Java 时间戳解析失败
我正在开发一个SpringMVC应用程序,为此我正在开发一个密码重置程序。在这种情况下,我将发送一个手动创建的令牌,该令牌将emailid:timestamp:secretkey加密为令牌。在验证令牌时,它在验证时间时失败,该时间的计算时间小于24小时。我正在发布我的代码。请让我知道我做错了什么: 服务级别:Java 时间戳解析失败,java,datetime,Java,Datetime,我正在开发一个SpringMVC应用程序,为此我正在开发一个密码重置程序。在这种情况下,我将发送一个手动创建的令牌,该令牌将emailid:timestamp:secretkey加密为令牌。在验证令牌时,它在验证时间时失败,该时间的计算时间小于24小时。我正在发布我的代码。请让我知道我做错了什么: 服务级别: @Service public class PersonServiceImpl implements PersonService { private static final S
@Service
public class PersonServiceImpl implements PersonService {
private static final String HMAC_ALGO = "HmacSHA256";
private static final String TOKEN_SEPARATOR = ":";
private static final long MAX_AGE = 1_000 * 60 * 60 * 24; // 24h
private static final String signKey = "secretvalue";
@Override
public void createToken(String username){
long timestamp = System.currentTimeMillis();
StringBuilder sb = new StringBuilder();
sb.append(generateTokenStringPublicPart(username, timestamp));
sb.append(TOKEN_SEPARATOR);
try {
sb.append(computeSignature(username, timestamp, signKey));
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
private static String generateTokenStringPublicPart(String username, long timestamp) {
StringBuilder sb = new StringBuilder();
sb.append(username);
sb.append(TOKEN_SEPARATOR);
sb.append(timestamp);
return sb.toString();
}
private static String computeSignature(String username, long timestamp, String secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
StringBuilder sb = new StringBuilder();
sb.append(generateTokenStringPublicPart(username, timestamp));
SecretKeySpec sks = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), HMAC_ALGO);
Mac hmac = Mac.getInstance(HMAC_ALGO);
hmac.init(sks);
return Base64.encodeBase64URLSafeString(hmac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8)));
}
public static boolean verifyToken(String token) throws InvalidKeyException, NoSuchAlgorithmException {
String[] parts = token.split(TOKEN_SEPARATOR);
boolean result = false;
if (parts.length == 3) {
String username = parts[0];
System.out.println("username in verify token is"+username);
Long timestamp = Long.valueOf(parts[1]);
System.out.println("Current timestamp of token is"+timestamp);
String signature = parts[2];
if (signature.equals(computeSignature(username, timestamp, signKey))) {
if (System.currentTimeMillis() - timestamp < MAX_AGE) { // It fails here
result = true;
}else {
System.out.println("Timestamp remaining is"+(System.currentTimeMillis() - timestamp));
System.out.println("Time verificaiton failed");
}
}
else {
System.out.println("Signature is not equal");
}
} else{
System.out.println("Token parts are not 3"+parts.length);
}
return result;
}
问题在于Java中的乘法/除法运算是在加/减之前完成的 尝试:
请从调试代码开始,只发布相关部分。您好,我只发布了相关部分,您认为哪部分不相关?您的令牌确实过期了吗?从上面看,173238774<86400000失败,您进入了其他部分?所有内容都超出了verifyToken和该部分的输入字符串function@almasshaikh我想你是对的,意思是他的问题在于创建标记我不明白你为什么认为它会起作用,以及你投的是谁+1因为加法/减法的优先级高于布尔比较器,所以你的解决方案是正确的。我重新启动了服务器,令牌因此失效。非常感谢你。@Akshay,那是不可能的sense@JordiCastilla我认为他之所以做对是因为服务器重启,而不是因为你给出的答案
Token value is mymail@gmail.com:1416659092440:MUYLhJS24EIQv5f-Ak7TXyzWKZSjSFKjcmJkJx2SVew
username in verify token is mymail@gmail.com
Current timestamp of token is 1416659092440
Timestamp remaining is 173238774
Time verificaiton failed
Token verification failed
if ((System.currentTimeMillis() - timestamp) < MAX_AGE) {
private static final long MAX_AGE = 1000 * 60 * 60 * 24; // 24h