/** * Create a JWT for the given device id, signed with the given RSA private key. */private static String createJwtRS(String privateKeyFile, String audience, String deviceId, int tokenExpMinutes) throws JOSEException, IOException {
String keyString =Files.readString(Paths.get(privateKeyFile));JWK jwk =JWK.parseFromPEMEncodedObjects(keyString);RSAKey rsaKey =jwk.toRSAKey();JWTClaimsSet claimsSet =new JWTClaimsSet.Builder().subject(deviceId).audience(String.format("https://%s/devices/%s", audience, deviceId)).expirationTime(Date.from(Instant.now().plus(Duration.ofMinutes(tokenExpMinutes)))).issueTime(Date.from(Instant.now())).build();var header =new JWSHeader.Builder(JWSAlgorithm.RS256).build();SignedJWT signedJWT =newSignedJWT(header, claimsSet);JWSSigner signer =newRSASSASigner(rsaKey);signedJWT.sign(signer);returnsignedJWT.serialize();}
Using an EC Private Key
/** * Create a JWT for the given device id, signed with the given elliptic curve private key. */private static String createJwtES(String privateKeyFile, String audience, String deviceId, int tokenExpMinutes) throws JOSEException, IOException {
String keyString =Files.readString(Paths.get(privateKeyFile));JWK jwk =JWK.parseFromPEMEncodedObjects(keyString);ECKey ecKey =jwk.toECKey();JWTClaimsSet claimsSet =new JWTClaimsSet.Builder().subject(deviceId).audience(String.format("https://%s/devices/%s", audience, deviceId)).expirationTime(Date.from(Instant.now().plus(Duration.ofMinutes(tokenExpMinutes)))).issueTime(Date.from(Instant.now())).build();var header =new JWSHeader.Builder(JWSAlgorithm.ES256)//TODO if multiple certificates are in use, provide the fingerprint//.keyID(getFingerPrint(publicKeyPEM)).build();SignedJWT signedJWT =newSignedJWT(header, claimsSet);JWSSigner signer =newECDSASigner(ecKey);signedJWT.sign(signer);returnsignedJWT.serialize();}
