我在 Azure 门户免费订阅上获得了一个访问令牌，标题是：

{

  "typ": "JWT",

  "alg": "RS256",

  "x5t": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw",

  "kid": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw"

}

所以我从这里得到 x5c ，然后放

-----开始证书----- MIIDBTCCAe......cNpO9oReBUsX -----结束证书-----

    ze7xq1zGljQihJgcNpO9oReBUsX

在https://jwt.io/ 中，签名已验证。

但是，当我尝试使用 jjwt 和 jose4j 使用 JDK1.8 验证签名时，按照此参考中的步骤，我在线上得到以下异常

PublicKey publicKey = keyFactory.generatePublic(keySpec);

java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)

at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:204)

at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:352)

at com.ipscape.api.v1_0.external.other.JwtExample.decodeJwt(JwtExample.java:41)

at com.ipscape.api.v1_0.external.other.JwtExample.main(JwtExample.java:72)

Caused by: java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)

at java.base/sun.security.x509.X509Key.decode(X509Key.java:396)

at java.base/sun.security.x509.X509Key.decode(X509Key.java:401)

at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:86)

at java.base/sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:297)

at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:200)

使用 jose4j 的代码：

    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyPEM.getBytes()));

    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    PublicKey publicKey = keyFactory.generatePublic(keySpec);

    JwtConsumer jwtConsumer = new JwtConsumerBuilder()

        .setRequireExpirationTime()

        .setVerificationKey(publicKey)

        .build();