From 373f7381687da37ac52829c718aedb25e0d74692 Mon Sep 17 00:00:00 2001
From: "shengzhaoli.shengz" <monkeyk1987@gmail.com>
Date: Thu, 15 Feb 2024 23:48:23 +0800
Subject: [PATCH] =?UTF-8?q?Add=20TODO:=20=E8=AF=B7=E5=9C=A8=E4=B8=8D?=
 =?UTF-8?q?=E5=90=8C=E7=9A=84=E7=8E=AF=E5=A2=83=E4=BD=BF=E7=94=A8=E4=B8=8D?=
 =?UTF-8?q?=E5=90=8C=E7=9A=84key(=E5=8D=B3=E6=9B=B4=E6=8D=A2jwks.json?=
 =?UTF-8?q?=E4=B8=AD=E7=9A=84=E6=96=87=E4=BB=B6=E5=86=85=E5=AE=B9);=20?=
 =?UTF-8?q?=E5=A6=82=E4=BD=95=E7=94=9F=E6=88=90=E4=B8=8D=E5=90=8C=E7=9A=84?=
 =?UTF-8?q?key=E8=AF=B7=E5=8F=82=E8=80=83=20JwksTest.java=20=E7=B1=BB.=20?=
 =?UTF-8?q?=20/=20=E4=BB=A5=E5=8F=8A=E5=BF=85=E8=A6=81=E6=B3=A8=E9=87=8A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/monkeyk/sos/config/OAuth2ServerConfiguration.java    | 2 ++
 src/test/java/com/monkeyk/sos/service/JwksTest.java          | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
index 6cb9f16..30bc73d 100644
--- a/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
+++ b/src/main/java/com/monkeyk/sos/config/OAuth2ServerConfiguration.java
@@ -66,6 +66,7 @@ public class OAuth2ServerConfiguration {
 
     /**
      * keystore file name
+     * TODO: 请在不同的环境使用不同的key(即更换jwks.json中的文件内容); 如何生成不同的key请参考 JwksTest.java 类.
      *
      * @since 3.0.0
      */
@@ -213,6 +214,7 @@ public class OAuth2ServerConfiguration {
     /**
      * 提供加密/解密的 source
      * 可多个 key, 根据不同的需要来选择使用
+     * TODO: 请在不同的环境使用不同的key(即更换jwks.json中的文件内容); 如何生成不同的key请参考 JwksTest.java 类.
      *
      * @return JWKSource
      * @since 3.0.0
diff --git a/src/test/java/com/monkeyk/sos/service/JwksTest.java b/src/test/java/com/monkeyk/sos/service/JwksTest.java
index 764aa19..2b32b92 100644
--- a/src/test/java/com/monkeyk/sos/service/JwksTest.java
+++ b/src/test/java/com/monkeyk/sos/service/JwksTest.java
@@ -38,6 +38,7 @@ public class JwksTest {
 //        Curve point = Curve.P_521;
 
         ECKeyGenerator ecKeyGenerator = new ECKeyGenerator(point);
+        //key 使用范围请根据业务场景设置, 范围越小越好
         ecKeyGenerator.keyOperations(Set.of(
                         SIGN,
                         VERIFY,
@@ -64,10 +65,12 @@ public class JwksTest {
      */
     @Test
     void jwkRS() throws Exception {
-
+        //size 至少 1024, 推荐 2048
         RSAKeyGenerator rsaKeyGenerator = new RSAKeyGenerator(2048);
+        // keyId 必须唯一
         rsaKeyGenerator.keyID("sos-rsa-kid2")
                 .algorithm(JWSAlgorithm.RS256)
+                //key 使用范围请根据业务场景设置, 范围越小越好
                 .keyOperations(Set.of(
                         SIGN,
                         VERIFY,