Springboot JwtHelper非对称加密
Love is beautiful 人气:0一、生成公私钥对
提供两种方法,一种基于命令行中的Keytool工具生成,一种是基于SpringSecurity中的KeyPairGenerator类生成,现实现第二种方式:
// 加密算法 private static final String KEY_ALGORITHM = "RSA"; // 公钥key private static final String PUB_KEY="publicKey"; // 私钥key private static final String PRI_KEY="privateKey"; public static Map<String,String> generateKey() throws NoSuchAlgorithmException { Map<String,String> keyMap=new HashMap<>(); KeyPairGenerator instance = KeyPairGenerator.getInstance(KEY_ALGORITHM); KeyPair keyPair = instance.generateKeyPair(); PrivateKey privateKey = keyPair.getPrivate(); PublicKey publicKey = keyPair.getPublic(); //Base64 编码 byte[] privateKeyEncoded = privateKey.getEncoded(); String privateKeyStr = Base64.encodeBase64String(privateKeyEncoded); byte[] publicKeyEncoded = publicKey.getEncoded(); String publicKeyStr=Base64.encodeBase64String(publicKeyEncoded); keyMap.put(PUB_KEY,publicKeyStr); keyMap.put(PRI_KEY,privateKeyStr); return keyMap; }
二、利用私钥生产token
// 加密算法 private static final String KEY_ALGORITHM = "RSA"; // 公钥key private static final String PUB_KEY="publicKey"; // 私钥key private static final String PRI_KEY="privateKey"; // GenerateKey Key=new GenerateKey(); // 利用私钥生产token public static Map<String,String> generateToken(UserDetails userDetails) throws NoSuchAlgorithmException, InvalidKeySpecException { GenerateKey Key=new GenerateKey(); RSAPrivateKey privateKey = null; RSAPublicKey publicKey=null; String token=null; Map<String, String> map=new HashMap<>(); Map<String, String> keyMap = Key.generateKey(); privateKey=getPrivateKey(keyMap.get(PRI_KEY)); Map<String,String> tokenMap=new HashMap<>(); tokenMap.put("userName",userDetails.getUsername()); // 使用私钥加密 token = JwtHelper.encode(JSON.toJSONString(tokenMap), new RsaSigner(privateKey)).getEncoded(); map.put("token",token); map.put("publicKey",keyMap.get(PUB_KEY)); return map; }
三、利用公钥解密token
public static String parseToken(String token,String publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException { Jwt jwt=null; RSAPublicKey rsaPublicKey; rsaPublicKey=getPublicKey(publicKey); jwt=JwtHelper.decodeAndVerify(token, new RsaVerifier(rsaPublicKey) ); String claims= jwt.getClaims(); return claims; }
四、将String类型的公钥转换成RSAPublicKey对象
/** * 得到公钥 * * @param publicKey * 密钥字符串(经过base64编码) * @throws Exception */ public static RSAPublicKey getPublicKey(String publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException { // 通过X509编码的Key指令获得公钥对象 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey)); RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec); return key; }
五、将String类型的私钥转换成RSAPrivateKey对象
/** * 得到私钥pkcs8 * * @param privateKey * 密钥字符串(经过base64编码) * @throws Exception */ public static RSAPrivateKey getPrivateKey(String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException { // 通过PKCS#8编码的Key指令获得私钥对象 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey)); RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec); return key; }
加载全部内容