问题
I am using nimbus-jose-jwt 5.14 and I generated RSA key pair with the following code
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair keyPair = gen.generateKeyPair();
JWK jwk = new RSAKey.Builder((RSAPublicKey)keyPair.getPublic())
.privateKey((RSAPrivateKey)keyPair.getPrivate())
.keyUse(KeyUse.SIGNATURE)
.keyID(UUID.randomUUID().toString())
.build();
Now I need to expone some "metadata" about the public key:
- e
- kid
- kty
- n
- use
- x5c
How can I obtain x5c ? Is it possible to generate X509 certificate with this library? This field is null:
if (jwk.getX509CertChain() == null)
回答1:
You have generated a key pair, not a certificate. A certificate contains a public key but it is not derived from it, so you can't get a certificate directly from the public key.
To verify a JWT the recipient only needs the public key, so publishing the x5c is in fact unnecesary for this purpose
If you really want to publish a certificate, I suggest to generate it with OpenSSL and import the public key in your code to get the JWK parameters
openssl req -x509 -newkey rsa:2048 -keyout key.pem -days 365 -out certificate.pem
来源:https://stackoverflow.com/questions/56475619/generate-x5c-certificate-chain-from-jwk