1:用如下方法加载私钥时,可能会抛出java.security.InvalidKeyException: IOException : Short read of DER length:
private static final String RSA_PRIVATE_KEY = "..."; private static final String RSA_PUBLIC_KEY = "..."; /** * 生成token * @param payload token携带的信息 * @return token字符串 */ public static String getTokenRsa(Map<String,String> payload){ // 指定token过期时间为7天 Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.DATE, 7); JWTCreator.Builder builder = JWT.create(); // 构建payload payload.forEach(builder::withClaim); // 利用hutool创建RSA RSA rsa = new RSA(RSA_PRIVATE_KEY, null); // 获取私钥 RSAPrivateKey privateKey = (RSAPrivateKey) rsa.getPrivateKey(); // 签名时传入私钥 String token = builder.withExpiresAt(calendar.getTime()).sign(Algorithm.RSA256(null, privateKey)); return token; } /** * 解析token * @param token token字符串 * @return 解析后的token */ public static DecodedJWT decodeRsa(String token){ // 利用hutool创建RSA RSA rsa = new RSA(null, RSA_PUBLIC_KEY); // 获取RSA公钥 RSAPublicKey publicKey = (RSAPublicKey) rsa.getPublicKey(); // 验签时传入公钥 JWTVerifier jwtVerifier = JWT.require(Algorithm.RSA256(publicKey, null)).build(); DecodedJWT decodedJWT = jwtVerifier.verify(token); return decodedJWT; } }
异常报错原因如下:
cn.hutool.crypto.CryptoException: InvalidKeySpecException: java.security.InvalidKeyException: IOException: Short read of DER length at cn.hutool.crypto.KeyUtil.generatePublicKey(KeyUtil.java:355) at cn.hutool.crypto.KeyUtil.generatePublicKey(KeyUtil.java:335) at cn.hutool.crypto.asymmetric.AsymmetricCrypto.<init>(AsymmetricCrypto.java:136) at cn.hutool.crypto.asymmetric.AsymmetricCrypto.<init>(AsymmetricCrypto.java:83) at cn.hutool.crypto.asymmetric.RSA.<init>(RSA.java:86) at com.example.demotest.utils.JWTUtils.decodeRsa(JWTUtils.java:54) at com.example.demotest.lanjieqi.JWTInterceptor.preHandle(JWTInterceptor.java:41) at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:148) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1066) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) at javax.servlet.http.HttpServlet.service(HttpServlet.java:696) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) at javax.servlet.http.HttpServlet.service(HttpServlet.java:779) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:891) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1784) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: Short read of DER length at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205) at java.security.KeyFactory.generatePublic(KeyFactory.java:334) at cn.hutool.crypto.KeyUtil.generatePublicKey(KeyUtil.java:353) ... 43 more Caused by: java.security.InvalidKeyException: IOException: Short read of DER length at sun.security.x509.X509Key.decode(X509Key.java:398) at sun.security.x509.X509Key.decode(X509Key.java:403) at sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:84) at sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:298) at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:201) ... 45 more
导致异常的原因通常有两种:第一,JDK加密算法问题,第二,秘钥内容自身问题。
JDK jar包问题
因为某些国家的进口管制限制,Java发布的运行环境包中的加解密有一定的限制。比如默认不允许256位密钥的AES加解密,解决方法就是修改策略文件。
下载与JDK或JRE对应版本的jce文件包,如jdk为1.8,所以下载 jce_policy-8.zip,官网下载地址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html
下载解压后,把jar文件上传到需要安装jce机器上JDK或JRE的security目录下,覆盖源文件即可。
JDK:将两个jar文件放到%JDK_HOME%\jre\lib\security下
JRE:将两个jar文件放到%JRE_HOME%\lib\security下
覆盖之前,记得备份源文件,以防万一。
秘钥问题 :
秘钥自身问题就比较多,比如秘钥是否处理注释部分。或者秘钥存储是否完整等等。
