2025-07-24 02:48:53 +00:00
3 changed files with 19 additions and 15 deletions
--- a/src/main/kotlin/roomescape/auth/infrastructure/jwt/JwtHandler.kt
+++ b/src/main/kotlin/roomescape/auth/infrastructure/jwt/JwtHandler.kt
@ -2,39 +2,43 @@ package roomescape.auth.infrastructure.jwt

 import io.jsonwebtoken.ExpiredJwtException
 import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
+import io.jsonwebtoken.security.Keys
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.stereotype.Component
 import roomescape.auth.exception.AuthErrorCode
 import roomescape.auth.exception.AuthException
 import java.util.*
+import javax.crypto.SecretKey

@Component
 class JwtHandler(
        @Value("\${security.jwt.token.secret-key}")
-        private val secretKey: String,
+        private val secretKeyString: String,

        @Value("\${security.jwt.token.ttl-seconds}")
        private val tokenTtlSeconds: Long
 ) {
+    private val secretKey: SecretKey = Keys.hmacShaKeyFor(secretKeyString.toByteArray())
+
    fun createToken(memberId: Long): String {
        val date = Date()
        val accessTokenExpiredAt = Date(date.time + tokenTtlSeconds)

        return Jwts.builder()
                .claim(MEMBER_ID_CLAIM_KEY, memberId)
-                .setIssuedAt(date)
-                .setExpiration(accessTokenExpiredAt)
-                .signWith(SignatureAlgorithm.HS256, secretKey.toByteArray())
+                .issuedAt(date)
+                .expiration(accessTokenExpiredAt)
+                .signWith(secretKey)
                .compact()
    }

    fun getMemberIdFromToken(token: String?): Long {
        try {
            return Jwts.parser()
-                    .setSigningKey(secretKey.toByteArray())
-                    .parseClaimsJws(token)
-                    .body
+                    .verifyWith(secretKey)
+                    .build()
+                    .parseSignedClaims(token)
+                    .payload
                    .get(MEMBER_ID_CLAIM_KEY, Number::class.java)
                    .toLong()
        } catch (_: IllegalArgumentException) {
--- a/src/test/kotlin/roomescape/auth/infrastructure/jwt/JwtHandlerTest.kt
+++ b/src/test/kotlin/roomescape/auth/infrastructure/jwt/JwtHandlerTest.kt
@ -1,7 +1,7 @@
 package roomescape.auth.infrastructure.jwt

 import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
+import io.jsonwebtoken.security.Keys
 import io.kotest.assertions.throwables.shouldThrow
 import io.kotest.core.spec.style.FunSpec
 import io.kotest.matchers.shouldBe
@ -45,12 +45,12 @@ class JwtHandlerTest : FunSpec({
        }

        test("시크릿 키가 잘못된 경우 예외를 던진다.") {
-            val now: Date = Date()
+            val now = Date()
            val invalidSignatureToken: String = Jwts.builder()
                    .claim("memberId", memberId)
-                    .setIssuedAt(now)
-                    .setExpiration(Date(now.time + JwtFixture.EXPIRATION_TIME))
-                    .signWith(SignatureAlgorithm.HS256, JwtFixture.SECRET_KEY.substring(1).toByteArray())
+                    .issuedAt(now)
+                    .expiration(Date(now.time + JwtFixture.EXPIRATION_TIME))
+                    .signWith(Keys.hmacShaKeyFor(JwtFixture.SECRET_KEY_STRING.substring(1).toByteArray()))
                    .compact()

            shouldThrow<AuthException> {
--- a/src/test/kotlin/roomescape/util/Fixtures.kt
+++ b/src/test/kotlin/roomescape/util/Fixtures.kt
@ -110,11 +110,11 @@ object ReservationFixture {
 }

 object JwtFixture {
-    const val SECRET_KEY: String = "daijawligagaf@LIJ$@U)9nagnalkkgalijaddljfi"
+    const val SECRET_KEY_STRING: String = "daijawligagaf@LIJ$@U)9nagnalkkgalijaddljfi"
    const val EXPIRATION_TIME: Long = 1000 * 60 * 60

    fun create(
-            secretKey: String = SECRET_KEY,
+            secretKey: String = SECRET_KEY_STRING,
            expirationTime: Long = EXPIRATION_TIME
    ): JwtHandler = JwtHandler(secretKey, expirationTime)
 }