chore: SSL 적용방식, DBMS별 배포를 위한 ntri.zip스크립트 및 yml 수정

2 years ago · 5699b59418
parent 8f2c84eed0
commit 5699b59418
5 changed files with 64 additions and 14 deletions
--- a/REF/deploy/ntri.zip
+++ b/REF/deploy/ntri.zip
--- a/build.gradle
+++ b/build.gradle
@ -43,11 +43,14 @@ dependencies {
    implementation 'org.apache.commons:commons-io:1.3.2'

    /*====================================================================================
-    * oracle library
-    *  TODO: "java.sql.SQLException: 지원되지 않는 문자 집합(클래스 경로에 orai18n.jar 추가): KO16MSWIN949" 에러 발생 시 추가
+    * jdbc library
    ====================================================================================*/
+    implementation 'org.mariadb.jdbc:mariadb-java-client:2.7.5'
+    implementation 'mysql:mysql-connector-java:8.0.30'
+    //TODO: "java.sql.SQLException: 지원되지 않는 문자 집합(클래스 경로에 orai18n.jar 추가): KO16MSWIN949" 에러 발생 시 추가
    implementation 'com.oracle.ojdbc:orai18n:19.3.0.0'

+
    /*====================================================================================
    * external library
    ====================================================================================*/
@ -76,9 +79,9 @@ dependencies {
 //        }
 //    }
 //}
-ext{
+ext {
    index = '1'
-    string ="gradleString"
+    string = "gradleString"
 }
 ext.profile = (!project.hasProperty('profile') || !profile) ? 'dev' : profile
 ext.springProfilesActive = System.properties['spring.profiles.active']
--- a/src/main/resources-env/prod/application-prod.yml
+++ b/src/main/resources-env/prod/application-prod.yml
@ -4,7 +4,7 @@ app:
    recv:
      interface:
        environment:
-          ERR_Z000001DCP_1741000NIS_0001 :
+          ERR_1741000NIS_Z000001LGE_0001 :
            name: '부과결과정보(실시간)'
            url: '/recv/levy/result'
          ERR_1741000NIS_Z000001LGE_0002:
@ -36,15 +36,24 @@ server:
  #   : OpenSSL Download(https://sourceforge.net/projects/openssl)
  #   : Generate SSL Cert(https://deeplify.dev/back-end/spring/tomcat-openssl)
  #  -.Command
-  #   : openssl req -config ./openssl.cnf -x509 -sha256 -nodes -newkey rsa:2048 -keyout private.key -out public.pem -days 3650
-  #   : openssl pkcs12 -export -inKey private.key -in public.pem -name alias_name -out certificate.p12
+  #   1. openssl req -config ./openssl.cnf -x509 -sha256 -nodes -newkey rsa:2048 -keyout private.key -out public.pem -days 3650
+  #   2. openssl pkcs12 -export -inKey private.key -in public.pem -name alias_name -out certificate.p12
+  #  -.Command-2
+  #   1.서버개인키(private key) 생성
+  #    : openssl genrsa -out server.key 2048  //2048비트 길이의 개인키 생성
+  #   2.인증서 세부정보 파일 생성, "-config" 옵션은 생략가능
+  #    : openssl req -new -key server.key -out server.csr -config ./openssl.cnf  //openssl.cnf 를 참조하여 인증서신청서 생성
+  #   3.서버인증서 생성
+  #    : openssl req -new -x509 -days 3650 -in server.csr -key server.key -out server.crt  //서버인증서 발급
  #====================================================================
  ssl:
    enabled: ${app.ssl.enabled:true}
-    key-alias: ${app.ssl.key-alias:alias_name}
-    key-store: ${app.ssl.key-store:classpath:ssl/cert/certificate.p12}
-    key-store-type: ${app.ssl.key-store-type:PKCS12}
-    key-store-password: ${app.ssl.key-store-password:xit5811807}
+    #key-alias: ${app.ssl.key-alias:alias_name}
+    #key-store: ${app.ssl.key-store:classpath}
+    #key-store-type: ${app.ssl.key-store-type}
+    #key-store-password: ${app.ssl.key-store-password}
+    certificate-private-key: ${app.ssl.private-key}
+    certificate: ${app.ssl.cert}

 spring:
  config:
@ -62,7 +71,8 @@ spring:
    init:
      continue-on-error: false  # ???? ? SQL ?? ?? ? ???? ??
  jpa:
-    database-platform: org.hibernate.dialect.Oracle10gDialect
+    # Oracle: Oracle10gDialect, Maria: MariaDB106Dialect, Mysql: MySQL5InnoDBDialect
+    database-platform: org.hibernate.dialect.${app.datasource.platform:Oracle10gDialect}
    hibernate:
      ddl-auto: update  # create / create-drop / update / validate / none
    properties:
@ -71,8 +81,9 @@ spring:
        use_sql_comments: true
    show-sql: true
  datasource:
-    driver-class-name: oracle.jdbc.OracleDriver
-    url: jdbc:oracle:thin:@${app.datasource.ip:211.119.124.117}:${app.datasource.port:1521}:${app.datasource.sid:ora11g}
+    driver-class-name: ${app.datasource.driver:oracle.jdbc.OracleDriver}
+#    url: jdbc:oracle:thin:@${app.datasource.ip:211.119.124.117}:${app.datasource.port:1521}:${app.datasource.sid:ora11g}
+    url: ${app.datasource.url:'jdbc:oracle:thin:@211.119.124.117:1521:ora11g'}
    username: ${app.datasource.username:xit_traffic}
    password: ${app.datasource.password:traffic5}
    hikari:
--- a/src/main/resources/ssl/bin/conf/openssl-sample.cnf
+++ b/src/main/resources/ssl/bin/conf/openssl-sample.cnf
@ -0,0 +1,36 @@
+[ req ]
+default_bits            = 2048
+default_md              = sha1
+default_keyfile         = private.key
+distinguished_name      = req_distinguished_name
+extensions              = v3_ca
+req_extensions          = v3_ca
+
+[ v3_ca ]
+basicConstraints       = critical, CA:TRUE, pathlen:0
+subjectKeyIdentifier   = hash
+##authorityKeyIdentifier = keyid:always, issuer:always
+keyUsage               = keyCertSign, cRLSign
+nsCertType             = sslCA, emailCA, objCA
+[req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = KR
+countryName_min                 = 2
+countryName_max                 = 2
+
+# 회사명 입력
+organizationName              = Organization Name (eg, company)
+organizationName_default      = XIT Co.
+
+# 부서 입력
+organizationalUnitName          = Organizational Unit Name (eg, section)
+organizationalUnitName_default  = Tech Support Team
+
+# SSL 서비스할 domain 명 입력
+commonName                      = Common Name (eg, your name or your servers hostname)
+#commonName_default              = indienote Self Signed CA
+commonName_default              = www.xit-ntri.co.kr
+commonName_max                  = 64
+
+# 이메일주소
+emailAddress_default	= minkyu1128@xit.co.kr
--- a/src/main/resources/ssl/cert/certificate.p12
+++ b/src/main/resources/ssl/cert/certificate.p12