người cho e hỏi e dùng thuật ES256 để gen token <p>
nhưng khi có token để verify ví dụ như này
</p>
<p>
public key : <div class="markdown-block position-relative overflow-auto source-">
<pre>
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE02Ar8685UapqDlOT8TneixaeR2Uu0tRu0R8WTG5ATA7j3Nk9x6poNYiH/Ez6jhwQg/ocioHsjzOOStUeSN8aIg== </pre>
</div>và token :
</p>
<div class="markdown-block position-relative overflow-auto source-">
<pre>
eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJ0ZXN0LW5vYyIsImF1dGgiOiJCSV9FWFBPUlQiLCJlbWFpbCI6ImFiYy5jb20udm4iLCJmdWxsX25hbWUiOiJCVSBOT0MiLCJST0xFX0pXVCI6IkJJX0VYUE9SVCIsIk1OVl9KV1QiOiJ0ZXN0LW5vY19ub2MiLCJleHAiOjk5OTk5OTk5OTk5OTk5fQ.xdtY5Rbay7I5733gBOzSoPFrADCwqE7PhuNGd0zdkyB81wbGunFny2CjagQfgVr_kg0RviUmusjGmjiVk3zB_Q
</pre>
</div><p>
thì khi verify tại sao e thêm 1 ký tự bất kỳ vào cuối token nó vẫn verify thành công ạ, nhưng thêm đến ký tự thứ 2 vào cuối hoặc chỉ thêm ký tự . vào cuối thì verify thất bại, nếu theo nguyên tắc e làm sai khác token đi so với bán đầu nó phải verify thất bại luôn chứ ạ, mong mọi người giải đáp giúp e, e cảm ơn.
</p>
<div class="markdown-block position-relative overflow-auto">
<pre>
<span class="pl-k">public</span> <span class="pl-k">class</span> GenToken {
<span class="pl-k">public</span> <span class="pl-k">static</span> <span class="pl-k">void</span> main(String[] args) <span class="pl-k">throws</span> Exception {
KeyPair keyPair = generateECKeyPair();
String publicKeyBase64 = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());
String privateKeyBase64 = Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded());
String jwtToken = createJwtToken(publicKeyBase64, privateKeyBase64);
}
<span class="pl-k">private</span> <span class="pl-k">static</span> KeyPair generateECKeyPair() <span class="pl-k">throws</span> NoSuchAlgorithmException, InvalidAlgorithmParameterException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(<span class="pl-s">"EC"</span>);
ECGenParameterSpec ecGenParameterSpec = <span class="pl-k">new</span> ECGenParameterSpec(<span class="pl-s">"secp256r1"</span>);
keyPairGenerator.initialize(ecGenParameterSpec);
<span class="pl-k">return</span> keyPairGenerator.generateKeyPair();
}
<span class="pl-k">private</span> <span class="pl-k">static</span> String createJwtToken(String publicKeyBase64, String privateKeyBase64) {
Date expirationDate = <span class="pl-k">new</span> Date(99999999999999999L);
<span class="pl-k">return</span> Jwts.builder()
.setSubject(<span class="pl-s">"test-noc"</span>)
.claim(<span class="pl-s">"auth"</span>, <span class="pl-s">"EXPORT"</span>)
.claim(<span class="pl-s">"email"</span>, <span class="pl-s">"abc.com.vn"</span>)
.claim(<span class="pl-s">"full_name"</span>, <span class="pl-s">"BU"</span>)
.claim(<span class="pl-s">"ROLE_JWT"</span>, <span class="pl-s">"EXPORT"</span>)
.claim(<span class="pl-s">"MNV_JWT"</span>, <span class="pl-s">"test-manv"</span>)
.setExpiration(expirationDate)
.signWith(
SignatureAlgorithm.ES256,
getPrivateKey(privateKeyBase64)
)
.compact();
}
<span class="pl-k">private</span> <span class="pl-k">static</span> PrivateKey getPrivateKey(String privateKeyBase64) {
<span class="pl-k">try</span> {
byte[] keyBytes = Base64.getDecoder().decode(privateKeyBase64);
KeyFactory keyFactory = KeyFactory.getInstance(<span class="pl-s">"EC"</span>);
<span class="pl-k">return</span> keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
} <span class="pl-k">catch</span> (Exception e) {
<span class="pl-k">throw</span> <span class="pl-k">new</span> RuntimeException("Error loading <span class="pl-k">private</span> key", e);
}
}
</pre>
</div><p>
còn đây là class verify token của e
</p>
<div class="markdown-block position-relative overflow-auto">
<pre>
<span class="pl-k">public</span> <span class="pl-k">class</span> JwtProcess {
SignatureAlgorithm algorithm;
<span class="pl-k">private</span> PublicKey getPublicKey(String publicKeyBase64) <span class="pl-k">throws</span> Exception {
algorithm = SignatureAlgorithm.ES256;
byte[] decoded = Base64.getDecoder().decode(publicKeyBase64);
X509EncodedKeySpec spec = <span class="pl-k">new</span> X509EncodedKeySpec(decoded);
KeyFactory kf = KeyFactory.getInstance(algorithm.isRsa() ? <span class="pl-s">"RSA"</span> : <span class="pl-s">"EC"</span>);
<span class="pl-k">return</span> kf.generatePublic(spec);
}
<span class="pl-k">public</span> <span class="pl-k">boolean</span> verifyToken(String token, String publicKeyBase64) {
<span class="pl-k">try</span> {
PublicKey publicKey = getPublicKey(publicKeyBase64);
Jwts.parserBuilder().setSigningKey(publicKey).build().parseClaimsJws(token);
<span class="pl-k">return</span> true;
} <span class="pl-k">catch</span> (Exception e) {
e.printStackTrace();
<span class="pl-k">throw</span> <span class="pl-k">new</span> ObjectException(<span class="pl-s">"</span> Could <span class="pl-k">not</span> verify JWT token integrity! <span class="pl-s">"</span>);
}
}
<span class="pl-k">public</span> JwtClaims decodeToken(String token, String publicKey) <span class="pl-k">throws</span> Exception {
Claims claims = Jwts.parser()
.setSigningKey(getPublicKey(publicKey))
.parseClaimsJws(String.valueOf(token)).getBody();
<span class="pl-k">return</span> <span class="pl-k">new</span> JwtClaims(
claims.getSubject(),
claims.get(<span class="pl-s">"auth"</span>).toString(),
claims.get(<span class="pl-s">"email"</span>).toString(),
claims.get(<span class="pl-s">"full_name"</span>).toString(),
claims.get(<span class="pl-s">"ROLE_JWT"</span>).toString(),
claims.get(<span class="pl-s">"MNV_JWT"</span>).toString(),
claims.get(<span class="pl-s">"exp"</span>).toString()
);
}
}
</pre>
</div>