feat: kid,issuer,audを指定するように

2023-05-01 07:27:28 +09:00 · 2023-05-01 07:27:28 +09:00 · f153ca85f3
parent 638915230b
commit f153ca85f3
2 changed files with 10 additions and 7 deletions
--- a/src/main/kotlin/dev/usbharu/hideout/plugins/Security.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/plugins/Security.kt
@ -5,6 +5,7 @@ package dev.usbharu.hideout.plugins
 import com.auth0.jwk.JwkProviderBuilder
 import com.auth0.jwt.JWT
 import com.auth0.jwt.algorithms.Algorithm
+import dev.usbharu.hideout.config.Config
 import dev.usbharu.hideout.domain.model.hideout.form.UserLogin
 import dev.usbharu.hideout.property
 import dev.usbharu.hideout.repository.IMetaRepository
@ -71,8 +72,9 @@ fun Application.configureSecurity(userAuthService: IUserAuthService, metaReposit
            val keySpecPKCS8 = PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString))
            val privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpecPKCS8)
            val token = JWT.create()
-//                .withAudience(audience)
-//                .withIssuer(issuer)
+                .withAudience("${Config.configData.url}/users/${user.username}")
+                .withIssuer(issuer)
+                .withKeyId(metaRepository.get()?.jwt?.kid.toString())
                .withClaim("username", user.username)
                .withExpiresAt(Date(System.currentTimeMillis() + 60000))
                .sign(Algorithm.RSA256(publicKey, privateKey as RSAPrivateKey))
@ -81,9 +83,10 @@ fun Application.configureSecurity(userAuthService: IUserAuthService, metaReposit

        get("/.well-known/jwks.json") {
            //language=JSON
+            val meta = requireNotNull(metaRepository.get())
            call.respondText(
                contentType = ContentType.Application.Json,
-                text = JsonWebKeyUtil.publicKeyToJwk(requireNotNull(metaRepository.get()).jwt.publicKey)
+                text = JsonWebKeyUtil.publicKeyToJwk(meta.jwt.publicKey,meta.jwt.kid.toString())
            )
        }
    }
--- a/src/main/kotlin/dev/usbharu/hideout/util/JsonWebKeyUtil.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/util/JsonWebKeyUtil.kt
@ -8,16 +8,16 @@ import java.util.*

 object JsonWebKeyUtil {

-    fun publicKeyToJwk(publicKey: String): String {
+    fun publicKeyToJwk(publicKey: String,kid:String): String {
        val x509EncodedKeySpec = X509EncodedKeySpec(Base64.getDecoder().decode(publicKey))
        val generatePublic = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec)
-        return publicKeyToJwk(generatePublic as RSAPublicKey)
+        return publicKeyToJwk(generatePublic as RSAPublicKey,kid)
    }

-    fun publicKeyToJwk(publicKey: RSAPublicKey): String {
+    fun publicKeyToJwk(publicKey: RSAPublicKey,kid:String): String {
        val e = encodeBase64UInt(publicKey.publicExponent)
        val n = encodeBase64UInt(publicKey.modulus)
-        return """{"keys":[{"e":"$e","n":"$n","use":"sig","kty":"RSA"}]}"""
+        return """{"keys":[{"e":"$e","n":"$n","use":"sig","kid":"$kid","kty":"RSA"}]}"""
    }

    private fun encodeBase64UInt(bigInteger: BigInteger, minLength: Int = -1): String {