I have a token in the form of a string and I downloaded the public cert and created a public key out of it as follows.
But I'm not sure how proceed for verification with just this much info.
I found solutions for C# and .NET but not for Java.
Please note I don't have the jks file or private key.
FileInputStream fin = new FileInputStream("d://public.crt");
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate)f.generateCertificate(fin);
PublicKey pk = certificate.getPublicKey();
解决方案
To verify a JWT in Java using Auth0 library (com.auth0:java-jwt):
Retrieve the algorithm the key has been signed with, for example:
// Load your public key from a file
final PublicKey ecdsa256PublicKey = getPublicKey(...);
final Algorithm algorithm = Algorithm.ECDSA256((ECPublicKey) ecdsa256PublicKey, null);
Verify its signature using the corresponding algorithm:
final DecodedJWT decodedJWT = JWT.decode("J.W.T[...]");
// Will throw a SignatureVerificationException if the token's signature is invalid
algorithm.verify(decodedJWT);