feat: kid,issuer,audを指定するように

This commit is contained in:
usbharu 2023-05-01 07:27:28 +09:00
parent ed00d741ff
commit 5d85eb0ca6
Signed by: usbharu
GPG Key ID: 6556747BF94EEBC8
2 changed files with 10 additions and 7 deletions

View File

@ -5,6 +5,7 @@ package dev.usbharu.hideout.plugins
import com.auth0.jwk.JwkProviderBuilder
import com.auth0.jwt.JWT
import com.auth0.jwt.algorithms.Algorithm
import dev.usbharu.hideout.config.Config
import dev.usbharu.hideout.domain.model.hideout.form.UserLogin
import dev.usbharu.hideout.property
import dev.usbharu.hideout.repository.IMetaRepository
@ -71,8 +72,9 @@ fun Application.configureSecurity(userAuthService: IUserAuthService, metaReposit
val keySpecPKCS8 = PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString))
val privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpecPKCS8)
val token = JWT.create()
// .withAudience(audience)
// .withIssuer(issuer)
.withAudience("${Config.configData.url}/users/${user.username}")
.withIssuer(issuer)
.withKeyId(metaRepository.get()?.jwt?.kid.toString())
.withClaim("username", user.username)
.withExpiresAt(Date(System.currentTimeMillis() + 60000))
.sign(Algorithm.RSA256(publicKey, privateKey as RSAPrivateKey))
@ -81,9 +83,10 @@ fun Application.configureSecurity(userAuthService: IUserAuthService, metaReposit
get("/.well-known/jwks.json") {
//language=JSON
val meta = requireNotNull(metaRepository.get())
call.respondText(
contentType = ContentType.Application.Json,
text = JsonWebKeyUtil.publicKeyToJwk(requireNotNull(metaRepository.get()).jwt.publicKey)
text = JsonWebKeyUtil.publicKeyToJwk(meta.jwt.publicKey,meta.jwt.kid.toString())
)
}
}

View File

@ -8,16 +8,16 @@ import java.util.*
object JsonWebKeyUtil {
fun publicKeyToJwk(publicKey: String): String {
fun publicKeyToJwk(publicKey: String,kid:String): String {
val x509EncodedKeySpec = X509EncodedKeySpec(Base64.getDecoder().decode(publicKey))
val generatePublic = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec)
return publicKeyToJwk(generatePublic as RSAPublicKey)
return publicKeyToJwk(generatePublic as RSAPublicKey,kid)
}
fun publicKeyToJwk(publicKey: RSAPublicKey): String {
fun publicKeyToJwk(publicKey: RSAPublicKey,kid:String): String {
val e = encodeBase64UInt(publicKey.publicExponent)
val n = encodeBase64UInt(publicKey.modulus)
return """{"keys":[{"e":"$e","n":"$n","use":"sig","kty":"RSA"}]}"""
return """{"keys":[{"e":"$e","n":"$n","use":"sig","kid":"$kid","kty":"RSA"}]}"""
}
private fun encodeBase64UInt(bigInteger: BigInteger, minLength: Int = -1): String {