feature : github AccessToken AES 암호화 후 저장,암호화를 담당하는 AESUtil 생성

Author: minjee2758

build.gradle

@@ -110,8 +110,8 @@ dependencies {
     //email-smtp
     implementation 'org.springframework.boot:spring-boot-starter-mail'
 
-
-}
+    //AES 암호화
+    implementation 'javax.xml.bind:jaxb-api:2.3.1'}
 
 tasks.named('test') {
     useJUnitPlatform()

src/main/java/org/ezcode/codetest/common/security/hander/CustomSuccessHandler.java

@@ -4,6 +4,9 @@
 import java.util.concurrent.TimeUnit;
 
 import org.ezcode.codetest.application.usermanagement.auth.dto.response.OAuthResponse;
+import org.ezcode.codetest.common.security.util.AESUtil;
+import org.ezcode.codetest.domain.user.exception.AuthException;
+import org.ezcode.codetest.domain.user.exception.code.AuthExceptionCode;
 import org.ezcode.codetest.domain.user.model.entity.CustomOAuth2User;
 import org.ezcode.codetest.domain.user.model.entity.User;
 import org.ezcode.codetest.domain.user.service.UserDomainService;
@@ -32,15 +35,17 @@ public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler
 	private final RedisTemplate<String, String> redisTemplate;
 	private final ObjectMapper objectMapper; //json직렬화
 	private final OAuth2AuthorizedClientService authorizedClientService;
+	private final AESUtil aesUtil;
 
 	public CustomSuccessHandler(JwtUtil jwtUtil, UserDomainService userDomainService,
 		RedisTemplate<String, String> redisTemplate, ObjectMapper objectMapper,
-        OAuth2AuthorizedClientService authorizedClientService) {
+        OAuth2AuthorizedClientService authorizedClientService, AESUtil aesUtil) {
 		this.jwtUtil = jwtUtil;
 		this.userDomainService = userDomainService;
 		this.redisTemplate = redisTemplate;
 		this.objectMapper = objectMapper;
         this.authorizedClientService = authorizedClientService;
+        this.aesUtil = aesUtil;
     }
 
 	@Override
@@ -53,18 +58,22 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 		User loginUser= userDomainService.getUserByEmail(customUserDetails.getEmail());
 		log.info("loginUser Name: {}", loginUser.getUsername());
 
-		log.info("provider : {}", customUserDetails.getProvider().toString());
 		if (customUserDetails.getProvider().equalsIgnoreCase("github")) {
 			//깃허브 access-token 가져오기
-
 			OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
 			OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(
 				oauthToken.getAuthorizedClientRegistrationId(),
 				oauthToken.getName()
 			);
-			String githubAccessToken = client.getAccessToken().getTokenValue();
-			log.info("--------AccessToken : {}", githubAccessToken);
-			loginUser.setGithubAccessToken(githubAccessToken);
+
+			//AES 암호화
+            try {
+				String encodedGithubToken = aesUtil.encrypt(client.getAccessToken().getTokenValue());
+				loginUser.setGithubAccessToken(encodedGithubToken);
+            } catch (Exception e) {
+				log.error(e.getMessage());
+                throw new AuthException(AuthExceptionCode.TOKEN_ENCODE_FAIL);
+            }
 			userDomainService.updateUserGithubAccessToken(loginUser);
 		}
 

src/main/java/org/ezcode/codetest/common/security/util/AESUtil.java

@@ -0,0 +1,34 @@
+package org.ezcode.codetest.common.security.util;
+
+import java.util.Base64;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AESUtil {
+
+    private static final String ALGORITHM = "AES";
+    @Value("${AES_SECRET_KEY}")
+    private String SECRET_KEY; // 반드시 16, 24, 또는 32바이트
+
+    public String encrypt(String input) throws Exception {
+        SecretKeySpec keySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM);
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec);
+        byte[] encryptedBytes = cipher.doFinal(input.getBytes());
+        return Base64.getEncoder().encodeToString(encryptedBytes);
+    }
+
+    public String decrypt(String encryptedInput) throws Exception {
+        SecretKeySpec keySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM);
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        cipher.init(Cipher.DECRYPT_MODE, keySpec);
+        byte[] encryptedBytes = Base64.getDecoder().decode(encryptedInput);
+        byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
+        return new String(decryptedBytes);
+    }
+}

src/main/java/org/ezcode/codetest/domain/user/exception/code/AuthExceptionCode.java

@@ -18,7 +18,8 @@ public enum AuthExceptionCode implements ResponseCode {
 	ALREADY_EXIST_USER(false, HttpStatus.BAD_REQUEST, "이미 가입된 유저입니다."),
 	NOT_EMAIL_USER(false, HttpStatus.BAD_REQUEST, "소셜 로그인 회원은 비밀번호 변경을 할 수 없습니다."),
 	PASSWORD_IS_SAME(false, HttpStatus.BAD_REQUEST, "기존 비밀번호와 같습니다. 새로운 비밀번호는 기존 비밀번호와 달라야합니다."),
-	ALREADY_WITHDRAW_USER(false, HttpStatus.NOT_FOUND, "탈퇴된 회원입니다.")
+	ALREADY_WITHDRAW_USER(false, HttpStatus.NOT_FOUND, "탈퇴된 회원입니다."),
+    TOKEN_ENCODE_FAIL(false, HttpStatus.BAD_REQUEST, "토큰 인코딩에 실패했습니다.")
 
 	;
 

src/main/resources/application.properties

@@ -126,3 +126,6 @@ logging.level.org.springframework.security=DEBUG
 logging.level.org.springframework.security.oauth2=DEBUG
 logging.level.org.springframework.security.oauth2.client=TRACE
 logging.level.org.springframework.web.client.RestTemplate=TRACE
+
+
+aes.secret.key=${AES_SECRET_KEY}