JSON Web令牌是一种开放的行业标准RFC 7519方法,用于在两方之间安全地表示声明。 在此示例中,使用JWT.io库来生成JWT。
您在上一步中下载的服务凭据包含PKCS#1格式的私钥。要从此字符串中提取私钥,我们使用了 弹城堡 库。 属于java一部分的加密库不支持PKCS#1格式。
以下代码用于生成JWT:
public String getJWTToken()
{
Security.addProvider(new BouncyCastleProvider());
RSAPrivateKey privateKey = null;
GetServiceCredentials getCredentials = new GetServiceCredentials();
try
{
long now = System.currentTimeMillis();
Long expirationTime = now + TimeUnit.MINUTES.toMillis(5);
// get the private key string from the service credentials
String privateKeyString = getCredentials.getPRIVATE_KEY();
//The JWT signature algorithm we use to sign the token
SignatureAlgorithm sa = SignatureAlgorithm.RS256;
Reader targetReader = new StringReader(privateKeyString);
// PEMParser removes the unnecessary headers and decodes the underlying Base64 PEM data into a binary format.
PEMParser pemParser = new PEMParser(targetReader);
// tores the result generated by the pEMParser
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp = converter.getKeyPair((PEMKeyPair) object);
privateKey = (RSAPrivateKey) kp.getPrivate();
//Let's set the JWT Claims
Map < String, Object > jwtClaims = new HashMap < String, Object > ();
jwtClaims.put("iss", getCredentials.getORG_ID());
jwtClaims.put("sub", getCredentials.getTECH_ACCT());
jwtClaims.put("exp", expirationTime);
jwtClaims.put("aud", "https://" + getCredentials.getIMS_ENDPOINT() + "/c/" + getCredentials.getCLIENT_ID());
String metascopes[] = new String[] { getCredentials.getMETASCOPE_ID() };
for (String metascope: metascopes)
{
jwtClaims.put("https://" + getCredentials.getIMS_ENDPOINT() + "/s/" + metascope, java.lang.Boolean.TRUE);
}
// Create the final JWT token
String jwtToken = Jwts.builder().setClaims(jwtClaims).signWith(sa, privateKey).compact();
System.out.println("Got JWT Token " + jwtToken);
pemParser.close();
return jwtToken;
} catch (IOException e) {
System.out.println("The error is " + e.getMessage());
}
return null;
}