我正在 AWS Cognito 上验证访问 token 。我必须做的一件事是将 key 从 jwks.json(用户池的)转换为 rsa 公钥结构(取决于使用的 JWT API)。
所以 'n' 和 'e' 的值必须是 big int (long) 和 int。
这两个变量的正确值是多少,例如:
raw_n := "rdTmzrh7t0i_YN0MDLejnS0jXIFoSzRfFEbqf-bwGuRLnhLI4T3zGAk9HGZeAG6B5gg1D40Jsz1upo4E70VS0raGfSBPYPO7ZAJ2VCUUeblr9X_aWK4f294v4Cf3n8jZyFcGK9qhgcqy3DlHqqDANtjamWVtEhTRTFc-qoz1ScvHmPupsXlj1FsAEFEbVhP4705ez5gW3uQOoidrm38sPFwCN7g7xhA9CyzF04Zsjky55OfMCyWlIt7nljLx7ZRG3dVRD3vdEBI99qtxf43qMCWSPUk7Whn11Wf_u0xDrWhtGR9k599rKBBRWuqcujYYnFuOT0BeQIL25cePPK8lxw"
raw_e := "AQAB"
我想这是 Base64 编码的 URL。 我正在使用 Go,在解码它们时,我有这些值:
Value of N = 21944212446918148307583266513211511961176501179660110972882270757464120247554839864039423096862533136364974693915136668416630333929475539217929135693935014796040215031370110392351836608149288005498214604075814317642291632460369313969964278103135047317799644939426174469533574133378199425168189176269507635563270873057483981163804984573367938044175828995131343800369166239708527999544583873649523245709447765091038652758632917341001616695912404965678061555823269517387737693508193881028187912513285002546706797506255288735805912213209305939523528571103281920754204216834697552752238593850648051945624431639572960454087
E 的值 = 65537
最终的值是:
TokenSignature= GYZQKv7o8_o9E4ktVKZngYD4BS5QluOMwE-MRcJB432CmNimQm6JbvT3H48ECThe4f3sZ1KyVbgDJbyUnlkaAwMEBjMnlV7AUaZb-ifveM7kHM30BS5LCV_SCiCk-PvmWjeIHu9bR3EwG8azJCceD5A7gDLmhAtPN94gRy-opXJPAnaCba00AwKBd_pN3UH7LYu4u4EQ29eIfn4k4RCLuR31jr7ad3dvvjhhy658dQSHzSuPZGcN1-CRVSlrd0nk0Ba2t8W33LtjxM6wzPThWgh0fpy2XEDosGU_9FiXdEjUKisE3VHxroygQ8ekVWKHssa2eujXCx8OthWzaGag0w1
Signing String= eyJhbGciOiJSUzI1NiIsImtpZCI6ImpBNlFvakp0RkI0TmNIR1BmcS85ZWgzSHI2YnVXWEI0VzkxRTd5bWNjSk09In0.eyJleHAiOjE0NzAyNzgzMTEsInRva2VuX3VzZSI6ImFjY2VzcyIsImlzcyI6Imh0dHBzOi8vY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb20vdXMtZWFzdC0xX0d1OFlhVGg3MiIsImNsaWVudF9pZCI6IjRwNzNuYjhra3NsbHJrbTlzMzdzYXZsNzEzIiwidXNlcm5hbWUiOiJtYXRlbyIsImtpZCI6IiIsImFsZyI6IiIsImp0aSI6IjhmNTBiZmU4LWVlNGUtNGFkZi04MDQxLWU5MGM4YWJkZDExZCIsImlhdCI6MTQ3MDI3NDcxMSwic3ViIjoiYjFjMDZhMTktYjE5Yy00NGMwLTgzZjctODY2NTZjYzRmMjMxIn0
rsa.PublicKey{N:21944212446918148307583266513211511961176501179660110972882270757464120247554839864039423096862533136364974693915136668416630333929475539217929135693935014796040215031370110392351836608149288005498214604075814317642291632460369313969964278103135047317799644939426174469533574133378199425168189176269507635563270873057483981163804984573367938044175828995131343800369166239708527999544583873649523245709447765091038652758632917341001616695912404965678061555823269517387737693508193881028187912513285002546706797506255288735805912213209305939523528571103281920754204216834697552752238593850648051945624431639572960454087, E:65537}
但是,使用这些重访者值,我仍然收到 crypto/rsa: verification error。如何确定问题是来自 JWT 库还是值?
非常感谢
最佳答案
您应该能够使用下面的程序或在 https://play.golang.org/p/VZqD5m057b 生成的 rsa.PublicKey 来验证签名。它基于 https://github.com/mendsley/gojwk 中的代码(请参阅 playground 链接或 https://github.com/mendsley/gojwk/blob/master/LICENSE 了解版权归属)——我建议克隆该存储库并将其用作示例和模型。
package main
import (
"crypto/rsa"
"encoding/base64"
"encoding/binary"
"fmt"
"math/big"
)
func main() {
rawN := "rdTmzrh7t0i_YN0MDLejnS0jXIFoSzRfFEbqf-bwGuRLnhLI4T3zGAk9HGZeAG6B5gg1D40Jsz1upo4E70VS0raGfSBPYPO7ZAJ2VCUUeblr9X_aWK4f294v4Cf3n8jZyFcGK9qhgcqy3DlHqqDANtjamWVtEhTRTFc-qoz1ScvHmPupsXlj1FsAEFEbVhP4705ez5gW3uQOoidrm38sPFwCN7g7xhA9CyzF04Zsjky55OfMCyWlIt7nljLx7ZRG3dVRD3vdEBI99qtxf43qMCWSPUk7Whn11Wf_u0xDrWhtGR9k599rKBBRWuqcujYYnFuOT0BeQIL25cePPK8lxw"
rawE := "AQAB"
decodedE, err := base64.RawURLEncoding.DecodeString(rawE)
if err != nil {
panic(err)
}
// make sure that the E field is at least 4 bytes, pad if necessary
if len(decodedE) < 4 {
ndata := make([]byte, 4)
copy(ndata[4-len(decodedE):], decodedE)
decodedE = ndata
}
pubKey := &rsa.PublicKey{
N: &big.Int{},
E: int(binary.BigEndian.Uint32(decodedE[:])),
}
decodedN, err := base64.RawURLEncoding.DecodeString(rawN)
if err != nil {
panic(err)
}
pubKey.N.SetBytes(decodedN)
fmt.Println(decodedN)
fmt.Println(decodedE)
fmt.Printf("%#v\n", *pubKey)
}
输出:
[173 212 230 206 184 123 183 183 72 191 96 221 12 12 12 183 163 163 157 45 35 92 129 104 75 52 95 20 70 234 127 234 127 230 240 26 228 75 158 18 20025 225 225 225 61 243 243 243 24 9 61 28 102 94 02 28 102 94 0 2 28 102 94 0 2 110 129 230 8 53 15 141 9 179 61 110 166 142 4 239 69 82 210 182 134 125 32 79 96 243 187 100 2 118 84 37 20 121 185 107 245 127 218 88 174 31 219 222 47 224 39 247 159 200 217 200 87 6 43 218 161 129 202 178 220 57 71 170 160 192 54 216 218 153 101 109 18 20 209 76 87 62 170 140 245 73 203 199 152 251 169 177 121 99 212 91 0 16 81 27 86 19 248 239 78 94 207 152 22 222 228 162 39 107 155 127 44 60 92 2 55 184 59 198 16 61 11 44 197 211 134 108 134 108 142 76 185 228 228 228 228 231 204 11 37 165 34 222 222 231 150 50 237 50 241 237 148 70 148 70 148 70 213 81 213 81 213 81 213 81 151 213 81 213 81 151 213 81 151 15 123 221 16 18 61 246 171 113 127 141 234 48 37 146 61 73 59 90 25 245 213 103 255 187 76 67 173 104 109 25 31 100 231 223 107 40 16 81 90 234 156 186 54 24 156 91 142 79 64 94 64 130 246 229 199 143 60 175 37 199] [0 1 0 1] rsa.PublicKey{N:21944212446918148307583266513211511961176501179660110972882270757464120247554839864039423096862533136364974693915136668416630333929475539217929135693935014796040215031370110392351836608149288005498214604075814317642291632460369313969964278103135047317799644939426174469533574133378199425168189176269507635563270873057483981163804984573367938044175828995131343800369166239708527999544583873649523245709447765091038652758632917341001616695912404965678061555823269517387737693508193881028187912513285002546706797506255288735805912213209305939523528571103281920754204216834697552752238593850648051945624431639572960454087, E:65537}
关于json - AWS Cognito 解码 JWKS.json,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38773185/