feat: 설정값 암호화 적용

3 years ago · b138b0abcd
parent c15dda6b60
commit b138b0abcd
7 changed files with 101 additions and 10 deletions
--- a/build.gradle
+++ b/build.gradle
@ -83,6 +83,7 @@ dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    implementation 'org.springframework.boot:spring-boot-starter-jdbc'
+    implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.3'

    // spring-boot 2.3 까지는 사용 불가 -  spring-boot-starter-web에 포함되어 있다
    // hibernate-validator:5.2.4.Final 사용
--- a/src/main/java/com/xit/core/config/support/JasyptConfig.java
+++ b/src/main/java/com/xit/core/config/support/JasyptConfig.java
@ -0,0 +1,29 @@
+package com.xit.core.config.support;
+
+import org.jasypt.encryption.StringEncryptor;
+import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
+import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class JasyptConfig {
+
+    @Bean(name = "jasyptStringEncryptor")
+    public StringEncryptor stringEncryptor() {
+
+        String key = "xit_jasypt_key";
+        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
+        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
+        config.setPassword(key); // 암호화할 때 사용하는 키
+        config.setAlgorithm("PBEWithMD5AndDES"); // 암호화 알고리즘
+        config.setKeyObtentionIterations("1000"); // 반복할 해싱 회수
+        config.setPoolSize("1"); // 인스턴스 pool
+        config.setProviderName("SunJCE");
+        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator"); // salt 생성 클래스
+        config.setStringOutputType("base64"); //인코딩 방식
+
+        encryptor.setConfig(config);
+        return encryptor;
+    }
+}
--- a/src/main/java/com/xit/core/init/XitFrameworkApplicationCommandLineRunner.java
+++ b/src/main/java/com/xit/core/init/XitFrameworkApplicationCommandLineRunner.java
@ -1,6 +1,7 @@
 package com.xit.core.init;

 import lombok.extern.slf4j.Slf4j;
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
@ -22,10 +23,27 @@ public class XitFrameworkApplicationCommandLineRunner implements CommandLineRunn
        log.info("XitFrameworkApplicationCommandLineRunner Args: " + Arrays.toString(args));
        log.info("=====================================================================================");

-        System.out.println(new BCryptPasswordEncoder().encode("gnadmin"));
+        //System.out.println(new BCryptPasswordEncoder().encode("gnadmin"));
        //System.out.println(new SCryptPasswordEncoder().encode("gnadmin"));
        //System.out.println(new DelegatingPasswordEncoder().encode("gnadmin", ""));
-        System.out.println(new Pbkdf2PasswordEncoder().encode("gnadmin"));
+        //System.out.println(new Pbkdf2PasswordEncoder().encode("gnadmin"));

+        String url = "jdbc:oracle:thin:@211.119.124.118:1521:bustms";
+        String username = "traffic";
+        String password = "xhdgkq0";
+
+        System.out.println(jasyptEncoding(url));
+        System.out.println(jasyptEncoding(username));
+        System.out.println(jasyptEncoding(password));
+    }
+
+
+    private String jasyptEncoding(String value) {
+
+        String key = "xit_jasypt_key";
+        StandardPBEStringEncryptor pbeEnc = new StandardPBEStringEncryptor();
+        pbeEnc.setAlgorithm("PBEWithMD5AndDES");
+        pbeEnc.setPassword(key);
+        return pbeEnc.encrypt(value);
    }
 }
--- a/src/main/resources/config/application-dev.yml
+++ b/src/main/resources/config/application-dev.yml
@ -18,9 +18,12 @@ spring:
  # ==================================================================================================================
  datasource:
    driver-class-name: oracle.jdbc.OracleDriver
-    url: jdbc:oracle:thin:@211.119.124.118:1521:bustms
-    username: traffic
-    password: xhdgkq0
+#    url: jdbc:oracle:thin:@211.119.124.118:1521:bustms
+#    username: traffic
+#    password: xhdgkq0
+    url: ENC(Du4NMmmioRvKPEusb8MiTTvNaXVoTItupOvD6qDhkeJv8vJKgdQuYR1pfx6EiejdZxw42ihrilk=)
+    username: ENC(MtR2JPkVe/qAf4+4ov5Oaw==)
+    password: ENC(6DJ2lcMsftlVjv1Ddc4d2w==)
    hikari:
      driver-class-name: ${spring.datasource.driver-class-name}
      jdbc-url: ${spring.datasource.url}
--- a/src/main/resources/config/application.yml
+++ b/src/main/resources/config/application.yml
@ -128,6 +128,10 @@ spring:
    livereload:
      enabled: true
      
+  jasypt:
+    encryptor:
+      bean: jasyptStringEncryptor
+    
  # ==================================================================================================================
  # spring-doc setting
  # ==================================================================================================================
--- a/src/main/resources/logback-spring.xml
+++ b/src/main/resources/logback-spring.xml
@ -4,12 +4,12 @@


    <springProfile name="local">
-        <property name="LOG_PATH" value="/data/xit/logs"/>
-<!--        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>-->
+<!--        <property name="LOG_PATH" value="/data/xit/logs"/>-->
+        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>
    </springProfile>
    <springProfile name="dev,prod">
-        <property name="LOG_PATH" value="/data/xit/logs"/>
-<!--        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>-->
+<!--        <property name="LOG_PATH" value="/data/xit/logs"/>-->
+        <property name="LOG_PATH" value="/Users/minuk/data/xit/logs"/>
    </springProfile>

    <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
--- a/src/test/java/com/xit/core/JasyptApplicationTests.java
+++ b/src/test/java/com/xit/core/JasyptApplicationTests.java
@ -0,0 +1,36 @@
+package com.xit.core;
+
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+
+@SpringBootTest
+@ActiveProfiles(value="dev")
+class JasyptApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+    @Test
+    void jasypt() {
+        String url = "jdbc:oracle:thin:@211.119.124.118:1521:bustms";
+        String username = "traffic";
+        String password = "xhdgkq0";
+
+        System.out.println(jasyptEncoding(url));
+        System.out.println(jasyptEncoding(username));
+        System.out.println(jasyptEncoding(password));
+    }
+
+    public String jasyptEncoding(String value) {
+
+        String key = "xit_jasypt_key";
+        StandardPBEStringEncryptor pbeEnc = new StandardPBEStringEncryptor();
+        pbeEnc.setAlgorithm("PBEWithMD5AndDES");
+        pbeEnc.setPassword(key);
+        return pbeEnc.encrypt(value);
+    }
+
+}