Jwks update

1 year ago · 871ebcb3aa
2 changed files with 137 additions and 15 deletions
--- a/src/main/resources/jwks.json
+++ b/src/main/resources/jwks.json
@ -2,26 +2,39 @@
  "keys": [
    {
      "kty": "EC",
-      "d": "WZhyu7QYyCQGrJ0t1ifAHrtwG2tDFqupxd8bCBC7gEg",
-      "use": "sig",
+      "d": "X_gLHsJlSyK4gT_qeinb2gV7enJ1_2wq_Kxk-h3f-Mo",
      "crv": "P-256",
-      "kid": "ecc-kid-1",
-      "x": "NiwT4g_3mnJaqrd4JZHqMQvzHY13lVKt8U3NglvKoC8",
-      "y": "heIh7ENlsK02fO2I_xXf7GmPPnaugCtYsGvqCTJeIRM"
+      "kid": "sos-ecc-kid1",
+      "key_ops": [
+        "sign",
+        "deriveKey",
+        "decrypt",
+        "encrypt",
+        "verify"
+      ],
+      "x": "UyCuPXhC0_KLRqfWPNDU4ZljSx7lQ_vP7VbYDiOZmsk",
+      "y": "2HuQhn3bfkmYiB6BLQKlN8tkI8awkeOiKaNk1cu06ow",
+      "alg": "ES256"
    },
    {
+      "p": "1IKQCCAPhMgxUbgGa9Yjsowt3Q7rUjF68GBW0BF3QaY6zdrt1tGRLd_wVGq4uLBlb0jUUV591YOdYQHYpqgjozMfmpSG6UxikUGzzNihB0-9pczWxGe03hbLr5M3ueDIEBh81_aigSwnUGTTYCZhUPRewlJSkPg2SlXWfrB8tYU",
      "kty": "RSA",
-      "kid": "myoidc-keyid",
-      "use": "sig",
-      "alg": "RS256",
-      "n": "n6X4_VZSQjxmSqBqmIq5ZbaLynXPP3yCOF2xE250NaYLferU8LX3xAvuNLnZkaUH-4cnr_JuSlN_7JIAwAd5oLHSuSByPcxSJ95uGniDji22s-yQ19rqZCQHLmJwg3WZpWPN-HmwxPOFNlkW_2ETjqMzS-3kGduz-IPfebwNbVFu6RglHT_V6IyaDUbSvV80AAQ7R8Y6xBvu25ZSniu3JHj2u8AtScJgiOqfsImsaCABdmUO4LtMzB1V7pafH-_puRWYCl5_uaYYPMxv-EOonPCyTlzJtC6ZeiiI4LNtxWwEamRyTS0xX8Czt3s5mRW2q6pgMZQsqlL64Df8MDuFpQ",
+      "q": "13hSjzOO8BjVbcjfa2QsyDMVLcclagFLeaTejBZG_ZDRpvvq6zL9MyghGc5q-qlMxZCZwci8WOCyPwKfvB7Ca_3fdKVL0U7VSyTuXTRX1OCpxoOj6IbxzuzWeFEAwEkL6PeRPYFz-bgWd955NdCCS5rL11SBQneIIavtYTKiKkk",
+      "d": "F6t-8VhYR5Sy_7rNo5S75wxLgxlKc_WMqGsd39xcebdCY7MQnFxHq0_GUOq-RQKmhqydJXKdC3rElopxeojUmbX1mlnznjlv8Yu5JTVq5kMELuzl0-MyqeyHCM027p_-gjShNSLhhR3I8_GUZGvt-6q6H4yaGGGx9t1bbAjnLYQK-4zzl2VcNqHETIDYwhi626FGy1uZCHIDsojeVgW7HQAx26HAGBIkPMbiFCINLQRf-cOsEX4ksKfrgbH5QOG16yZObYHy1Ulx0HKgP_GaaqliZ6C-6-w05Umv6V_KY9qQiehFAFVRJ82lZtQ3HV1Ivoxi4U-ptYSaMGkDOqij2Q",
      "e": "AQAB",
-      "d": "E92YRRXnuHxBkkmx2fdxKHn1nSTZvCGnJpJqBWv6I-7cgTemdal_AjMl2gPCUgBCJQdlZdx54t_PDEYCt-J2PQvDl-u0q4HwOyvPcZXLcPa5RFxMjb-c6QceqaPwMjuA-faYW7Hw0CEpU2D0nqSaxWYDbRBWEO2o0GTAeypuVUrZXGilOLjal68Tho8ZYbmyXsEvEdqCob_iUe6q4c2x0amMmn2ot3bKKqdjbVXMjVfEqHHMPMdnVmrr_yfTUlXN3ZT4Ypp7wDrAVs7pfbvrCKWzLQYlbYNjZeBoKNcGabAA7WuNGxWvi3971gLSdYwRw4TngOweIhVW8kxiiA77QQ",
-      "p": "2R_SdLqd7d7hVJTAVY4Twx8j7VQq6-TTMVcyD_YLeBGvlkngpSz7NSQu1LTYGEHa_CzeCOFmKgtuLZ84zyS_wUxgF3AH0VD-xNZSAaHfzWXAwLmezYzGBXXF0ho8qpbf2aTNZZx2n5z0cb0loitAfmfrsd9XU226nXpPAgV-gTE",
-      "q": "vDup5zcW9NwxVs9-C-W1uwL7TpQIKNk9oBvbfgD6XkwIn3JmCfny2Nm-paK45YM169JhnUml7z6On2Bq81rNtPwkqWTp9d2SfsQkuNddtfeYi_FulLqMLeQvCr2TAdFE-4uYKcU_-5u21oomnVm5vgGs8aFzd_J-57i-GfPxjrU",
-      "dp": "UwpZqm1JQ5WvpnKx0MbjBghd7EH5nHjK0R8hNXuLzWMuPZOJyIKYnS12f8GeuEBPqYzbapgSQ9hVTjuMNaU_dYVpZu1hAAwzNEMn4BnyB5N4Ef2sH79MaQAvJXkFZNUJTis6pzcdI1SbJPkLcKeMJgxG16OsuWrJKbuChiplxLE",
-      "dq": "aQYJGD6-ikRJKxx-QXkbWoqhWQhzPQdowOqKHtXA29gkf4I-uJZDDwb-vj_6VeRNs5Qgbrfm44PN49LSGZGycKa2deUePNYxpJUfwBo56QuKi5pbjpQ_HmPQc3eujDcM_CS486Vgu6v36eAPB4BGiGM68V6ZpHUipXuIZcacInk",
-      "qi": "bvay2Ej4FIYrFpD0zW-xEpHoPxXmNJRyR4rL4SGVq-ILghfVqfTQszI2MUnpubcUAUsqYYZUvvemfust35eYiSaYWzUDGsjmUWhZDD8VTKEyxbWwya7GztarLMud2LGn76a41zyStU46g84G1ZPNcZTK_1DIR0_BpayN44jj3kk"
+      "kid": "sos-rsa-kid2",
+      "key_ops": [
+        "deriveKey",
+        "verify",
+        "encrypt",
+        "decrypt",
+        "sign"
+      ],
+      "qi": "jetZOG6EMEDAoeAy8RiJxHFnFJMOqGULd5wkPwAi6LV9wt8dgdxj_rocK0a4ksSfEu5EFeuJ8lPVpBwMJhZh5j2YJvmVzC7FxhH2sQ3FD-tu6hwU9IhnRLm2CeEaSG92upWUoZCRnLwVpKamOVJjJAk19TmL7FUGt93a3Gemb88",
+      "dp": "ry5mH1yWjmYdSflCydiAGuq10BpBYMNLTiaMyf7r6WFn7lTAZariXAfT7TMAzbcUFzXZWK5lWwKhVNuZxmCq6Bj3v40a3e1K_-VCm-YkcIuKkcgXb1byYXY3OKhKct9a7PHS0JEPCx7j1cEYApYA-SRJjTUhvUHwNz0lkdBZLaU",
+      "alg": "RS256",
+      "dq": "Wa4lxp5x9rKPWnNJsjvue6DvRq9lfhpt3IJncizvfSgianrdiukdA4bHSCNm2U9Pucb2h_ZRljhnV9xyuWygBSyULcuCo-pI0k7buwVHLT4Yy5wMw4Iu8K4Ykdk9E8sTXvJzjALuT1h0WY3KK0DOikMyZjww1IZFraYOVe8qGak",
+      "n": "st2IswiZyQXHy86KBYQdEYv3sAfWpyx-e4o0Dcqvpck0E1FpZfVcFzbLy9B7YHvXv1SseVcg93iiNYgGlPDeZxPllz4-oIisDvSmEJdAidhqQxxpMeSjeQzvVu4CKjGFG9jA68pTm-KDia3Y516b4tPyKhHGIUZq2yJrNIs2QjTikYbn5AxAQ244cDPTsuEV5yqdOdyWvdlrn4WSFLiPt31MboT6et7Hmm90fwbMDSaWWb2XNo2gOnzWFwlNO2s8zK_Z1IWhmreb_XH5mW9xirrT03nbnLTLcmLtZYHFKjP55zRFDgKsXeo9BQNG3dkCsWz0N8pURaN6cuXYoYGU7Q"
    }
  ]
 }
--- a/src/test/java/com/monkeyk/sos/service/JwksTest.java
+++ b/src/test/java/com/monkeyk/sos/service/JwksTest.java
@ -0,0 +1,109 @@
+package com.monkeyk.sos.service;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.jwk.Curve;
+import com.nimbusds.jose.jwk.ECKey;
+import com.nimbusds.jose.jwk.RSAKey;
+import org.junit.jupiter.api.Test;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Set;
+
+import static com.nimbusds.jose.jwk.KeyOperation.*;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * 2023/10/18 15:12
+ * <p>
+ * JWK
+ * generate
+ *
+ * @author Shengzhao Li
+ * @since 3.0.0
+ */
+public class JwksTest {
+
+
+    /**
+     * ES256  jwk  generate
+     *
+     * @throws Exception e
+     */
+    @Test
+    void jwkEC() throws Exception {
+
+        Curve point = Curve.P_256;
+//        Curve point = Curve.P_384;
+//        Curve point = Curve.P_521;
+
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
+        keyPairGenerator.initialize(point.toECParameterSpec());
+
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        PublicKey aPublic = keyPair.getPublic();
+        PrivateKey aPrivate = keyPair.getPrivate();
+
+
+        ECKey key = new ECKey.Builder(point, (ECPublicKey) aPublic)
+                .privateKey(aPrivate)
+                .keyOperations(Set.of(
+                        SIGN,
+                        VERIFY,
+                        ENCRYPT,
+                        DECRYPT,
+                        DERIVE_KEY))
+                // keyId 必须唯一
+                .keyID("sos-ecc-kid1")
+                .algorithm(JWSAlgorithm.ES256)
+                .build();
+        assertNotNull(key);
+
+        String json = key.toJSONString();
+        assertNotNull(json);
+//        System.out.println(json);
+
+
+    }
+
+    /**
+     * RS256  jwk  generate
+     *
+     * @throws Exception e
+     */
+    @Test
+    void jwkRS() throws Exception {
+
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+        keyPairGenerator.initialize(2048);
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        PrivateKey aPrivate = keyPair.getPrivate();
+        PublicKey aPublic = keyPair.getPublic();
+
+
+        RSAKey key = new RSAKey.Builder((RSAPublicKey) aPublic)
+                .privateKey(aPrivate)
+//                .keyUse(KeyUse.SIGNATURE)
+                .keyOperations(Set.of(
+                        SIGN,
+                        VERIFY,
+                        ENCRYPT,
+                        DECRYPT,
+                        DERIVE_KEY))
+                .algorithm(JWSAlgorithm.RS256)
+                .keyID("sos-rsa-kid2")
+                .build();
+
+        assertNotNull(key);
+        String json = key.toJSONString();
+        assertNotNull(json);
+//        System.out.println(json);
+    }
+
+}