set up jwt for identity

2024-11-25 00:32:05 +01:00
parent 2e8ea4c6a7
commit cb8875a754
5 changed files with 27 additions and 4 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -14,7 +14,7 @@ max_line_length = 1024
 indent_size = 2
 tab_width = 2

-[*.cer]
+[*.{cer,pem}]
 max_line_length = 64
 insert_final_newline = false

--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Classes and endpoints, to shape and to steer, Devices and sensors, their purpose
 | server.ssl.key-store          | *        | HTTP Keystore           |
 | server.ssl.key-store-type     | *        | HTTP Cert Type          |
 | server.ssl.key-store-password | **       | HTTP Cert Pass          |
+| jwt.public-key                | *        | JWT public key          |

 Required: * can be stored as text, and ** need to be stored as secret.

@@ -34,14 +35,18 @@ Run `release.sh` script from `master` branch.

 3. Generate Keystores
    ```shell
-    keytool -genkeypair -alias device-api -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=deviceapi" -keypass password -keystore ./certs/keystore.p12 -storetype PKCS12 -storepass password
+    keytool -genkeypair -alias device-api -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=deviceapi" -keypass password -keystore ./cert/keystore.p12 -storetype PKCS12 -storepass password
    ```

 4. Export the public certificate
    ```shell
-    keytool -export -alias device-api -keystore ./certs/keystore.p12 -storepass password -file ./certs/device-api.cer -rfc
+    keytool -export -alias device-api -keystore ./cert/keystore.p12 -storepass password -file ./cert/device-api.cer -rfc
    ```

+### Public RSA Key
+
+To validate devices, copy file named `public_key.pem` from `./cert` generated for local development in **Hlæja Device Register** in to `./cert`.
+
 ### Global gradle properties

 To authenticate with Gradle to access repositories that require authentication, you can set your user and token in the `gradle.properties` file.
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -7,11 +7,15 @@ plugins {
 }

 dependencies {
+    implementation(hlaeja.jjwt.api)
    implementation(hlaeja.kotlin.reflect)
    implementation(hlaeja.kotlinx.coroutines)
    implementation(hlaeja.org.springframework.springboot.actuator.starter)
    implementation(hlaeja.org.springframework.springboot.webflux.starter)

+    runtimeOnly(hlaeja.jjwt.impl)
+    runtimeOnly(hlaeja.jjwt.jackson)
+
    testImplementation(hlaeja.io.mockk)
    testImplementation(hlaeja.io.projectreactor.reactor.test)
    testImplementation(hlaeja.kotlin.test.junit5)
@@ -25,7 +29,7 @@ group = "ltd.hlaeja"

 tasks {
    named("processResources") {
-        dependsOn("copyKeystore")
+        dependsOn("copyKeystore", "copyPublicKey")
    }
    register<Copy>("copyKeystore") {
        group = "hlaeja"
@@ -33,4 +37,10 @@ tasks {
        into("${layout.buildDirectory.get()}/resources/main/cert")
        onlyIf { file("cert/keystore.p12").exists() }
    }
+    register<Copy>("copyPublicKey") {
+        group = "hlaeja"
+        from("cert/public_key.pem")
+        into("${layout.buildDirectory.get()}/resources/main/cert")
+        onlyIf { file("cert/public_key.pem").exists() }
+    }
 }
--- a/src/main/resources/META-INF/additional-spring-configuration-metadata.json
+++ b/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -19,6 +19,11 @@
      "name": "spring.application.build.os.version",
      "type": "java.lang.String",
      "description": "Application build os version."
+    },
+    {
+      "name": "jwt.public-key",
+      "type": "java.lang.String",
+      "description": "Jwt public key file."
    }
  ]
 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -10,6 +10,9 @@ spring:
        name: "%APP_BUILD_OS_NAME%"
        version: "%APP_BUILD_OS_VERSION%"

+jwt:
+  public-key: cert/public_key.pem
+
 ---
 ###############################
 ### Development environment ###