mirror of https://github.com/usbharu/Hideout.git
feat: 設定ファイルの内容を自動的に生成するように
This commit is contained in:
parent
e054e47453
commit
456df222f2
GPG Key ID:
8CB1087135660B8D
|
|
@ -23,6 +23,7 @@ import com.nimbusds.jose.jwk.source.JWKSource
|
||||||
import com.nimbusds.jose.proc.SecurityContext
|
import com.nimbusds.jose.proc.SecurityContext
|
||||||
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.HideoutUserDetails
|
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.HideoutUserDetails
|
||||||
import dev.usbharu.hideout.util.RsaUtil
|
import dev.usbharu.hideout.util.RsaUtil
|
||||||
|
import org.slf4j.LoggerFactory
|
||||||
import org.springframework.boot.context.properties.ConfigurationProperties
|
import org.springframework.boot.context.properties.ConfigurationProperties
|
||||||
import org.springframework.context.annotation.Bean
|
import org.springframework.context.annotation.Bean
|
||||||
import org.springframework.context.annotation.Configuration
|
import org.springframework.context.annotation.Configuration
|
||||||
|
|
@ -50,6 +51,10 @@ import org.springframework.security.oauth2.server.authorization.token.JwtEncodin
|
||||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
|
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer
|
||||||
import org.springframework.security.web.SecurityFilterChain
|
import org.springframework.security.web.SecurityFilterChain
|
||||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
|
||||||
|
import java.security.KeyPairGenerator
|
||||||
|
import java.security.interfaces.RSAPrivateKey
|
||||||
|
import java.security.interfaces.RSAPublicKey
|
||||||
|
import java.util.*
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity(debug = false)
|
@EnableWebSecurity(debug = false)
|
||||||
|
|
@ -126,17 +131,54 @@ class SecurityConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
fun loadJwkSource(jwkConfig: JwkConfig): JWKSource<SecurityContext> {
|
fun loadJwkSource(jwkConfig: JwkConfig, applicationConfig: ApplicationConfig): JWKSource<SecurityContext> {
|
||||||
val rsaKey = RSAKey.Builder(RsaUtil.decodeRsaPublicKey(jwkConfig.publicKey))
|
|
||||||
.privateKey(RsaUtil.decodeRsaPrivateKey(jwkConfig.privateKey)).keyID(jwkConfig.keyId).build()
|
if (jwkConfig.keyId == null) {
|
||||||
|
logger.error("hideout.security.jwt.keyId is null.")
|
||||||
|
}
|
||||||
|
if (jwkConfig.publicKey == null) {
|
||||||
|
logger.error("hideout.security.jwt.publicKey is null.")
|
||||||
|
}
|
||||||
|
if (jwkConfig.privateKey == null) {
|
||||||
|
logger.error("hideout.security.jwt.privateKey is null.")
|
||||||
|
}
|
||||||
|
if (jwkConfig.keyId == null || jwkConfig.publicKey == null || jwkConfig.privateKey == null) {
|
||||||
|
val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
|
||||||
|
keyPairGenerator.initialize(applicationConfig.keySize)
|
||||||
|
val generateKeyPair = keyPairGenerator.generateKeyPair()
|
||||||
|
|
||||||
|
jwkConfig.keyId = UUID.randomUUID().toString()
|
||||||
|
jwkConfig.publicKey = RsaUtil.encodeRsaPublicKey(generateKeyPair.public as RSAPublicKey)
|
||||||
|
jwkConfig.privateKey = RsaUtil.encodeRsaPrivateKey(generateKeyPair.private as RSAPrivateKey)
|
||||||
|
logger.error("""
|
||||||
|
|==============
|
||||||
|
|==============
|
||||||
|
|
|
||||||
|
|**Write the following settings in application.yml**
|
||||||
|
|
|
||||||
|
|hideout:
|
||||||
|
| security:
|
||||||
|
| jwt:
|
||||||
|
| keyId: ${jwkConfig.keyId}
|
||||||
|
| publicKey: ${jwkConfig.publicKey}
|
||||||
|
| privateKey: ${jwkConfig.privateKey}
|
||||||
|
|
|
||||||
|
|==============
|
||||||
|
|==============
|
||||||
|
""".trimMargin())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
val rsaKey = RSAKey.Builder(RsaUtil.decodeRsaPublicKey(jwkConfig.publicKey!!))
|
||||||
|
.privateKey(RsaUtil.decodeRsaPrivateKey(jwkConfig.privateKey!!)).keyID(jwkConfig.keyId).build()
|
||||||
return ImmutableJWKSet(JWKSet(rsaKey))
|
return ImmutableJWKSet(JWKSet(rsaKey))
|
||||||
}
|
}
|
||||||
|
|
||||||
@ConfigurationProperties("hideout.security.jwt")
|
@ConfigurationProperties("hideout.security.jwt")
|
||||||
data class JwkConfig(
|
data class JwkConfig(
|
||||||
val keyId: String,
|
var keyId: String?,
|
||||||
val publicKey: String,
|
var publicKey: String?,
|
||||||
val privateKey: String,
|
var privateKey: String?,
|
||||||
)
|
)
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
@ -195,4 +237,8 @@ class SecurityConfig {
|
||||||
|
|
||||||
return roleHierarchyImpl
|
return roleHierarchyImpl
|
||||||
}
|
}
|
||||||
|
|
||||||
|
companion object {
|
||||||
|
private val logger = LoggerFactory.getLogger(SecurityConfig::class.java)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,4 +44,12 @@ object RsaUtil {
|
||||||
}
|
}
|
||||||
|
|
||||||
fun decodeRsaPrivateKey(encoded: String): RSAPrivateKey = decodeRsaPrivateKey(Base64Util.decode(encoded))
|
fun decodeRsaPrivateKey(encoded: String): RSAPrivateKey = decodeRsaPrivateKey(Base64Util.decode(encoded))
|
||||||
|
|
||||||
|
fun encodeRsaPublicKey(publicKey: RSAPublicKey): String {
|
||||||
|
return Base64Util.encode(publicKey.encoded)
|
||||||
|
}
|
||||||
|
|
||||||
|
fun encodeRsaPrivateKey(privateKey: RSAPrivateKey): String {
|
||||||
|
return Base64Util.encode(privateKey.encoded)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue