JWT 'RS256' 算法问题
JWT 'RS256' Algorithm issue
我使用这个库来生成 JWT 令牌,这是我的代码:
func generateJWT() -> String{
let claim = JWTClaimsSet()
claim.issuer = "xxxxxx"
claim.audience = "https://www.googleapis.com/oauth2/v4/token"
claim.issuedAt = NSDate()
claim.expirationDate = NSDate()
let header = ["alg":"RS256","typ":"JWT"]
let algorithm = JWTAlgorithmFactory.algorithmByName("RS256")
let encodeBuilder = JWT.encodeClaimsSet(claim)
let jwt = encodeBuilder.secret("secret").algorithm(algorithm).headers(header).encode
return jwt
}
但是我收到了这个错误:
2016-03-30 16:51:23.274 JWTObjc[3217:74974] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[2]'
我做错了什么?
提前致谢
HMAC 签名 signing/verification 涉及双方都知道的共享秘密,因此在那里使用 .secret("secret") 方法。
RSA是一个public/private密钥系统,签名者有私钥,验证者只有public密钥。因此,要创建签名的 JWT,您需要私钥。这些最常用于 PKCS12 格式,受密码保护。看起来这就是 JWTAlgorithmRS256 class 所期望的方式,所以那里的 API 看起来更像 .secretData(p12FileData).privateKeyCertificatePassphrase("password") 而不是 .secret("secret").
为了验证,您可能需要 .secretData(certFileData)(证书将包含 public 密钥)。
我使用 PKCS1 和 RS256
func encryptPayload(payload:[AnyHashable:Any])->String?
{
var resultStr: String?
var publicKeyCrypto: JWTCryptoKeyProtocol? = nil
do {
publicKeyCrypto = try JWTCryptoKeyPublic(pemEncoded: AppConstant.Scurity.publicKey, parameters: nil)
}
catch {
NSLog("error: \(error)")
}
guard let theCrypto = publicKeyCrypto else {
return nil
}
do {
let privateKeyCrypto = try JWTCryptoKeyPrivate(pemEncoded: AppConstant.Scurity.privateKey, parameters: nil)
guard let holder = JWTAlgorithmRSFamilyDataHolder().signKey(privateKeyCrypto)?.secretData(AppConstant.Scurity.privateKey.data(using: .utf8))?.algorithmName(JWTAlgorithmNameRS256) else {return nil}
let headers : [AnyHashable:Any] = ["alg": "RS256","typ": "JWT"]
guard let encoding = JWTEncodingBuilder.encodePayload(payload).headers(headers)?.addHolder(holder) else {return nil}
let result = encoding.result
print(result?.successResult?.encoded ?? "Encoding failed")
print(result?.errorResult?.error ?? "No encoding error")
let verifyDataHolder = JWTAlgorithmRSFamilyDataHolder().signKey(theCrypto)?.secretData(AppConstant.Scurity.publicKey.data(using: .utf8)!)?.algorithmName(JWTAlgorithmNameRS256)
let verifyResult = JWTDecodingBuilder.decodeMessage(result?.successResult?.encoded).addHolder(verifyDataHolder)?.result
if verifyResult?.successResult != nil, let result = verifyResult?.successResult.encoded {
print("Verification successful, result: \(result)")
} else {
print("Verification error: \(verifyResult!.errorResult.error)")
}
resultStr = result?.successResult.encoded
} catch {
print(error)
}
return resultStr
}
我使用这个库来生成 JWT 令牌,这是我的代码:
func generateJWT() -> String{
let claim = JWTClaimsSet()
claim.issuer = "xxxxxx"
claim.audience = "https://www.googleapis.com/oauth2/v4/token"
claim.issuedAt = NSDate()
claim.expirationDate = NSDate()
let header = ["alg":"RS256","typ":"JWT"]
let algorithm = JWTAlgorithmFactory.algorithmByName("RS256")
let encodeBuilder = JWT.encodeClaimsSet(claim)
let jwt = encodeBuilder.secret("secret").algorithm(algorithm).headers(header).encode
return jwt
}
但是我收到了这个错误:
2016-03-30 16:51:23.274 JWTObjc[3217:74974] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSPlaceholderArray initWithObjects:count:]: attempt to insert nil object from objects[2]'
我做错了什么?
提前致谢
HMAC 签名 signing/verification 涉及双方都知道的共享秘密,因此在那里使用 .secret("secret") 方法。
RSA是一个public/private密钥系统,签名者有私钥,验证者只有public密钥。因此,要创建签名的 JWT,您需要私钥。这些最常用于 PKCS12 格式,受密码保护。看起来这就是 JWTAlgorithmRS256 class 所期望的方式,所以那里的 API 看起来更像 .secretData(p12FileData).privateKeyCertificatePassphrase("password") 而不是 .secret("secret").
为了验证,您可能需要 .secretData(certFileData)(证书将包含 public 密钥)。
我使用 PKCS1 和 RS256
func encryptPayload(payload:[AnyHashable:Any])->String?
{
var resultStr: String?
var publicKeyCrypto: JWTCryptoKeyProtocol? = nil
do {
publicKeyCrypto = try JWTCryptoKeyPublic(pemEncoded: AppConstant.Scurity.publicKey, parameters: nil)
}
catch {
NSLog("error: \(error)")
}
guard let theCrypto = publicKeyCrypto else {
return nil
}
do {
let privateKeyCrypto = try JWTCryptoKeyPrivate(pemEncoded: AppConstant.Scurity.privateKey, parameters: nil)
guard let holder = JWTAlgorithmRSFamilyDataHolder().signKey(privateKeyCrypto)?.secretData(AppConstant.Scurity.privateKey.data(using: .utf8))?.algorithmName(JWTAlgorithmNameRS256) else {return nil}
let headers : [AnyHashable:Any] = ["alg": "RS256","typ": "JWT"]
guard let encoding = JWTEncodingBuilder.encodePayload(payload).headers(headers)?.addHolder(holder) else {return nil}
let result = encoding.result
print(result?.successResult?.encoded ?? "Encoding failed")
print(result?.errorResult?.error ?? "No encoding error")
let verifyDataHolder = JWTAlgorithmRSFamilyDataHolder().signKey(theCrypto)?.secretData(AppConstant.Scurity.publicKey.data(using: .utf8)!)?.algorithmName(JWTAlgorithmNameRS256)
let verifyResult = JWTDecodingBuilder.decodeMessage(result?.successResult?.encoded).addHolder(verifyDataHolder)?.result
if verifyResult?.successResult != nil, let result = verifyResult?.successResult.encoded {
print("Verification successful, result: \(result)")
} else {
print("Verification error: \(verifyResult!.errorResult.error)")
}
resultStr = result?.successResult.encoded
} catch {
print(error)
}
return resultStr
}