'1'

jkt-service/src/main/java/com/miaxis/apple/service/impl/AppleServiceImpl.java

@@ -57,17 +57,16 @@ public class AppleServiceImpl  implements IAppleService {
         if (arr == null) {
             return false;
         }
-
-        JSONObject authKey = null;
-        //先取苹果第一个key进行校验
-        authKey = arr.getJSONObject(0);
-        if (verifyExc(jwt, authKey)) {
-            return true;
-        } else {
-            //再取第二个key校验
-            authKey = arr.getJSONObject(1);
-            return verifyExc(jwt, authKey);
+        for (int i=0; i < arr.size() ; i ++ ){
+            JSONObject authKey = null;
+            authKey = arr.getJSONObject(i);
+            if (verifyExc(jwt, authKey)) {
+                return true;
+            }
         }
+        return false;
+
+
 
     }
 
@@ -87,31 +86,40 @@ public class AppleServiceImpl  implements IAppleService {
 
         String aud = "";
         String sub = "";
+        String kid = "";
         if (jwt.split("\\.").length > 1) {
             System.out.println(jwt.split("\\.")[1]);
             String claim = new String(Base64.decodeBase64(jwt.split("\\.")[1]));
             aud = JSONObject.parseObject(claim).get("aud").toString();
             sub = JSONObject.parseObject(claim).get("sub").toString();
+            String firstClaim = new String(Base64.decodeBase64(jwt.split("\\.")[0]));
+            kid = JSONObject.parseObject(firstClaim).get("kid").toString();
         }
-        JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
-        jwtParser.requireIssuer("https://appleid.apple.com");
-        jwtParser.requireAudience(aud);
-        jwtParser.requireSubject(sub);
-
-        try {
-            Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
-            if (claim != null && claim.getBody().containsKey("auth_time")) {
-                System.out.println(claim);
-                return true;
-            }
-            return false;
-        } catch (ExpiredJwtException e) {
-            log.error("[AppleServiceImpl.verifyExc] [error] [apple identityToken expired]", e);
-            return false;
-        } catch (Exception e) {
-            log.error("[AppleServiceImpl.verifyExc] [error] [apple identityToken illegal]", e);
+        if (!kid.equals(authKey.getString("kid"))){
             return false;
         }
+
+
+            JwtParser jwtParser = Jwts.parser().setSigningKey(publicKey);
+            jwtParser.requireIssuer("https://appleid.apple.com");
+            jwtParser.requireAudience(aud);
+            jwtParser.requireSubject(sub);
+
+            try {
+                Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
+                if (claim != null && claim.getBody().containsKey("auth_time")) {
+                    System.out.println(claim);
+                    return true;
+                }
+                return false;
+            } catch (ExpiredJwtException e) {
+                log.error("[AppleServiceImpl.verifyExc] [error] [apple identityToken expired]", e);
+                return false;
+            } catch (Exception e) {
+                log.error("[AppleServiceImpl.verifyExc] [error] [apple identityToken illegal]", e);
+                return false;
+            }
+
     }