diff --git a/build.gradle b/build.gradle index 03c56f755..33aee63a6 100644 --- a/build.gradle +++ b/build.gradle @@ -63,9 +63,9 @@ dependencies { implementation 'org.mybatis.spring.boot:mybatis-spring-boot-starter:2.2.2' implementation 'com.netflix.graphql.dgs:graphql-dgs-spring-boot-starter:4.9.21' implementation 'org.flywaydb:flyway-core' - implementation 'io.jsonwebtoken:jjwt-api:0.11.2' - runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2', - 'io.jsonwebtoken:jjwt-jackson:0.11.2' + implementation 'io.jsonwebtoken:jjwt-api:0.12.6' + runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6', + 'io.jsonwebtoken:jjwt-jackson:0.12.6' implementation 'joda-time:joda-time:2.10.13' implementation 'org.xerial:sqlite-jdbc:3.36.0.3' diff --git a/src/main/java/io/spring/infrastructure/service/DefaultJwtService.java b/src/main/java/io/spring/infrastructure/service/DefaultJwtService.java index 515d66106..f83659e62 100644 --- a/src/main/java/io/spring/infrastructure/service/DefaultJwtService.java +++ b/src/main/java/io/spring/infrastructure/service/DefaultJwtService.java @@ -3,9 +3,9 @@ import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.SignatureAlgorithm; import io.spring.core.service.JwtService; import io.spring.core.user.User; +import java.util.Arrays; import java.util.Date; import java.util.Optional; import javax.crypto.SecretKey; @@ -17,32 +17,33 @@ @Component public class DefaultJwtService implements JwtService { private final SecretKey signingKey; - private final SignatureAlgorithm signatureAlgorithm; private int sessionTime; @Autowired public DefaultJwtService( @Value("${jwt.secret}") String secret, @Value("${jwt.sessionTime}") int sessionTime) { this.sessionTime = sessionTime; - signatureAlgorithm = SignatureAlgorithm.HS512; - this.signingKey = new SecretKeySpec(secret.getBytes(), signatureAlgorithm.getJcaName()); + byte[] keyBytes = secret.getBytes(); + if (keyBytes.length < 64) { + keyBytes = Arrays.copyOf(keyBytes, 64); + } + this.signingKey = new SecretKeySpec(keyBytes, "HmacSHA512"); } @Override public String toToken(User user) { return Jwts.builder() - .setSubject(user.getId()) - .setExpiration(expireTimeFromNow()) - .signWith(signingKey) + .subject(user.getId()) + .expiration(expireTimeFromNow()) + .signWith(signingKey, Jwts.SIG.HS512) .compact(); } @Override public Optional getSubFromToken(String token) { try { - Jws claimsJws = - Jwts.parserBuilder().setSigningKey(signingKey).build().parseClaimsJws(token); - return Optional.ofNullable(claimsJws.getBody().getSubject()); + Jws claimsJws = Jwts.parser().verifyWith(signingKey).build().parseSignedClaims(token); + return Optional.ofNullable(claimsJws.getPayload().getSubject()); } catch (Exception e) { return Optional.empty(); }