Kotlinã§å…¬é–‹éµæš—å·æ–¹å¼ã®éµã‚’æ‰±ã†ã¨ãã®å‚™å¿˜éŒ²ã¨ã‹JWTã®ç”Ÿæˆã¨ã‹

ç›®çš„

Kotlinã§JWTã‚’ç”Ÿæˆã—ãŸã„ã€‚

å®Ÿéš›ã¯Ktorã§ã‚µãƒ¼ãƒãƒ¼æ›¸ã„ã¦JWTè¿”ã™å‡¦ç†ã‚’æ›¸ã„ãŸã‘ã©ã€ãã“ã¯å‰²æ„›ã€‚

æº–å‚™

opensslã§ç§˜å¯†éµã®ç”Ÿæˆã€‚

$ openssl genrsa -out private.key 2048

Javaã®PKCS8EncodedKeySpecã§ç§˜å¯†éµã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œã‚‹ã®ã«ç§˜å¯†éµã‚’ PKCS 8 å½¢å¼ã«ã—ã¦ãŠãã€‚

$ openssl pkcs8 -in private.key -topk8 -nocrypt -out private.key.pk8

å…¬é–‹éµã¯ç‰¹åˆ¥ãªã“ã¨ã¯ã›ãšä½œæˆã€‚

$ openssl rsa -in private.key -pubout -out public.key

éµã€ã©ã†ã‚„ã£ã¦æ‰±ãŠã†

éµãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãã®ã¾ã¾æ‰±ã†ã®ã¯æ£ç›´é¢å€’ãªã®ã§ã€ç’°å¢ƒå¤‰æ•°ã«æ ¼ç´ã—ã¦æ‰±ã„ãŸã„ã€‚

ãŸã ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®å†…å®¹ã‚’ãã®ã¾ã¾ç’°å¢ƒå¤‰æ•°ã«å…¥ã‚Œã‚ˆã†ã¨ã—ã¦ã‚‚æ”¹è¡ŒãŒå…¥ã£ã¦ã„ã‚‹ã®ã§ãã®ã¾ã¾æ‰±ã†ã®ã¯é¿ã‘ãŸã„ã€‚

æ‰±ãˆãªã„ã‚ã‘ã§ã¯ãªã„ã‘ã©ã€æ”¹è¡Œã‚³ãƒ¼ãƒ‰ã®æ‰±ã„ã ã£ãŸã‚ŠDotenvã®ã‚¢ãƒ¬ã‚³ãƒ¬ã§ãƒãƒžã‚‹ã®ã‚‚å«Œãªã®ã§æ”¹è¡Œãªã—ã®æ–‡å—åˆ—ã¨ã—ã¦æ‰±ãˆã‚‹ã‚ˆã†ã«ã—ã¦ã—ã¾ã†ã€‚

ä»¥ä¸‹ã®ã‚ˆã†ãªæ„Ÿã˜ã§ã‚½ã‚¤ãƒ¤ã£ã¨Base64 ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¡ã‚ƒã†ã€‚ã§ã€ãã‚Œã‚’ç’°å¢ƒå¤‰æ•°ã ã£ãŸã‚Š.envã«è¨å®šã™ã‚‹ã€‚

ãã‚‚ãã‚‚éµã®ä¸èº«è‡ªä½“Base64 ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•ã‚Œã¦ã„ã¦ãƒžãƒˆãƒªãƒ§ãƒ¼ã‚·ã‚«æ„Ÿã‚ã‚‹ã‘ã©ã‚½ãƒ¬ã¯ã‚½ãƒ¬ã€‚

$ base64 -i private.key.pk8
$ base64 -i public.key

ä½œã£ãŸéµã‚’ä½¿ã£ã¦JWTã‚’ç”Ÿæˆã™ã‚‹

auth0/java-jwt: Java implementation of JSON Web Token (JWT)

éµã®æ–‡å—åˆ—ã‹ã‚‰ãã‚Œãžã‚Œã®KeySpecã‚’ã¤ãã‚‹ã¨ã“ã‚ã¯ã€ãã®ã¾ã¾ä»¥ä¸‹ã®ãƒ–ãƒã‚°ã‚’å‚è€ƒã«ã—ãŸã€‚

Kotlinã§PEMå½¢å¼ã®å…¬é–‹éµæš—å·ãƒšã‚¢ã‚’æ‰±ã†

PemReader.readFirstSectionAndClose ã‚’ä½¿ã„ãŸã„ãŒãŸã‚ã«ä»¥ä¸‹ã‚’å…¥ã‚Œã¦ã—ã¾ã£ã¦ã„ã‚‹ã®ã§ã€æ°—ã«ãªã‚‹äººã¯è‡ªåˆ†ã§æ›¸ã„ã¦ã‚‚è‰¯ã„ã¨æ€ã†ã€‚

googleapis/google-http-java-client: Google HTTP Client Library for Java

    private val dotenv = dotenv { ignoreIfMissing = true }
    private val privateKeyString = Base64.getDecoder().decode(dotenv.get("RSA_PRIVATE_KEY")).decodeToString()
    private val publicKeyString = Base64.getDecoder().decode(dotenv.get("RSA_PUBLIC_KEY")).decodeToString()

    private val keyFactory: KeyFactory = KeyFactory.getInstance("RSA")
    private val privateKey = keyFactory.generatePrivate(privateKeyString.fromPKCS8toKeySpec()) as RSAPrivateKey
    private val publicKey = keyFactory.generatePublic(publicKeyString.fromX509toKeySpec()) as RSAPublicKey
     private val algorithm: Algorithm = Algorithm.RSA256(publicKey, privateKey)

    fun create(contract: PostContract): String {
        return JWT.create()
            .withIssuer("hogehoge")
            .withExpiresAt(Date.from(ZonedDateTime.now(ZoneOffset.UTC).plusDays(1L).toInstant()))
            .withIssuedAt(Date.from(ZonedDateTime.now(ZoneOffset.UTC).toInstant()))
            .sign(algorithm)
    }

    private fun String.fromPKCS8toKeySpec(): PKCS8EncodedKeySpec {
        return PKCS8EncodedKeySpec(PemReader.readFirstSectionAndClose(StringReader(this)).base64DecodedBytes)
    }

    private fun String.fromX509toKeySpec(): X509EncodedKeySpec {
        return X509EncodedKeySpec(PemReader.readFirstSectionAndClose(StringReader(this)).base64DecodedBytes)
    }

ç›®çš„

æº–å‚™

éµã€ã©ã†ã‚„ã£ã¦æ‰±ãŠã†

ä½œã£ãŸéµã‚’ä½¿ã£ã¦JWTã‚’ç”Ÿæˆã™ã‚‹

éµã€ã©ã†ã‚„ã£ã¦æ‰±ãŠã†

ä½œã£ãŸéµã‚’ä½¿ã£ã¦JWTã‚’ç”Ÿæˆã™ã‚‹