feat: 설정값 암호화 적용

3 years ago · b138b0abcd
parent c15dda6b60
commit b138b0abcd
7 changed files with 101 additions and 10 deletions
--- a/build.gradle
+++ b/build.gradle
@ -83,6 +83,7 @@ dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    implementation 'org.springframework.boot:spring-boot-starter-jdbc'
    implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.3'
    // spring-boot 2.3 까지는 사용 불가 -  spring-boot-starter-web에 포함되어 있다
    // hibernate-validator:5.2.4.Final 사용
--- a/src/main/java/com/xit/core/config/support/JasyptConfig.java
+++ b/src/main/java/com/xit/core/config/support/JasyptConfig.java
@ -0,0 +1,29 @@
 package com.xit.core.config.support;
 import org.jasypt.encryption.StringEncryptor;
 import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
 import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@Configuration
 public class JasyptConfig {
    @Bean(name = "jasyptStringEncryptor")
    public StringEncryptor stringEncryptor() {
        String key = "xit_jasypt_key";
        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        config.setPassword(key); // 암호화할 때 사용하는 키
        config.setAlgorithm("PBEWithMD5AndDES"); // 암호화 알고리즘
        config.setKeyObtentionIterations("1000"); // 반복할 해싱 회수
        config.setPoolSize("1"); // 인스턴스 pool
        config.setProviderName("SunJCE");
        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator"); // salt 생성 클래스
        config.setStringOutputType("base64"); //인코딩 방식
        encryptor.setConfig(config);
        return encryptor;
    }
 }
--- a/src/main/java/com/xit/core/init/XitFrameworkApplicationCommandLineRunner.java
+++ b/src/main/java/com/xit/core/init/XitFrameworkApplicationCommandLineRunner.java
@ -1,6 +1,7 @@
 package com.xit.core.init;
 import lombok.extern.slf4j.Slf4j;
 import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
@ -22,10 +23,27 @@ public class XitFrameworkApplicationCommandLineRunner implements CommandLineRunn
        log.info("XitFrameworkApplicationCommandLineRunner Args: " + Arrays.toString(args));
        log.info("=====================================================================================");
-        System.out.println(new BCryptPasswordEncoder().encode("gnadmin"));
+        //System.out.println(new BCryptPasswordEncoder().encode("gnadmin"));
        //System.out.println(new SCryptPasswordEncoder().encode("gnadmin"));
        //System.out.println(new DelegatingPasswordEncoder().encode("gnadmin", ""));
-        System.out.println(new Pbkdf2PasswordEncoder().encode("gnadmin"));
+        //System.out.println(new Pbkdf2PasswordEncoder().encode("gnadmin"));
        String url = "jdbc:oracle:thin:@211.119.124.118:1521:bustms";
        String username = "traffic";
        String password = "xhdgkq0";
        System.out.println(jasyptEncoding(url));
        System.out.println(jasyptEncoding(username));
        System.out.println(jasyptEncoding(password));
    }
    private String jasyptEncoding(String value) {
        String key = "xit_jasypt_key";
        StandardPBEStringEncryptor pbeEnc = new StandardPBEStringEncryptor();
        pbeEnc.setAlgorithm("PBEWithMD5AndDES");
        pbeEnc.setPassword(key);
        return pbeEnc.encrypt(value);
    }
 }
--- a/src/main/resources/config/application-dev.yml
+++ b/src/main/resources/config/application-dev.yml
@ -18,16 +18,19 @@ spring:
  # ==================================================================================================================
  datasource:
    driver-class-name: oracle.jdbc.OracleDriver
-    url: jdbc:oracle:thin:@211.119.124.118:1521:bustms
+#    url: jdbc:oracle:thin:@211.119.124.118:1521:bustms
-    username: traffic
+#    username: traffic
-    password: xhdgkq0
+#    password: xhdgkq0
    url: ENC(Du4NMmmioRvKPEusb8MiTTvNaXVoTItupOvD6qDhkeJv8vJKgdQuYR1pfx6EiejdZxw42ihrilk=)
    username: ENC(MtR2JPkVe/qAf4+4ov5Oaw==)
    password: ENC(6DJ2lcMsftlVjv1Ddc4d2w==)
    hikari:
      driver-class-name: ${spring.datasource.driver-class-name}
      jdbc-url: ${spring.datasource.url}
      password: ${spring.datasource.password}
      username: ${spring.datasource.username}
      read-only: false
-      
+  
  # ==================================================================================================================
  # JPA setting
  # ==================================================================================================================
--- a/src/main/resources/config/application.yml
+++ b/src/main/resources/config/application.yml
@ -127,6 +127,10 @@ spring:
  devtools:
    livereload:
      enabled: true
  jasypt:
    encryptor:
      bean: jasyptStringEncryptor
  # ==================================================================================================================
  # spring-doc setting
--- a/src/main/resources/logback-spring.xml
+++ b/src/main/resources/logback-spring.xml
@ -4,12 +4,12 @@
    <springProfile name="local">
-        <property name="LOG_PATH" value="/data/xit/logs"/>
+<!--        <property name="LOG_PATH" value="/data/xit/logs"/>-->
-<!--        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>-->
+        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>
    </springProfile>
    <springProfile name="dev,prod">
-        <property name="LOG_PATH" value="/data/xit/logs"/>
+<!--        <property name="LOG_PATH" value="/data/xit/logs"/>-->
-<!--        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>-->
+        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>
    </springProfile>
    <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
--- a/src/test/java/com/xit/core/JasyptApplicationTests.java
+++ b/src/test/java/com/xit/core/JasyptApplicationTests.java
@ -0,0 +1,36 @@
 package com.xit.core;
 import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.context.ActiveProfiles;
@SpringBootTest
@ActiveProfiles(value="dev")
 class JasyptApplicationTests {
    @Test
    void contextLoads() {
    }
    @Test
    void jasypt() {
        String url = "jdbc:oracle:thin:@211.119.124.118:1521:bustms";
        String username = "traffic";
        String password = "xhdgkq0";
        System.out.println(jasyptEncoding(url));
        System.out.println(jasyptEncoding(username));
        System.out.println(jasyptEncoding(password));
    }
    public String jasyptEncoding(String value) {
        String key = "xit_jasypt_key";
        StandardPBEStringEncryptor pbeEnc = new StandardPBEStringEncryptor();
        pbeEnc.setAlgorithm("PBEWithMD5AndDES");
        pbeEnc.setPassword(key);
        return pbeEnc.encrypt(value);
    }
 }