![904fffbb0eaf31221cd58724cfe7e895.png](https://img-blog.csdnimg.cn/img_convert/904fffbb0eaf31221cd58724cfe7e895.png)
Spring boot with Oauth2 jwt 非对称证书
节选自《Netkiller Spring Cloud 手札》
多维度架构 - 知乎www.zhihu.com![5c5888a721a32faf96488d04b9cd138b.png](https://img-blog.csdnimg.cn/img_convert/5c5888a721a32faf96488d04b9cd138b.png)
创建证书
创建证书
keytool -genkeypair -alias jwt -keyalg RSA -keypass passw0rd -keystore jwt.jks -storepass passw0rd
neo@MacBook-Pro /tmp/oauth % keytool -genkeypair -alias jwt -keyalg RSA -keypass passw0rd -keystore jwt.jks -storepass passw0rd
What is your first and last name?
[Unknown]: Neo Chen
What is the name of your organizational unit?
[Unknown]: netkiller.cn
What is the name of your organization?
[Unknown]: netkiller.cn
What is the name of your City or Locality?
[Unknown]: Shenzhen
What is the name of your State or Province?
[Unknown]: Guangdong
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=Neo Chen, OU=netkiller.cn, O=netkiller.cn, L=Shenzhen, ST=Guangdong, C=CN correct?
[no]: yes
该命令将生成一个名为jwt.jks的文件,其中包含我们的密钥 - 公钥和私钥。 还要牢记keypass和storepass密码。
导出公钥,接下来,我们需要从刚刚生成的JKS中导出我们的公钥,我们可以使用下面的命令来实现:
neo@MacBook-Pro /tmp/oauth % keytool -list -rfc --keystore jwt.jks | openssl x509 -inform pem -pubkey -out certificate.crt > public.crt
Enter keystore password: passw0rd
公钥内容
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6ePdDwBrHKX3kNFnbve
T1rTTbyA9GjaiZNwj2X4Y0In7RCFl8auXXBn2DxztQMGqHY2Ydc3/26Gu9Vri441
r8/RInA6UpzzDRl5SeYYTobcgfIVpfQ0hTX0xzuMDVLVoLibGfcvGy7ZkrJjQFX8
lIaO84K8KP/yzma5622XJ+f5hkXmTX5e0tXGDCPjVO1dSrouPWqhcbM0Kf6y3RdE
JkNRTHLky6afx8MNobakz1Ab9K7cjD8De6LwScwMQMFU46traN/3Fw0lZFxKkpay
+sEUHvHDUYWTuVovUmfiKMX8fj5QCm4imPdA3pF/jjM+xeeVcTID3qffDGOKrGTF
HQIDAQAB
-----END PUBLIC KEY-----
复制 jwt.jks 和 public.crt 到 src/main/resources 目录下
Authorization Server
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(new ClassPathResource("jwt.jks"), "passw0rd".toCharArray());
converter.setKeyPair(keyStoreKeyFactory.getKeyPair("passw0rd"));
return converter;
}
Resource Server
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
String publicKey = "-----BEGIN PUBLIC KEY-----n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6ePdDwBrHKX3kNFnbven" +
"T1rTTbyA9GjaiZNwj2X4Y0In7RCFl8auXXBn2DxztQMGqHY2Ydc3/26Gu9Vri441n" +
"r8/RInA6UpzzDRl5SeYYTobcgfIVpfQ0hTX0xzuMDVLVoLibGfcvGy7ZkrJjQFX8n" +
"lIaO84K8KP/yzma5622XJ+f5hkXmTX5e0tXGDCPjVO1dSrouPWqhcbM0Kf6y3RdEn" +
"JkNRTHLky6afx8MNobakz1Ab9K7cjD8De6LwScwMQMFU46traN/3Fw0lZFxKkpayn" +
"+sEUHvHDUYWTuVovUmfiKMX8fj5QCm4imPdA3pF/jjM+xeeVcTID3qffDGOKrGTFn" +
"HQIDAQABn" +
"-----END PUBLIC KEY-----";
converter.setVerifierKey(publicKey);
return converter;
}
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)
![af458864ac94931cc3b673d6bdab06e1.png](https://img-blog.csdnimg.cn/img_convert/af458864ac94931cc3b673d6bdab06e1.png)