feature: try to setup custom key for each client application

broken due to https://github.com/spring-cloud/spring-cloud-config/issues/2252
2023-04-24 20:29:41 +02:00
8 changed files with 51 additions and 3 deletions
--- a/.sdkmanrc
+++ b/.sdkmanrc
@ -1,3 +1,4 @@
 # Enable auto-env through the sdkman_auto_env config
 # Add key=value pairs of SDKs to use below
 java=17.0.6-tem
+springboot=2.7.9
--- a/7
+++ b/7
@ -4,6 +4,10 @@ GRADLE_BIN=./gradlew
 BASIC_AUTH="user:b3956c50-2e1e-4426-aaca-6b09f7cc4808"
 SERVER_CONFIG=localhost:8090

+setup:
+	sdk install springboot 2.7.9
+	spring install org.springframework.cloud:spring-cloud-cli:2.2.4.RELEASE
+
 build:
 	# build without executing test
 	$(GRADLE_BIN) build -x test
@ -20,6 +24,9 @@ run-server:
 curl-server:
 	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/client/development |jq

+encrypt-cli:
+	spring encrypt 'Hello world 2' --key toto
+
 encrypt-server:
 	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/encrypt/client/development --data-urlencode "Hello world 2"

--- a/client/src/main/resources/application.properties
+++ b/client/src/main/resources/application.properties
@ -3,3 +3,4 @@ spring.profiles.active=development
 spring.config.import=configserver:http://user:b3956c50-2e1e-4426-aaca-6b09f7cc4808@localhost:8090

 encrypt.key=toto
+spring.cloud.config.server.bootstrap=
--- a/server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java
+++ b/server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java
@ -1,12 +1,14 @@
 package tk.antoine.roux.springcloudconfig;

 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 import org.springframework.cloud.config.server.EnableConfigServer;

 import static org.springframework.boot.SpringApplication.run;

@EnableConfigServer
@SpringBootApplication
+@ConfigurationPropertiesScan
 public class SpringCloudConfigServerApplication {

    public static void main(String[] args) {
--- a/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/Encryption.java
+++ b/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/Encryption.java
@ -0,0 +1,26 @@
+package tk.antoine.roux.springcloudconfig.configurations;
+
+import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
+import org.springframework.cloud.config.server.config.DefaultTextEncryptionAutoConfiguration;
+import org.springframework.cloud.config.server.encryption.TextEncryptorLocator;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration(proxyBeanMethods = false)
+public class Encryption {
+
+    private final DefaultTextEncryptionAutoConfiguration defaultTextEncryptionAutoConfiguration;
+
+    public Encryption() {
+        defaultTextEncryptionAutoConfiguration = new DefaultTextEncryptionAutoConfiguration();
+    }
+
+    @Bean
+    public TextEncryptorLocator textEncryptorLocator(MultiKeyProperties multiKeyProperties) {
+        return keys -> {
+            KeyProperties keyPropertiesForClient = multiKeyProperties.encrypt().get(keys.get("application"));
+            return defaultTextEncryptionAutoConfiguration.defaultTextEncryptor(keyPropertiesForClient);
+        };
+    }
+
+}
--- a/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/MultiKeyProperties.java
+++ b/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/MultiKeyProperties.java
@ -0,0 +1,10 @@
+package tk.antoine.roux.springcloudconfig.configurations;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
+
+import java.util.Map;
+
+@ConfigurationProperties("custom")
+public record MultiKeyProperties(Map<String, KeyProperties> encrypt) {
+}
--- a/server/src/main/resources/application.properties
+++ b/server/src/main/resources/application.properties
@ -9,6 +9,6 @@ spring.security.user.password=b3956c50-2e1e-4426-aaca-6b09f7cc4808
 #spring.cloud.config.server.git.search-paths='{application}/{profile}'
 #spring.cloud.config.server.git.refresh-rate=10

-encrypt.key=toto
-encrypt.salt=deadbeef
+custom.encrypt.client.key=toto
+custom.encrypt.client.salt=deadbeef
 spring.cloud.config.server.encrypt.enabled=false
--- a/server/src/main/resources/config-repo/client/development/application.properties
+++ b/server/src/main/resources/config-repo/client/development/application.properties
@ -1 +1,2 @@
-application.message={cipher}f91f7e4bd42a61803334bbf0fbd1e3e8e3c468542fa202317e3668d907dda3d6
+#application.message={cipher}6df1fbfff94432322eff713b0a77c861e3165f0f1e5ac55b347a3a5ebbd8ae8953e47cd6e194d0fe59c960edbb1c3a7fbcab0ac03c7f1614c2f712112954027a
+application.message={cipher}{key:client}0aa915c8a9262e16b1e55f30c500c2ffac6557b66f81cecdc91eff17f8045486