Главная Обзор Помощь
Регистрация Вход
xujunwei
/
wvp-gb28181-pro
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 5fab97cf7e
Ветки Метки
wvp-gb28181-...
/
src
/
main
/
java
/
com
/
genersoft
/
iot
/
vmp
/
conf
/
security
/
JwtUtils.java

JwtUtils.java 7.0 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. package com.genersoft.iot.vmp.conf.security;
    2. 

  2. 

  3. import com.genersoft.iot.vmp.conf.security.dto.JwtUser;
    4. 

  4. import org.jose4j.json.JsonUtil;
    5. 

  5. import org.jose4j.jwk.RsaJsonWebKey;
    6. 

  6. import org.jose4j.jws.AlgorithmIdentifiers;
    7. 

  7. import org.jose4j.jws.JsonWebSignature;
    8. 

  8. import org.jose4j.jwt.JwtClaims;
    9. 

  9. import org.jose4j.jwt.NumericDate;
    10. 

  10. import org.jose4j.jwt.consumer.ErrorCodes;
    11. 

  11. import org.jose4j.jwt.consumer.InvalidJwtException;
    12. 

  12. import org.jose4j.jwt.consumer.JwtConsumer;
    13. 

  13. import org.jose4j.jwt.consumer.JwtConsumerBuilder;
    14. 

  14. import org.jose4j.lang.JoseException;
    15. 

  15. import org.slf4j.Logger;
    16. 

  16. import org.slf4j.LoggerFactory;
    17. 

  17. 

  18. import java.security.PrivateKey;
    19. 

  19. import java.time.LocalDateTime;
    20. 

  20. import java.time.ZoneOffset;
    21. 

  21. 

  22. public class JwtUtils {
    23. 

  23. 

  24.     private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
    25. 

  25. 

  26.     private static final String HEADER = "access-token";
    27. 

  27.     private static final String AUDIENCE = "Audience";
    28. 

  28. 

  29.     private static final long EXPIRED_THRESHOLD = 10 * 60;
    30. 

  30. 

  31.     private static final String keyId = "3e79646c4dbc408383a9eed09f2b85ae";
    32. 

  32.     private static final String privateKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\",\"d\":\"ed7U_k3rJ4yTk70JtRSIfjKGiEb67BO1TabcymnljKO7RU8nage84zZYuSu_XpQsHk6P1f0Gzxkicghm_Er-FrfVn2pp70Xu52z3yRd6BJUgWLDFk97ngScIyw5OiULKU9SrZk2frDpftNCSUcIgb50F8m0QAnBa_CdPsQKbuuhLv8V8tBAV7F_lAwvSBgu56wRo3hPz5dWH8YeXM7XBfQ9viFMNEKd21sP_j5C7ueUnXT66nBxe3ZJEU3iuMYM6D6dB_KW2GfZC6WmTgvGhhxJD0h7aYmfjkD99MDleB7SkpbvoODOqiQ5Epb7Nyh6kv5u4KUv2CJYtATLZkUeMkQ\",\"p\":\"uBUjWPWtlGksmOqsqCNWksfqJvMcnP_8TDYN7e4-WnHL4N-9HjRuPDnp6kHvCIEi9SEfxm7gNxlRcWegvNQr3IZCz7TnCTexXc5NOklB9OavWFla6u-s3Thn6Tz45-EUjpJr0VJMxhO-KxGmuTwUXBBp4vN6K2qV6rQNFmgkWzk\",\"q\":\"tW_i7cCec56bHkhITL_79dXHz_PLC_f7xlynmlZJGU_d6mqOKmLBNBbTMLnYW8uAFiFzWxDeDHh1o5uF0mSQR-Z1Fg35OftnpbWpy0Cbc2la5WgXQjOwtG1eLYIY2BD3-wQ1VYDBCvowr4FDi-sngxwLqvwmrJ0xjhi99O-Gzcs\",\"dp\":\"q1d5jE85Hz_6M-eTh_lEluEf0NtPEc-vvhw-QO4V-cecNpbrCBdTWBmr4dE3NdpFeJc5ZVFEv-SACyei1MBEh0ItI_pFZi4BmMfy2ELh8ptaMMkTOESYyVy8U7veDq9RnBcr5i1Nqr0rsBkA77-9T6gzdvycBZdzLYAkAmwzEvk\",\"dq\":\"q29A2K08Crs-jmp2Bi8Q_8QzvIX6wSBbwZ4ir24AO-5_HNP56IrPS0yV2GCB0pqCOGb6_Hz_koDvhtuYoqdqvMVAtMoXR3YJBUaVXPt65p4RyNmFwIPe31zHs_BNUTsXVRMw4c16mci03-Af1sEm4HdLfxAp6sfM3xr5wcnhcek\",\"qi\":\"rHPgVTyHUHuYzcxfouyBfb1XAY8nshwn0ddo81o1BccD4Z7zo5It6SefDHjxCAbcmbiCcXBSooLcY-NF5FMv3fg19UE21VyLQltHcVjRRp2tRs4OHcM8yaXIU2x6N6Z6BP2tOksHb9MOBY1wAQzFOAKg_G4Sxev6-_6ud6RISuc\"}";
    33. 

  33.     private static final String publicKeyStr = "{\"kty\":\"RSA\",\"kid\":\"3e79646c4dbc408383a9eed09f2b85ae\",\"alg\":\"RS256\",\"n\":\"gndmVdiOTSJ5et2HIeTM5f1m61x5ojLUi5HDfvr-jRrESQ5kbKuySGHVwR4QhwinpY1wQqBnwc80tx7cb_6SSqsTOoGln6T_l3k2Pb54ClVnGWiW_u1kmX78V2TZOsVmZmwtdZCMi-2zWIyAdIEXE-gncIehoAgEoq2VAhaCURbJWro_EwzzQwNmCTkDodLAx4npXRd_qSu0Ayp0txym9OFovBXBULRvk4DPiy3i_bPUmCDxzC46pTtFOe9p82uybTehZfULZtXXqRm85FL9n5zkrsTllPNAyEGhgb0RK9sE5nK1m_wNNysDyfLC4EFf1VXTrKm14XNVjc2vqLb7Mw\",\"e\":\"AQAB\"}";
    34. 

  34. 

  35.     /**
    36. 

  36.      * token过期时间(分钟)
    37. 

  37.      */
    38. 

  38.     public static final long expirationTime = 30;
    39. 

  39. 

  40.     public static String createToken(String username, String password) {
    41. 

  41.         try {
    42. 

  42.             /**
    43. 

  43.              * “iss” (issuer)  发行人
    44. 

  44.              *
    45. 

  45.              * “sub” (subject)  主题
    46. 

  46.              *
    47. 

  47.              * “aud” (audience) 接收方 用户
    48. 

  48.              *
    49. 

  49.              * “exp” (expiration time) 到期时间
    50. 

  50.              *
    51. 

  51.              * “nbf” (not before)  在此之前不可用
    52. 

  52.              *
    53. 

  53.              * “iat” (issued at)  jwt的签发时间
    54. 

  54.              */
    55. 

  55.             //Payload
    56. 

  56.             JwtClaims claims = new JwtClaims();
    57. 

  57.             claims.setGeneratedJwtId();
    58. 

  58.             claims.setIssuedAtToNow();
    59. 

  59.             // 令牌将过期的时间 分钟
    60. 

  60.             claims.setExpirationTimeMinutesInTheFuture(expirationTime);
    61. 

  61.             claims.setNotBeforeMinutesInThePast(0);
    62. 

  62.             claims.setSubject("login");
    63. 

  63.             claims.setAudience(AUDIENCE);
    64. 

  64.             //添加自定义参数,必须是字符串类型
    65. 

  65.             claims.setClaim("username", username);
    66. 

  66.             claims.setClaim("password", password);
    67. 

  67. 

  68.             //jws
    69. 

  69.             JsonWebSignature jws = new JsonWebSignature();
    70. 

  70.             //签名算法RS256
    71. 

  71.             jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
    72. 

  72.             jws.setKeyIdHeaderValue(keyId);
    73. 

  73.             jws.setPayload(claims.toJson());
    74. 

  74. 

  75.             PrivateKey privateKey = new RsaJsonWebKey(JsonUtil.parseJson(privateKeyStr)).getPrivateKey();
    76. 

  76.             jws.setKey(privateKey);
    77. 

  77. 

  78.             //get token
    79. 

  79.             String idToken = jws.getCompactSerialization();
    80. 

  80.             return idToken;
    81. 

  81.         } catch (JoseException e) {
    82. 

  82.             logger.error("[Token生成失败]: {}", e.getMessage());
    83. 

  83.         }
    84. 

  84. 

  85.         return null;
    86. 

  86.     }
    87. 

  87. 

  88.     public static String getHeader() {
    89. 

  89.         return HEADER;
    90. 

  90.     }
    91. 

  91. 

  92. 

  93.     public static JwtUser verifyToken(String token) {
    94. 

  94. 

  95.         JwtUser jwtUser = new JwtUser();
    96. 

  96. 

  97.         try {
    98. 

  98.             JwtConsumer consumer = new JwtConsumerBuilder()
    99. 

  99.                     .setRequireExpirationTime()
    100. 

  100.                     .setMaxFutureValidityInMinutes(5256000)
    101. 

  101.                     .setAllowedClockSkewInSeconds(30)
    102. 

  102.                     .setRequireSubject()
    103. 

  103.                     //.setExpectedIssuer("")
    104. 

  104.                     .setExpectedAudience(AUDIENCE)
    105. 

  105.                     .setVerificationKey(new RsaJsonWebKey(JsonUtil.parseJson(publicKeyStr)).getPublicKey())
    106. 

  106.                     .build();
    107. 

  107. 

  108.             JwtClaims claims = consumer.processToClaims(token);
    109. 

  109.             NumericDate expirationTime = claims.getExpirationTime();
    110. 

  110.             // 判断是否即将过期, 默认剩余时间小于5分钟未即将过期
    111. 

  111.             // 剩余时间 (秒)
    112. 

  112.             long timeRemaining = LocalDateTime.now().toEpochSecond(ZoneOffset.ofHours(8)) - expirationTime.getValue();
    113. 

  113.             if (timeRemaining < 5 * 60) {
    114. 

  114.                 jwtUser.setStatus(JwtUser.TokenStatus.EXPIRING_SOON);
    115. 

  115.             }else {
    116. 

  116.                 jwtUser.setStatus(JwtUser.TokenStatus.NORMAL);
    117. 

  117.             }
    118. 

  118. 

  119.             String username = (String) claims.getClaimValue("username");
    120. 

  120.             String password = (String) claims.getClaimValue("password");
    121. 

  121.             jwtUser.setUserName(username);
    122. 

  122.             jwtUser.setPassword(password);
    123. 

  123. 

  124.             return jwtUser;
    125. 

  125.         } catch (InvalidJwtException e) {
    126. 

  126.             if (e.hasErrorCode(ErrorCodes.EXPIRED)) {
    127. 

  127.                 jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED);
    128. 

  128.             }else {
    129. 

  129.                 jwtUser.setStatus(JwtUser.TokenStatus.EXCEPTION);
    130. 

  130.             }
    131. 

  131.             return jwtUser;
    132. 

  132.         }catch (Exception e) {
    133. 

  133.             logger.error("[Token解析失败]: {}", e.getMessage());
    134. 

  134.             jwtUser.setStatus(JwtUser.TokenStatus.EXPIRED);
    135. 

  135.             return jwtUser;
    136. 

  136.         }
    137. 

  137.     }
    138. 

  138. }
    139.