Skip to content

Commit

Permalink
Move ssh keys into dedicated files
Browse files Browse the repository at this point in the history
  • Loading branch information
@Brutus5000
Brutus5000 committed Mar 1, 2020
1 parent dcc4470 commit 3728ec8
Show file tree
Hide file tree
Showing 13 changed files with 80 additions and 69 deletions.
10 changes: 9 additions & 1 deletion .idea/compiler.xml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 0 additions & 17 deletions .idea/runConfigurations/FafApiApplication.xml
View file

This file was deleted.

33 changes: 2 additions & 31 deletions src/inttest/resources/config/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,39 +21,10 @@ spring:
mail:
host: false


faf-api:
jwt:
secretKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAzTpJ/ytBu3dih41bEqRnchNfkyCigIWDHrbBa+0Szw853Oew
LJ1Zwe5wh9L8nxWD7f+pVDg5dAKXAJabmx6vuXhJjekIxrHTIRdxebO2norhAK/Q
OuOZ4NKinShpWwyLgmPcJZaKq1TNtVm7No/3CQK5XugDJ5NG2c1RNEAdk3pk2EkB
lhhObJW2vUY+KmJ+4ndwZKeyJD4CTr4sJK7cWRf2Ht2RWq6omFlsnQiPGyO9/VYo
YQz3fVTiXdf4+xg6toBaVvult0YPS5/jm611RrsMwLM4ZpWkUlytxR/N8/oLb9rD
nO9+OQZDpIsKfNd3ZAqg/wZTHIcb474UHjUTiQIDAQABAoIBAQCMuO1IZNbbvs72
97x9GfI8zH/6mKQU0HfKNbKHWLZO+LfKe6vXy8ViLydGWywRwWUHawkm0K7El4oH
Qz5LrUz9NjfpcOMtq32D8VlEBDCyobQLDoMP/kTjXktWzAECB6YZsHOh6ooHVU0A
jxjKHwlbSlzlcN3I4znv2tNVqqkdF9Gbg7wUmN9n0qpj+7kDtkixJy3jm9YLxKCS
pNZ1UUjGKtVgl/1871slNUtANHj/xCnkYrOncrIXf472pEeSxBU5JlI4fILcyTtG
B9btuYBk7Z239TWDEZTqIyst0QGteNRsjE+gkB9WV1ra9JPPWDiBYye4qqaIs3al
jd3lkMApAoGBAP+i1aJ/c8XV18eTMYLmQZRnkjrkxyQMhJ/x+6tow6p6A16lDwHh
tRoyQk0XdTpQegu+YtdBXSRk6zNzE2njWEVOMK4/Zqt5a1yMSE/8MMQVler1ChdF
PWhZCPb+CfKm1RHXpFMsmBZx+7MumLQwjCtZfQl8YMt34gfVcXRSZ50DAoGBAM2F
FVrTTUVaGv6zjdO7K+5eUj0VRR2nGId5nIWqouQryJaizeBZfWatjDYVbl0qHFy2
QnHA+3UEsVWOkJG90rZcP4UWcDy86e5T/3FR2Xfy3kW10Gfe6hrjjbjYflleD5Qg
uZ9ovk/TZjTjvMWisNBSW1FILz9SMLWHoCFPGOmDAoGBANKRb4X1lAiOt7n13d+k
CLrUgVgvoHVqNkiFi7dKiXnAHUx1i6ISKBoW8hQMUYyiQ5Wu0j3a4n0a/74WeRRM
pyYXXPP613hBgJTwHJR9+DFcUmwCQbifWRC93iuNX+ZXU8Tpqrq0TeaXJywWIsSy
BJOkl+EbaaPP8Qhg4Z5eTmi/AoGBAMzSDyA/acjuLe0cwQH8jaG3+rnJkuIkf3u0
pVtJXaGMSRJnGkq2pRVJbG0SGrVanH2BXuLDc1eB38HmnQnCZlc7xEo8vIqrs2/D
4tXqvpKeRwquUg7Sx/kYQ0uu5uzloxz7KENIPjKL+lZHiQBmTVSwXzW4fO3cWZLw
oZPQooFFAoGBAMVvhsOmlpwyyS9s/CVIMirvLQEuEIIS5fMcnmCmu8P49ZZ7YSVf
2OJOSGj+lWkEMf2qOW7kYl303GrESeJ36KmLbDthnH+p6RSq5NzN5CAucffA0tsa
keX0a6YHVu9doUPhUFJdbgg8FIL1FVEJROQckMAiDcYg2mFXmtaVTjqX
-----END RSA PRIVATE KEY-----
publicKey: |-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNOkn/K0G7d2KHjVsSpGdyE1+TIKKAhYMetsFr7RLPDznc57AsnVnB7nCH0vyfFYPt/6lUODl0ApcAlpubHq+5eEmN6QjGsdMhF3F5s7aeiuEAr9A645ng0qKdKGlbDIuCY9wlloqrVM21Wbs2j/cJArle6AMnk0bZzVE0QB2TemTYSQGWGE5slba9Rj4qYn7id3Bkp7IkPgJOviwkrtxZF/Ye3ZFarqiYWWydCI8bI739VihhDPd9VOJd1/j7GDq2gFpW+6W3Rg9Ln+ObrXVGuwzAszhmlaRSXK3FH83z+gtv2sOc7345BkOkiwp813dkCqD/BlMchxvjvhQeNROJ [email protected]
secret-key-path: test-pki-private.key
public-key-path: test-pki-public.key
map:
target-directory: "build/cache/map/maps"
directory-preview-path-small: "build/cache/map_previews/small"
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/com/faforever/api/config/FafApiProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ public static class Jwt {
/**
* The secret used for JWT token generation.
*/
private String secretKey;
private String publicKey;
private Path secretKeyPath;
private Path publicKeyPath;
private int accessTokenValiditySeconds = 3600;
private int refreshTokenValiditySeconds = 3600;
}
Expand Down
12 changes: 9 additions & 3 deletions src/main/java/com/faforever/api/config/security/oauth2/OAuthJwtConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import java.io.IOException;
import java.nio.file.Files;

@Configuration
public class OAuthJwtConfig {

Expand All @@ -35,10 +38,13 @@ public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
}

@Bean
protected JwtAccessTokenConverter jwtAccessTokenConverter() {
protected JwtAccessTokenConverter jwtAccessTokenConverter() throws IOException {
String secretKey = Files.readString(fafApiProperties.getJwt().getSecretKeyPath());
String publicKey = Files.readString(fafApiProperties.getJwt().getPublicKeyPath());

JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
jwtAccessTokenConverter.setSigningKey(fafApiProperties.getJwt().getSecretKey());
jwtAccessTokenConverter.setVerifierKey(fafApiProperties.getJwt().getPublicKey());
jwtAccessTokenConverter.setSigningKey(secretKey);
jwtAccessTokenConverter.setVerifierKey(publicKey);
((DefaultAccessTokenConverter) jwtAccessTokenConverter.getAccessTokenConverter()).setUserTokenConverter(new FafUserAuthenticationConverter());
return jwtAccessTokenConverter;
}
Expand Down
11 changes: 8 additions & 3 deletions src/main/java/com/faforever/api/security/FafTokenService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
import org.springframework.util.Assert;

import javax.validation.constraints.NotNull;
import java.io.IOException;
import java.nio.file.Files;
import java.text.MessageFormat;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
Expand All @@ -32,10 +34,13 @@ public class FafTokenService {
private final RsaSigner rsaSigner;
private final RsaVerifier rsaVerifier;

public FafTokenService(ObjectMapper objectMapper, FafApiProperties properties) {
public FafTokenService(ObjectMapper objectMapper, FafApiProperties properties) throws IOException {
String secretKey = Files.readString(properties.getJwt().getSecretKeyPath());
String publicKey = Files.readString(properties.getJwt().getPublicKeyPath());

this.objectMapper = objectMapper;
this.rsaSigner = new RsaSigner(properties.getJwt().getSecretKey());
this.rsaVerifier = new RsaVerifier(properties.getJwt().getPublicKey());
this.rsaSigner = new RsaSigner(secretKey);
this.rsaVerifier = new RsaVerifier(publicKey);
}

/**
Expand Down
10 changes: 7 additions & 3 deletions src/main/java/com/faforever/api/security/JwtService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

import javax.inject.Inject;
import java.io.IOException;
import java.nio.file.Files;

@Service
public class JwtService {
Expand All @@ -18,9 +19,12 @@ public class JwtService {
private final ObjectMapper objectMapper;

@Inject
public JwtService(FafApiProperties fafApiProperties, ObjectMapper objectMapper) {
this.rsaSigner = new RsaSigner(fafApiProperties.getJwt().getSecretKey());
this.rsaVerifier = new RsaVerifier(fafApiProperties.getJwt().getPublicKey());
public JwtService(FafApiProperties fafApiProperties, ObjectMapper objectMapper) throws IOException {
String secretKey = Files.readString(fafApiProperties.getJwt().getSecretKeyPath());
String publicKey = Files.readString(fafApiProperties.getJwt().getPublicKeyPath());

this.rsaSigner = new RsaSigner(secretKey);
this.rsaVerifier = new RsaVerifier(publicKey);
this.objectMapper = objectMapper;
}

Expand Down
3 changes: 2 additions & 1 deletion src/main/resources/config/application-dev.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
faf-api:
version: dev
jwt:
secret: ${JWT_SECRET:banana}
secretKeyPath: ${JWT_PRIVATE_KEY_PATH:test-pki-private.key}
publicKeyPath: ${JWT_PUBLIC_KEY_PATH:test-pki-public.key}
map:
target-directory: ${MAP_UPLOAD_PATH:build/cache/map/maps}
directory-preview-path-small: ${MAP_PREVIEW_PATH_SMALL:build/cache/map_previews/small}
Expand Down
3 changes: 2 additions & 1 deletion src/main/resources/config/application-prod.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
faf-api:
jwt:
secret: ${JWT_SECRET}
secretKeyPath: ${JWT_PRIVATE_KEY_PATH}
publicKeyPath: ${JWT_PUBLIC_KEY_PATH}
map:
target-directory: ${MAP_UPLOAD_PATH}
directory-preview-path-small: ${MAP_PREVIEW_PATH_SMALL}
Expand Down
17 changes: 11 additions & 6 deletions src/test/java/com/faforever/api/security/FafTokenServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import org.springframework.security.jwt.crypto.sign.RsaSigner;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;

import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.Duration;
import java.util.Collections;
import java.util.Map;
Expand Down Expand Up @@ -65,19 +67,22 @@ public class FafTokenServiceTest {
private ObjectMapper objectMapper;
private FafTokenService instance;

public FafTokenServiceTest() {
this.rsaSigner = new RsaSigner(TEST_SECRET_KEY);
this.rsaVerifier = new RsaVerifier(TEST_PUBLIC_KEY);
public FafTokenServiceTest() throws Exception {
String privateKey = Files.readString(Paths.get("test-pki-private.key"));
String publicKey = Files.readString(Paths.get("test-pki-public.key"));

this.rsaSigner = new RsaSigner(privateKey);
this.rsaVerifier = new RsaVerifier(publicKey);
}

@BeforeEach
public void setUp() {
public void setUp() throws Exception {
objectMapper = new ObjectMapper();
objectMapper.registerModule(new JavaTimeModule());

FafApiProperties properties = new FafApiProperties();
properties.getJwt().setSecretKey(TEST_SECRET_KEY);
properties.getJwt().setPublicKey(TEST_PUBLIC_KEY);
properties.getJwt().setSecretKeyPath(Paths.get("test-pki-private.key"));
properties.getJwt().setPublicKeyPath(Paths.get("test-pki-public.key"));

instance = new FafTokenService(objectMapper, properties);
}
Expand Down
1 change: 0 additions & 1 deletion src/test/java/com/faforever/api/user/UserServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ private static User createUser(int id, String name, String password, String emai
@BeforeEach
public void setUp() {
properties = new FafApiProperties();
properties.getJwt().setSecretKey(TEST_SECRET);
properties.getLinkToSteam().setSteamRedirectUrlFormat("%s");
instance = new UserService(emailService, playerRepository, userRepository, nameRecordRepository, properties, anopeUserRepository, fafTokenService, steamService, Optional.of(mauticService), globalRatingRepository, ladder1v1RatingRepository);
}
Expand Down
27 changes: 27 additions & 0 deletions test-pki-private.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAzTpJ/ytBu3dih41bEqRnchNfkyCigIWDHrbBa+0Szw853Oew
LJ1Zwe5wh9L8nxWD7f+pVDg5dAKXAJabmx6vuXhJjekIxrHTIRdxebO2norhAK/Q
OuOZ4NKinShpWwyLgmPcJZaKq1TNtVm7No/3CQK5XugDJ5NG2c1RNEAdk3pk2EkB
lhhObJW2vUY+KmJ+4ndwZKeyJD4CTr4sJK7cWRf2Ht2RWq6omFlsnQiPGyO9/VYo
YQz3fVTiXdf4+xg6toBaVvult0YPS5/jm611RrsMwLM4ZpWkUlytxR/N8/oLb9rD
nO9+OQZDpIsKfNd3ZAqg/wZTHIcb474UHjUTiQIDAQABAoIBAQCMuO1IZNbbvs72
97x9GfI8zH/6mKQU0HfKNbKHWLZO+LfKe6vXy8ViLydGWywRwWUHawkm0K7El4oH
Qz5LrUz9NjfpcOMtq32D8VlEBDCyobQLDoMP/kTjXktWzAECB6YZsHOh6ooHVU0A
jxjKHwlbSlzlcN3I4znv2tNVqqkdF9Gbg7wUmN9n0qpj+7kDtkixJy3jm9YLxKCS
pNZ1UUjGKtVgl/1871slNUtANHj/xCnkYrOncrIXf472pEeSxBU5JlI4fILcyTtG
B9btuYBk7Z239TWDEZTqIyst0QGteNRsjE+gkB9WV1ra9JPPWDiBYye4qqaIs3al
jd3lkMApAoGBAP+i1aJ/c8XV18eTMYLmQZRnkjrkxyQMhJ/x+6tow6p6A16lDwHh
tRoyQk0XdTpQegu+YtdBXSRk6zNzE2njWEVOMK4/Zqt5a1yMSE/8MMQVler1ChdF
PWhZCPb+CfKm1RHXpFMsmBZx+7MumLQwjCtZfQl8YMt34gfVcXRSZ50DAoGBAM2F
FVrTTUVaGv6zjdO7K+5eUj0VRR2nGId5nIWqouQryJaizeBZfWatjDYVbl0qHFy2
QnHA+3UEsVWOkJG90rZcP4UWcDy86e5T/3FR2Xfy3kW10Gfe6hrjjbjYflleD5Qg
uZ9ovk/TZjTjvMWisNBSW1FILz9SMLWHoCFPGOmDAoGBANKRb4X1lAiOt7n13d+k
CLrUgVgvoHVqNkiFi7dKiXnAHUx1i6ISKBoW8hQMUYyiQ5Wu0j3a4n0a/74WeRRM
pyYXXPP613hBgJTwHJR9+DFcUmwCQbifWRC93iuNX+ZXU8Tpqrq0TeaXJywWIsSy
BJOkl+EbaaPP8Qhg4Z5eTmi/AoGBAMzSDyA/acjuLe0cwQH8jaG3+rnJkuIkf3u0
pVtJXaGMSRJnGkq2pRVJbG0SGrVanH2BXuLDc1eB38HmnQnCZlc7xEo8vIqrs2/D
4tXqvpKeRwquUg7Sx/kYQ0uu5uzloxz7KENIPjKL+lZHiQBmTVSwXzW4fO3cWZLw
oZPQooFFAoGBAMVvhsOmlpwyyS9s/CVIMirvLQEuEIIS5fMcnmCmu8P49ZZ7YSVf
2OJOSGj+lWkEMf2qOW7kYl303GrESeJ36KmLbDthnH+p6RSq5NzN5CAucffA0tsa
keX0a6YHVu9doUPhUFJdbgg8FIL1FVEJROQckMAiDcYg2mFXmtaVTjqX
-----END RSA PRIVATE KEY-----
1 change: 1 addition & 0 deletions test-pki-public.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNOkn/K0G7d2KHjVsSpGdyE1+TIKKAhYMetsFr7RLPDznc57AsnVnB7nCH0vyfFYPt/6lUODl0ApcAlpubHq+5eEmN6QjGsdMhF3F5s7aeiuEAr9A645ng0qKdKGlbDIuCY9wlloqrVM21Wbs2j/cJArle6AMnk0bZzVE0QB2TemTYSQGWGE5slba9Rj4qYn7id3Bkp7IkPgJOviwkrtxZF/Ye3ZFarqiYWWydCI8bI739VihhDPd9VOJd1/j7GDq2gFpW+6W3Rg9Ln+ObrXVGuwzAszhmlaRSXK3FH83z+gtv2sOc7345BkOkiwp813dkCqD/BlMchxvjvhQeNROJ [email protected]

0 comments on commit 3728ec8

Please sign in to comment.