3

我们正在尝试在我们的 ios 应用程序中添加 Sign In with Apple。当客户端工作正常时,我们的后端是用 Java 编写的,我们无法解码 Apple 的公钥。当您点击 URL https://appleid.apple.com/auth/keys时,它会为您提供公钥。但是,当我尝试将PublicKey对象设为 Java 时,它无法从那里识别nande值。那些是 Base64 编码的吗?

当我尝试解码Base64 中的nand值时,它给了我. 我怀疑它是 base64 的原因是在 NodeJS 包(https://www.npmjs.com/package/node-rsa)中,它们正在通过 base64 解码 n 和 e 值。但问题是指数值(e)永远不能是base64。如何从中创建 PublicKey 对象?eillegal character 2dAQAB

我正在使用的代码是:

HttpResponse<String> responsePublicKeyApple =  Unirest.get("https://appleid.apple.com/auth/keys").asString();

ApplePublicKeyResponse applePublicKeyResponse = new Gson().fromJson(responsePublicKeyApple.getBody(),ApplePublicKeyResponse.class);

System.out.println("N: "+applePublicKeyResponse.getKeys().get(0).getN());
System.out.println("E: "+applePublicKeyResponse.getKeys().get(0).getE());

byte[] decodedBytesE = Base64.getDecoder().decode(applePublicKeyResponse.getKeys().get(0).getE());
String decodedE = new String(decodedBytesE);

System.out.println("decode E: "+decodedE);

byte[] decodedBytesN = Base64.getDecoder().decode(applePublicKeyResponse.getKeys().get(0).getN());
String decodedN = new String(decodedBytesN);

System.out.println("decode N: "+decodedN);

BigInteger bigIntegerN = new BigInteger(decodedN,16);
BigInteger bigIntegerE = new BigInteger(decodedE,16);

RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(bigIntegerN,bigIntegerE);
KeyFactory keyFactory = KeyFactory.getInstance(SignatureAlgorithm.RS256.getValue());
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);

它无法解码部分ne值。另一件事是苹果的回应是说他们使用RS256算法来签署令牌但是当我尝试这样做时

KeyFactory keyFactory = KeyFactory.getInstance(SignatureAlgorithm.RS256.getValue());

它说RS256 keyfactory is not available

我该如何解决这两个问题?请帮忙。

4

1 回答 1

4

实际上,这些NE值是使用base64url编码的,如RFC7518中所述。此代码将向您展示如何执行您的请求。我使用 Jackson 来阅读您提供的 JSON:

String json = Files.lines(Paths.get("src/main/resources/test.json")).collect(Collectors.joining());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);

// here is the parsing of PublicKey
ApplePublicKeyResponse applePublicKeyResponse = objectMapper.readValue(json, ApplePublicKeyResponse.class);
        
Key key = applePublicKeyResponse.getKeys().get(0);

byte[] nBytes = Base64.getUrlDecoder().decode(key.getN());
byte[] eBytes = Base64.getUrlDecoder().decode(key.getE());

BigInteger n = new BigInteger(1, nBytes);
BigInteger e = new BigInteger(1, eBytes);

RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(n,e);
KeyFactory keyFactory = KeyFactory.getInstance(key.getKty()); //kty will be "RSA"
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);

还如前所述,key.getKty()将返回"RSA"。因此,您应该将此值传递给KeyFactory.getInstance您要解析 RSA 密钥,并且RS256是使用 RSA 和 SHA-256 哈希的签名算法的名称。

我使用了BigInteger带有符号和原始字节的构造函数。Signum 设置为 1 以获得正值。

于 2019-12-05T08:35:58.423 回答