从字符串到java.security.PublicKey对象gaves我非法字符

Question

我有这样的方法：

public static PublicKey getKey(String key){ 
    try{ 
     byte[] byteKey = Base64.getDecoder().decode(key.getBytes()); 
     X509EncodedKeySpec X509publicKey = new X509EncodedKeySpec(byteKey); 
     KeyFactory kf = KeyFactory.getInstance("RSA"); 

     return kf.generatePublic(X509publicKey); 
    } 
    catch(Exception e){ 
     e.printStackTrace(); 
    } 

     return null; 
    } 
} 

这应该（从Salesforce public key endpointñ财产的人在这个JSON）转换的公共密钥。在我的钥匙应该是孩子208，但是：

getKey("pTSWJvy04hAU7ev7wmaTvpwHsEbseuPl0AlwoxPHnmoOIMATRT0eTqYpLJxDp4BHRFxDTrcUKHKVHGIAVut_-l6nkEI6ALOVW9C5PP9bXwqeHJ5tiGA6AMpaY1LsJJOd2lgExr0LHUPF2TtO4LOVmlptyGPTRSWhmRpPSc5bjGFsyTFr78WmeixjEts9icAUCiBDdpwVw9qVdjJPsufyimqp8os5htm-DB_qKsnRwABVSQRKLw2y7Mr7NP31R07Mpr108dLS5Et8tKnFoiX0MHf5BbA50NG3DtyT27nSa14T0IvSWYJQhxPWXYtuXkVldpbZZn8E2B1VpcDXXGnSPXoPstE9BU7w1RaF31UeEsE8sWDFdHgJMUYMfWjxVhdJB_NaVUt7v0X9QPffXcFPWKUUeVx0g_ONMz0bB_HltFSODWJeAvcZXk14u4sjpKXNIiK8dJzMe0Qn10m5nIdVtxzXfKHiDNobX1dMENDplhDMVk1eYS9x8dh90qt68Q59vKusm6iMjSaXtzwMfqJBwNck41e9Pie2m_cdSu-RIq1u3FScGkezzqNvIuzcse2y-6ApHkkaFMVsNw3CbD87LtVgNusuom38UVC1rS0LeLYFinU3hnFwvB1UCv1_0Cs8CmrOmdifqd25aZIDf5p8f3kowq3QY1mNtdQc9-HgZ3k"); 

返回我一个错误：

java.lang.IllegalArgumentException: Illegal base64 character 5f at java.util.Base64$Decoder.decode0(Base64.java:714) at java.util.Base64$Decoder.decode(Base64.java:526) at testJwt.testJwt.App.getKey(App.java:52) at testJwt.testJwt.App.main(App.java:76)

我能做些什么？我做错了什么？

Answer 1

您拥有的数据不是完整的RSA公钥，而只是模数或“n”值。 “e”值是公钥的另一部分。这里是代码片段来说明它。

import java.math.BigInteger; 
import java.security.KeyFactory; 
import java.security.PublicKey; 
import java.security.spec.RSAPublicKeySpec; 
import java.util.Base64; 

public class Main { 

    public static void main(String[] args) throws Exception { 
     String jsonN = "pTSWJvy04hAU7ev7wmaTvpwHsEbseuPl0AlwoxPHnmoOIMATRT0eTqYpLJxDp4BHRFxDTrcUKHKVHGIA" + 
       "Vut_-l6nkEI6ALOVW9C5PP9bXwqeHJ5tiGA6AMpaY1LsJJOd2lgExr0LHUPF2TtO4LOVmlptyGPTRSWhmRpPSc5" + 
       "bjGFsyTFr78WmeixjEts9icAUCiBDdpwVw9qVdjJPsufyimqp8os5htm-DB_qKsnRwABVSQRKLw2y7Mr7NP31R0" + 
       "7Mpr108dLS5Et8tKnFoiX0MHf5BbA50NG3DtyT27nSa14T0IvSWYJQhxPWXYtuXkVldpbZZn8E2B1VpcDXXGnSP" + 
       "XoPstE9BU7w1RaF31UeEsE8sWDFdHgJMUYMfWjxVhdJB_NaVUt7v0X9QPffXcFPWKUUeVx0g_ONMz0bB_HltFSO" + 
       "DWJeAvcZXk14u4sjpKXNIiK8dJzMe0Qn10m5nIdVtxzXfKHiDNobX1dMENDplhDMVk1eYS9x8dh90qt68Q59vKu" + 
       "sm6iMjSaXtzwMfqJBwNck41e9Pie2m_cdSu-RIq1u3FScGkezzqNvIuzcse2y-6ApHkkaFMVsNw3CbD87LtVgNu" + 
       "suom38UVC1rS0LeLYFinU3hnFwvB1UCv1_0Cs8CmrOmdifqd25aZIDf5p8f3kowq3QY1mNtdQc9-HgZ3k"; 
     String jsonE = "AQAB"; 

     byte [] nBytes = Base64.getUrlDecoder().decode(jsonN); 
     byte [] eBytes = Base64.getUrlDecoder().decode(jsonE); 

     BigInteger n = new BigInteger(1, nBytes); // need to use the sign-magnitude constructor 
     BigInteger e = new BigInteger(1, eBytes); 

     RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(n, e); 
     KeyFactory rsaKeyFactory = KeyFactory.getInstance("RSA"); 
     PublicKey rsaPub = rsaKeyFactory.generatePublic(rsaPublicKeySpec); 
     System.out.println(rsaPub); 
    } 
} 

而不是手动做这件事，我会寻找一个库，已经这样做，虽然库建议是在stackoverflow脱离主题。

Answer 2

您似乎在Base64字符串中有_和-（而不是/和+）。然后它是URL安全编码Base64：

Base64.getUrlDecoder().decode(key.getBytes())