Generating jwt manually using JAVA, but jwt.io does not validate

Question

Generating jwt manually using JAVA, but jwt.io does not validate

Navigation

1

I'm trying to manually generate JWT in Java without using libs, but the returned JWT is not being validated by the link web application.

public String authenticateUser(String body) {
    try {
        String key = "teste-de-chave-hahaha";
        String header;
        String payload;
        String signature;

        //#################################
        HashMap<String, String> hashHeader = new HashMap<String, String>();
        hashHeader.put("typ", "JWT");
        hashHeader.put("alg", "HS256");
        System.out.println("hashHeader = " + hashHeader);

        JSONObject json = new JSONObject(hashHeader);
        System.out.println("hashHeader json = " + json);

        header = this.getBase64Parsed(json.toString());
        System.out.println("hashHeader json Base64 = " + header);

        //#################################
        HashMap<String, String> hashPayload = new HashMap<String, String>();
        hashPayload.put("iss", "sct.infogruposi.com");
        hashPayload.put("username", "brunokchimbo");
        hashPayload.put("email", "[email protected]");
        hashPayload.put("acl", "Administrador");
        System.out.println("hashPayload = " + hashPayload);

        json = new JSONObject(hashPayload);
        System.out.println("hashPayload json = " + json);

        payload = this.getBase64Parsed(json.toString());
        System.out.println("hashPayload json Base64 = " + payload);

        //#################################
        String token = header + "." + payload;
        String chave = this.getHmacSHA256Encrypted(token, key);
        System.out.println("signature hashHmacSHA256 = " + chave);

        signature = this.getBase64Parsed(chave);
        System.out.println("signature hashHmacSHA256 Base64 = " + signature);

        //#################################
        token = token + "." + signature;        
        System.out.println("token completo = " + token);

        return token;
    } catch(Exception ex) {
        ex.printStackTrace();
    } finally {
        return Response.status(Response.Status.FORBIDDEN).build().toString();
    }      
}

public String getHmacSHA256Encrypted(String value, String key) {
    return HmacUtils.hmacSha1Hex(key, value);
}

public String getBase64Parsed(String msg) {
    return Base64.getEncoder().withoutPadding().encodeToString(msg.getBytes());
}

This code generates JWT:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzY3QuaW5mb2dydXBvc2kuY29tIiwiYWNsIjoiQWRtaW5pc3RyYWRvciIsImVtYWlsIjoiYnJ1bm9rY2hpbWJvQGhvdG1haWwuY29tIiwidXNlcm5hbWUiOiJicnVub2tjaGltYm8ifQ.MmIwOGIxYTliM2Q4NjZhYjc1YmY1N2M4NjJmNTM0YmUzOWQ5NDJkYw

The procedure I'm doing is:

Visit the link site.

Fill in the "verify signature" field with the "hahaha-key-test" key.

Paste JWT into the "Encoded" field.

When performing this procedure with the information preloaded on the site, by default a message appears below stating that the key is valid, but when performing the procedure with the information generated by my java code, the signature is invalid.

What is the correct way to generate JWT?

java jwt sha-256

asked by anonymous 15.10.2018 / 19:17

0 answers

ngModel does not display dynamic field value send arduino integer with esp8266 to mysql