feat: kid,issuer,audを指定するように

This commit is contained in:
usbharu 2023-05-01 07:27:28 +09:00
parent 638915230b
commit f153ca85f3
2 changed files with 10 additions and 7 deletions

View File

@ -5,6 +5,7 @@ package dev.usbharu.hideout.plugins
import com.auth0.jwk.JwkProviderBuilder import com.auth0.jwk.JwkProviderBuilder
import com.auth0.jwt.JWT import com.auth0.jwt.JWT
import com.auth0.jwt.algorithms.Algorithm import com.auth0.jwt.algorithms.Algorithm
import dev.usbharu.hideout.config.Config
import dev.usbharu.hideout.domain.model.hideout.form.UserLogin import dev.usbharu.hideout.domain.model.hideout.form.UserLogin
import dev.usbharu.hideout.property import dev.usbharu.hideout.property
import dev.usbharu.hideout.repository.IMetaRepository import dev.usbharu.hideout.repository.IMetaRepository
@ -71,8 +72,9 @@ fun Application.configureSecurity(userAuthService: IUserAuthService, metaReposit
val keySpecPKCS8 = PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString)) val keySpecPKCS8 = PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString))
val privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpecPKCS8) val privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpecPKCS8)
val token = JWT.create() val token = JWT.create()
// .withAudience(audience) .withAudience("${Config.configData.url}/users/${user.username}")
// .withIssuer(issuer) .withIssuer(issuer)
.withKeyId(metaRepository.get()?.jwt?.kid.toString())
.withClaim("username", user.username) .withClaim("username", user.username)
.withExpiresAt(Date(System.currentTimeMillis() + 60000)) .withExpiresAt(Date(System.currentTimeMillis() + 60000))
.sign(Algorithm.RSA256(publicKey, privateKey as RSAPrivateKey)) .sign(Algorithm.RSA256(publicKey, privateKey as RSAPrivateKey))
@ -81,9 +83,10 @@ fun Application.configureSecurity(userAuthService: IUserAuthService, metaReposit
get("/.well-known/jwks.json") { get("/.well-known/jwks.json") {
//language=JSON //language=JSON
val meta = requireNotNull(metaRepository.get())
call.respondText( call.respondText(
contentType = ContentType.Application.Json, contentType = ContentType.Application.Json,
text = JsonWebKeyUtil.publicKeyToJwk(requireNotNull(metaRepository.get()).jwt.publicKey) text = JsonWebKeyUtil.publicKeyToJwk(meta.jwt.publicKey,meta.jwt.kid.toString())
) )
} }
} }

View File

@ -8,16 +8,16 @@ import java.util.*
object JsonWebKeyUtil { object JsonWebKeyUtil {
fun publicKeyToJwk(publicKey: String): String { fun publicKeyToJwk(publicKey: String,kid:String): String {
val x509EncodedKeySpec = X509EncodedKeySpec(Base64.getDecoder().decode(publicKey)) val x509EncodedKeySpec = X509EncodedKeySpec(Base64.getDecoder().decode(publicKey))
val generatePublic = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) val generatePublic = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec)
return publicKeyToJwk(generatePublic as RSAPublicKey) return publicKeyToJwk(generatePublic as RSAPublicKey,kid)
} }
fun publicKeyToJwk(publicKey: RSAPublicKey): String { fun publicKeyToJwk(publicKey: RSAPublicKey,kid:String): String {
val e = encodeBase64UInt(publicKey.publicExponent) val e = encodeBase64UInt(publicKey.publicExponent)
val n = encodeBase64UInt(publicKey.modulus) val n = encodeBase64UInt(publicKey.modulus)
return """{"keys":[{"e":"$e","n":"$n","use":"sig","kty":"RSA"}]}""" return """{"keys":[{"e":"$e","n":"$n","use":"sig","kid":"$kid","kty":"RSA"}]}"""
} }
private fun encodeBase64UInt(bigInteger: BigInteger, minLength: Int = -1): String { private fun encodeBase64UInt(bigInteger: BigInteger, minLength: Int = -1): String {