From 456df222f24cea7d1d3d4f889384ff0ff0696e96 Mon Sep 17 00:00:00 2001
From: usbharu <i@usbharu.dev>
Date: Mon, 26 Aug 2024 13:32:00 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20=E8=A8=AD=E5=AE=9A=E3=83=95=E3=82=A1?=
 =?UTF-8?q?=E3=82=A4=E3=83=AB=E3=81=AE=E5=86=85=E5=AE=B9=E3=82=92=E8=87=AA?=
 =?UTF-8?q?=E5=8B=95=E7=9A=84=E3=81=AB=E7=94=9F=E6=88=90=E3=81=99=E3=82=8B?=
 =?UTF-8?q?=E3=82=88=E3=81=86=E3=81=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../hideout/core/config/SecurityConfig.kt     | 58 +++++++++++++++++--
 .../dev/usbharu/hideout/util/RsaUtil.kt       |  8 +++
 2 files changed, 60 insertions(+), 6 deletions(-)

diff --git a/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt b/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt
index 25f9690d..ff09cc39 100644
--- a/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt
+++ b/hideout-core/src/main/kotlin/dev/usbharu/hideout/core/config/SecurityConfig.kt
@@ -23,6 +23,7 @@ import com.nimbusds.jose.jwk.source.JWKSource
 import com.nimbusds.jose.proc.SecurityContext
 import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.HideoutUserDetails
 import dev.usbharu.hideout.util.RsaUtil
+import org.slf4j.LoggerFactory
 import org.springframework.boot.context.properties.ConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -50,6 +51,10 @@ import org.springframework.security.oauth2.server.authorization.token.JwtEncodin
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
+import java.security.KeyPairGenerator
+import java.security.interfaces.RSAPrivateKey
+import java.security.interfaces.RSAPublicKey
+import java.util.*
 
 @Configuration
 @EnableWebSecurity(debug = false)
@@ -126,17 +131,54 @@ class SecurityConfig {
     }
 
     @Bean
-    fun loadJwkSource(jwkConfig: JwkConfig): JWKSource<SecurityContext> {
-        val rsaKey = RSAKey.Builder(RsaUtil.decodeRsaPublicKey(jwkConfig.publicKey))
-            .privateKey(RsaUtil.decodeRsaPrivateKey(jwkConfig.privateKey)).keyID(jwkConfig.keyId).build()
+    fun loadJwkSource(jwkConfig: JwkConfig, applicationConfig: ApplicationConfig): JWKSource<SecurityContext> {
+
+        if (jwkConfig.keyId == null) {
+            logger.error("hideout.security.jwt.keyId is null.")
+        }
+        if (jwkConfig.publicKey == null) {
+            logger.error("hideout.security.jwt.publicKey is null.")
+        }
+        if (jwkConfig.privateKey == null) {
+            logger.error("hideout.security.jwt.privateKey is null.")
+        }
+        if (jwkConfig.keyId == null || jwkConfig.publicKey == null || jwkConfig.privateKey == null) {
+            val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
+            keyPairGenerator.initialize(applicationConfig.keySize)
+            val generateKeyPair = keyPairGenerator.generateKeyPair()
+
+            jwkConfig.keyId = UUID.randomUUID().toString()
+            jwkConfig.publicKey = RsaUtil.encodeRsaPublicKey(generateKeyPair.public as RSAPublicKey)
+            jwkConfig.privateKey = RsaUtil.encodeRsaPrivateKey(generateKeyPair.private as RSAPrivateKey)
+            logger.error("""
+                |==============
+                |==============
+                |
+                |**Write the following settings in application.yml**
+                |
+                |hideout:
+                |   security:
+                |       jwt:
+                |           keyId: ${jwkConfig.keyId}
+                |           publicKey: ${jwkConfig.publicKey}
+                |           privateKey: ${jwkConfig.privateKey}
+                |
+                |==============
+                |==============
+            """.trimMargin())
+        }
+
+
+        val rsaKey = RSAKey.Builder(RsaUtil.decodeRsaPublicKey(jwkConfig.publicKey!!))
+            .privateKey(RsaUtil.decodeRsaPrivateKey(jwkConfig.privateKey!!)).keyID(jwkConfig.keyId).build()
         return ImmutableJWKSet(JWKSet(rsaKey))
     }
 
     @ConfigurationProperties("hideout.security.jwt")
     data class JwkConfig(
-        val keyId: String,
-        val publicKey: String,
-        val privateKey: String,
+        var keyId: String?,
+        var publicKey: String?,
+        var privateKey: String?,
     )
 
     @Bean
@@ -195,4 +237,8 @@ class SecurityConfig {
 
         return roleHierarchyImpl
     }
+
+    companion object {
+        private val logger = LoggerFactory.getLogger(SecurityConfig::class.java)
+    }
 }
diff --git a/hideout-core/src/main/kotlin/dev/usbharu/hideout/util/RsaUtil.kt b/hideout-core/src/main/kotlin/dev/usbharu/hideout/util/RsaUtil.kt
index 56b20ac3..4af71576 100644
--- a/hideout-core/src/main/kotlin/dev/usbharu/hideout/util/RsaUtil.kt
+++ b/hideout-core/src/main/kotlin/dev/usbharu/hideout/util/RsaUtil.kt
@@ -44,4 +44,12 @@ object RsaUtil {
     }
 
     fun decodeRsaPrivateKey(encoded: String): RSAPrivateKey = decodeRsaPrivateKey(Base64Util.decode(encoded))
+
+    fun encodeRsaPublicKey(publicKey: RSAPublicKey): String {
+        return Base64Util.encode(publicKey.encoded)
+    }
+
+    fun encodeRsaPrivateKey(privateKey: RSAPrivateKey): String {
+        return Base64Util.encode(privateKey.encoded)
+    }
 }