set up jwt for identity

.editorconfig

@@ -14,7 +14,7 @@ max_line_length = 1024
 indent_size = 2
 tab_width = 2
 
-[*.cer]
+[*.{cer,pem}]
 max_line_length = 64
 insert_final_newline = false
 

README.md

@@ -12,6 +12,7 @@ Classes and endpoints, to shape and to steer, Devices and sensors, their purpose
 | server.ssl.key-store          | *        | HTTP Keystore           |
 | server.ssl.key-store-type     | *        | HTTP Cert Type          |
 | server.ssl.key-store-password | **       | HTTP Cert Pass          |
+| jwt.public-key                | *        | JWT public key          |
 
 Required: * can be stored as text, and ** need to be stored as secret.
 
@@ -34,14 +35,18 @@ Run `release.sh` script from `master` branch.
 
 3. Generate Keystores
     ```shell
-    keytool -genkeypair -alias device-api -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=deviceapi" -keypass password -keystore ./certs/keystore.p12 -storetype PKCS12 -storepass password
+    keytool -genkeypair -alias device-api -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=deviceapi" -keypass password -keystore ./cert/keystore.p12 -storetype PKCS12 -storepass password
     ```
 
 4. Export the public certificate
     ```shell
-    keytool -export -alias device-api -keystore ./certs/keystore.p12 -storepass password -file ./certs/device-api.cer -rfc
+    keytool -export -alias device-api -keystore ./cert/keystore.p12 -storepass password -file ./cert/device-api.cer -rfc
     ```
 
+### Public RSA Key
+
+To validate devices, copy file named `public_key.pem` from `./cert` generated for local development in **Hlæja Device Register** in to `./cert`.
+
 ### Global gradle properties
 
 To authenticate with Gradle to access repositories that require authentication, you can set your user and token in the `gradle.properties` file.

build.gradle.kts

@@ -7,11 +7,15 @@ plugins {
 }
 
 dependencies {
+    implementation(hlaeja.jjwt.api)
     implementation(hlaeja.kotlin.reflect)
     implementation(hlaeja.kotlinx.coroutines)
     implementation(hlaeja.org.springframework.springboot.actuator.starter)
     implementation(hlaeja.org.springframework.springboot.webflux.starter)
 
+    runtimeOnly(hlaeja.jjwt.impl)
+    runtimeOnly(hlaeja.jjwt.jackson)
+
     testImplementation(hlaeja.io.mockk)
     testImplementation(hlaeja.io.projectreactor.reactor.test)
     testImplementation(hlaeja.kotlin.test.junit5)
@@ -25,7 +29,7 @@ group = "ltd.hlaeja"
 
 tasks {
     named("processResources") {
-        dependsOn("copyKeystore")
+        dependsOn("copyKeystore", "copyPublicKey")
     }
     register<Copy>("copyKeystore") {
         group = "hlaeja"
@@ -33,4 +37,10 @@ tasks {
         into("${layout.buildDirectory.get()}/resources/main/cert")
         onlyIf { file("cert/keystore.p12").exists() }
     }
+    register<Copy>("copyPublicKey") {
+        group = "hlaeja"
+        from("cert/public_key.pem")
+        into("${layout.buildDirectory.get()}/resources/main/cert")
+        onlyIf { file("cert/public_key.pem").exists() }
+    }
 }

src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -19,6 +19,11 @@
       "name": "spring.application.build.os.version",
       "type": "java.lang.String",
       "description": "Application build os version."
+    },
+    {
+      "name": "jwt.public-key",
+      "type": "java.lang.String",
+      "description": "Jwt public key file."
     }
   ]
 }

src/main/resources/application.yml

@@ -10,6 +10,9 @@ spring:
         name: "%APP_BUILD_OS_NAME%"
         version: "%APP_BUILD_OS_VERSION%"
 
+jwt:
+  public-key: cert/public_key.pem
+
 ---
 ###############################
 ### Development environment ###