我得到了一个url - jwks_uri= https://xxxxx/oauth/nam/keys
...生成如下JSON:
{
"keys": [{
"kty": "RSA",
"use": "sig",
"alg": "RS256",
"kid": "233921010515334582428573459295448396160651486998",
"x5c": ["MIIFQjCCBCqgAwIBAgIUKPlhgf+gbz7h0arpJdYiOXxj5xYwDQYJKoZIhvcNAQELBQAwNTEaMBgGA1UECxMRT3JnYW5pemF0aW9uYWwgQ0ExFzAVBg..........wTBo45axM="],
"x5t": "BBSLHq3rpiVLP2rota71boxAdqE",
"x5tS256": "VAvMs-i58nz5UjOzyOEPpDubjgsNDK_m5z7w8dudPaw",
"n": "okBvqleqjWLqLQ20cd9oajuOFZgOdPgD0rz6PddT1uW0iPkZ53Az68D_9s0fSMh996iGxN8sZFcCO-v0DXFBmUZb8D1VuBbx4v8Q_OUWhUk6V0QgUnzsdEYP39tZqU4gq KMuwzCbqqD1tj1C510tT8LK8lJjYuIjP-eNHv_WaL9QAH0iRwOWXA_a9ZwEoOhI0R-HqnvvJNyuUnh0umHDow3Uu7uuTKMFmziNzcB4ANBrKytVsfqBz2M9qNi6YqpT1ysGyX_M_PCja 2q8CDQxpcUm7XikFNdjutTR_B1gXDEk0Y8O7MgeKQcbYq1jMGEzIUabeka6jbBE2RR-mzV1YQ",
"e": "AQAB"
}
]
}该公司声称我已经拥有了验证jwt公钥所需的一切,但在我的代码中,我不断收到错误
引起的:javax.net.ssl.SSLHandshakeException:PKIX路径构建失败:sun.security.provider.certpath. SunCertPathBuilderException:无法找到有效的证书路径到请求的目标.
这是我的方法:
private RSAPublicKey loadPublicKey(DecodedJWT token) throws JwkException, MalformedURLException {
final String url = "https://XXXXXXXX/oauth/nam/keys"; //getKeycloakCertificateUrl(token);
// final String url = "https://XXXXXXXXX/api/GetCA";
JwkProvider provider = new UrlJwkProvider(new URL(url));
return (RSAPublicKey) provider.get(token.getKeyId()).getPublicKey();
}
1条答案
按热度按时间xghobddn1#
当您的Java代码试图从该URL(验证JWT所需的公钥)获取内容时,它无法建立正确的连接,因为它不信任该页面所使用的证书。它是页面本身使用的SSL证书,而不是在该端点返回的公钥。您应该做的是获取该证书(您可以在浏览器中打开
https://XXXXXXXX/oauth/nam/keys页面并下载证书),然后将其添加到Java信任库中。您将在juanlumn发布的此链接下找到有关如何做到这一点的详细说明:Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?