Token生成與解析 + ECDSA加密技術
- 需要maven依賴
<dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency>
- 16進制字符串與byte數組互轉工具類
/**
* 16進制字符串與byte數組轉換
* @author chenyb
*
*/
public final class HexUtil {
private static final char[] HEX = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
public HexUtil() {
}
/**
* byte數組轉16進制字符串
* @param bytes
* @return
*/
public static String encodeHexString(byte[] bytes) {
int nBytes = bytes.length;
char[] result = new char[2 * nBytes];
int j = 0;
byte[] var4 = bytes;
int var5 = bytes.length;
for(int var6 = 0; var6 < var5; ++var6) {
byte aByte = var4[var6];
result[j++] = HEX[(240 & aByte) >>> 4];
result[j++] = HEX[15 & aByte];
}
return new String(result);
}
/**
* 16進制字符串轉byte數組
* @param s 字符串
* @return
*/
public static byte[] decode(CharSequence s) {
int nChars = s.length();
if (nChars % 2 != 0) {
throw new IllegalArgumentException("Hex-encoded string must have an even number of characters");
} else {
byte[] result = new byte[nChars / 2];
for(int i = 0; i < nChars; i += 2) {
int msb = Character.digit(s.charAt(i), 16);
int lsb = Character.digit(s.charAt(i + 1), 16);
if (msb < 0 || lsb < 0) {
throw new IllegalArgumentException("Detected a Non-hex character at " + (i + 1) + " or " + (i + 2) + " position");
}
result[i / 2] = (byte)(msb << 4 | lsb);
}
return result;
}
}
}
- 生成密鑰對,校驗密鑰有效性
package com.jwt.ecdsa;
import com.alibaba.fastjson.JSONObject;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import javax.xml.bind.DatatypeConverter;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Calendar;
public class ECDSATest {
/**
* SIGNALGORITHMS
* NONEwithECDSA 112-571 256 128 JDK/BC
* RIPEMD160withECDSA 同上 256 160 BC
* SHA1withECDSA ... 256 160 JDK/BC
* SHA224withECDSA ... 256 224 BC
* SHA256withECDSA ... 256 256 JDK/BC
* SHA384withECDSA ... 256 384 JDK/BC
* SHA512withECDSA ... 256 512 JDK/BC
*/
private static final String SIGNALGORITHMS = "SHA256withECDSA";
private static final String ALGORITHM = "EC";
private static final String SECP256K1 = "secp256k1";
public static void main(String[] args) throws Exception {
// 生成公鑰私鑰
KeyPair keyPair1 = getKeyPair();
PublicKey publicKey1 = keyPair1.getPublic();
PrivateKey privateKey1 = keyPair1.getPrivate();
//密鑰轉16進制字符串
String publicKey = HexUtil.encodeHexString(publicKey1.getEncoded());
String privateKey = HexUtil.encodeHexString(privateKey1.getEncoded());
System.out.println("生成公鑰:"+publicKey);
System.out.println("生成私鑰:"+privateKey);
//16進制字符串轉密鑰對象
PrivateKey privateKey2 = getPrivateKey(privateKey);
PublicKey publicKey2 = getPublicKey(publicKey);
//加簽驗籤,設計自己的簽名
JSONObject o = new JSONObject();
o.put( "id","sadasdsadsawq2132343243242ds" );
o.put( "name","chenyb" );
String data=o.toJSONString();
String signECDSA = signECDSA(privateKey2, data);
System.out.println(signECDSA);
boolean verifyECDSA = verifyECDSA(publicKey2, signECDSA, data);
System.out.println("驗簽結果:"+verifyECDSA);
}
/**
* 加簽
* @param privateKey 私鑰
* @param data 數據
* @return
*/
public static String signECDSA(PrivateKey privateKey, String data) {
String result = "";
try {
//執行簽名
Signature signature = Signature.getInstance(SIGNALGORITHMS);
signature.initSign(privateKey);
signature.update(data.getBytes());
byte[] sign = signature.sign();
return HexUtil.encodeHexString(sign);
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
/**
* 驗籤
* @param publicKey 公鑰
* @param signed 簽名
* @param data 數據
* @return
*/
public static boolean verifyECDSA(PublicKey publicKey, String signed, String data) {
try {
//驗證簽名
Signature signature = Signature.getInstance(SIGNALGORITHMS);
signature.initVerify(publicKey);
signature.update(data.getBytes());
byte[] hex = HexUtil.decode(signed);
boolean bool = signature.verify(hex);
// System.out.println("驗證:" + bool);
return bool;
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
/**
* 從string轉private key
* @param key 私鑰的字符串
* @return
* @throws Exception
*/
public static PrivateKey getPrivateKey(String key) throws Exception {
byte[] bytes = DatatypeConverter.parseHexBinary(key);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
return keyFactory.generatePrivate(keySpec);
}
/**
* 從string轉publicKey
* @param key 公鑰的字符串
* @return
* @throws Exception
*/
public static PublicKey getPublicKey(String key) throws Exception {
byte[] bytes = DatatypeConverter.parseHexBinary(key);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
return keyFactory.generatePublic(keySpec);
}
/**
* 生成密鑰對
* @return
* @throws Exception
*/
public static KeyPair getKeyPair() throws Exception {
ECGenParameterSpec ecSpec = new ECGenParameterSpec(SECP256K1);
KeyPairGenerator kf = KeyPairGenerator.getInstance(ALGORITHM);
kf.initialize(ecSpec, new SecureRandom());
KeyPair keyPair = kf.generateKeyPair();
return keyPair;
}
}
- 測試密鑰配對成功截圖
- jwt生成token與解析
public static void main(String[] args) throws Exception {
java.security.Security.addProvider(
new org.bouncycastle.jce.provider.BouncyCastleProvider()
);
//獲取公鑰私鑰部分
KeyPair keyPair1 = getKeyPair();
PublicKey publicKey1 = keyPair1.getPublic();
PrivateKey privateKey1 = keyPair1.getPrivate();
//密鑰轉16進制字符串
String publicKey = HexUtil.encodeHexString(publicKey1.getEncoded());
String privateKey = HexUtil.encodeHexString(privateKey1.getEncoded());
System.out.println("生成公鑰:"+publicKey);
System.out.println("生成私鑰:"+privateKey);
//16進制字符串轉密鑰對象
PrivateKey privateKey2 = getPrivateKey(privateKey);
PublicKey publicKey2 = getPublicKey(publicKey);
//生成token部分
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Calendar c = Calendar.getInstance();
c.add(Calendar.HOUR_OF_DAY, Integer.valueOf( 1000*60*5 ));//設置Token有效時長
JSONObject o = new JSONObject();
o.put("principal", "data數據");//封裝數據Object類型
o.put("exp", sdf.format(c.getTime()));//單純的記錄Token生成時間
//SignatureAlgorithm.ES256 這裏一定是對應的採用的加密技術
String token = Jwts.builder().setClaims(o).setExpiration(c.getTime())
.signWith( SignatureAlgorithm.ES256, privateKey2).compact();
System.out.println("生成的token:"+token);
//解析token部分
final Claims claims = Jwts.parser().setSigningKey(publicKey2).parseClaimsJws(token).getBody();
String str = (String) claims.get("principal");
System.out.println("token解析出來的數據"+str);
}
- 實戰中,我們只需要提供生成token接口與解析token接口,將密鑰對提前生成好存在文件裏,在生成、與解析的時候調用就好
//接口部分
package com.jwt.service;
public interface JwtService {
String createToken(String str);
String getData(String token);
}
//實現部分
package com.jwt.service.impl;
import com.alibaba.fastjson.JSONObject;
import com.jwt.ecdsa.ECDSATest;
import com.jwt.service.JwtService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.stereotype.Service;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
/**
* Created by chenyb .
*/
@Service
public class JwtServiceImpl implements JwtService {
@SuppressWarnings("restriction")
private PublicKey getPublicKey() {
PublicKey publicKey = null;
try {
InputStream stream = getClass().getClassLoader().getResourceAsStream("key/public.key");
BufferedReader br = new BufferedReader(new InputStreamReader(stream));
String line = "";
StringBuffer sb = new StringBuffer();
while ((line = br.readLine()) != null) {
sb.append(line);
}
publicKey = ECDSATest.getPublicKey(sb.toString());
} catch (Exception e) {
e.printStackTrace();
}
return publicKey;
}
private PrivateKey getPrivateKey(){
PrivateKey privateKey = null;
try {
InputStream stream = getClass().getClassLoader().getResourceAsStream("key/private.key");
BufferedReader br = new BufferedReader(new InputStreamReader(stream));
String line = "";
StringBuffer sb = new StringBuffer();
while ((line = br.readLine()) != null) {
sb.append(line);
}
privateKey = ECDSATest.getPrivateKey( sb.toString() );
} catch (Exception e) {
e.printStackTrace();
}
return privateKey;
}
@Override
public String createToken(String str){
java.security.Security.addProvider(
new org.bouncycastle.jce.provider.BouncyCastleProvider()
);
PrivateKey privateKey = this.getPrivateKey();
JSONObject data = new JSONObject();
data.put("data", str);
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Calendar c = Calendar.getInstance();
c.add(Calendar.HOUR_OF_DAY, 1000*60*60*2);//token有效時間
JSONObject o = new JSONObject();
o.put("principal", data);
o.put("exp", sdf.format(c.getTime()));
Date timeOut = c.getTime();
String token = Jwts.builder().setClaims(o).setExpiration(timeOut)
.signWith(SignatureAlgorithm.ES256, privateKey).compact();
return token;
}
@Override
public String getData(String token) {
PublicKey publicKey = getPublicKey();
if (publicKey != null) {
try {
final Claims claims = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(token).getBody();
Map<String,String> map = (Map<String,String>) claims.get("principal");
return map.get( "data" );
}catch (Exception e){
e.printStackTrace();
}
}
return null;
}
}
- Key文件位置
- 測試代碼
@Test
public void createToken (){
String token = jwtServiceImpl.createToken( "被封裝的數據" );
System.out.println("token:"+token);
String s = jwtServiceImpl.getData( token );
System.out.println(s);
}
- 測試結果
隨筆記錄,方便學習
2020-07-03