From 09a31b5a3d92bde8c52df76eb0ae1484ae4f0a4f Mon Sep 17 00:00:00 2001 From: Developer 02 Date: Tue, 7 Jan 2025 13:22:45 +0100 Subject: [PATCH] =?UTF-8?q?refactor(TokenDescription):=20Nach=20RSAKey=20v?= =?UTF-8?q?erschoben,=20um=20unter=20RSAPrivateKey=20definiert=20werden=20?= =?UTF-8?q?zu=20k=C3=B6nnen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Config/MappingProfile.cs | 2 +- .../Config/TokenParams.cs | 2 +- DigitalData.Core.Security/Cryptograph.cs | 2 +- DigitalData.Core.Security/DIExtensions.cs | 2 +- DigitalData.Core.Security/Extension.cs | 6 +++--- .../JwtSignatureHandler.cs | 4 ++-- .../RSAKey/RSAPrivateKey.cs | 18 ++++++++++++++++++ .../RSATokenDescriptor.cs} | 8 ++++---- 8 files changed, 31 insertions(+), 13 deletions(-) rename DigitalData.Core.Security/{Config/TokenDescription.cs => RSAKey/RSATokenDescriptor.cs} (94%) diff --git a/DigitalData.Core.Security/Config/MappingProfile.cs b/DigitalData.Core.Security/Config/MappingProfile.cs index 17ba5eb..cadfe44 100644 --- a/DigitalData.Core.Security/Config/MappingProfile.cs +++ b/DigitalData.Core.Security/Config/MappingProfile.cs @@ -7,7 +7,7 @@ namespace DigitalData.Core.Security.Config { public MappingProfile() { - CreateMap(); + CreateMap(); } } } \ No newline at end of file diff --git a/DigitalData.Core.Security/Config/TokenParams.cs b/DigitalData.Core.Security/Config/TokenParams.cs index 442c7d2..860bc97 100644 --- a/DigitalData.Core.Security/Config/TokenParams.cs +++ b/DigitalData.Core.Security/Config/TokenParams.cs @@ -2,6 +2,6 @@ { public class TokenParams { - public required IEnumerable Descriptions { get; init; } + public required IEnumerable Descriptions { get; init; } } } \ No newline at end of file diff --git a/DigitalData.Core.Security/Cryptograph.cs b/DigitalData.Core.Security/Cryptograph.cs index a78fb88..0384735 100644 --- a/DigitalData.Core.Security/Cryptograph.cs +++ b/DigitalData.Core.Security/Cryptograph.cs @@ -19,7 +19,7 @@ namespace DigitalData.Core.Security public IEnumerable PublicKeys => _lazyPublicKeys.Value; - public IEnumerable TokenDescriptions { get; init; } = new List(); + public IEnumerable TokenDescriptions { get; init; } = new List(); public Cryptograph(IOptions options, ILogger? logger = null) : base(options) { diff --git a/DigitalData.Core.Security/DIExtensions.cs b/DigitalData.Core.Security/DIExtensions.cs index 09b1ab8..406b36e 100644 --- a/DigitalData.Core.Security/DIExtensions.cs +++ b/DigitalData.Core.Security/DIExtensions.cs @@ -67,7 +67,7 @@ namespace DigitalData.Core.Security public static IServiceCollection AddTokenParams(this IServiceCollection services, TokenParams tokenParams) => services.AddSingleton(Options.Create(tokenParams)); - public static IServiceCollection AddTokenParams(this IServiceCollection services, params TokenDescription[] descriptions) + public static IServiceCollection AddTokenParams(this IServiceCollection services, params RSATokenDescriptor[] descriptions) => services.AddSingleton(Options.Create(new() { Descriptions = descriptions })); public static IServiceCollection AddJwtSignatureHandler(this IServiceCollection services, diff --git a/DigitalData.Core.Security/Extension.cs b/DigitalData.Core.Security/Extension.cs index cf909f1..dc6dee8 100644 --- a/DigitalData.Core.Security/Extension.cs +++ b/DigitalData.Core.Security/Extension.cs @@ -85,13 +85,13 @@ namespace DigitalData.Core.Security internal static string ToTag(this DateOnly date, string format) => date.ToDateTime(new()).ToTag(format); /// - /// Maps a to a . + /// Maps a to a . /// /// The instance used for mapping. - /// The instance to be mapped. + /// The instance to be mapped. /// A instance populated with the mapped values. /// Thrown if or is null. - internal static SecurityTokenDescriptor Map(this IMapper mapper, TokenDescription description) + internal static SecurityTokenDescriptor Map(this IMapper mapper, RSATokenDescriptor description) => mapper.Map(description, new SecurityTokenDescriptor()); } } \ No newline at end of file diff --git a/DigitalData.Core.Security/JwtSignatureHandler.cs b/DigitalData.Core.Security/JwtSignatureHandler.cs index 0dc5612..b2c6da5 100644 --- a/DigitalData.Core.Security/JwtSignatureHandler.cs +++ b/DigitalData.Core.Security/JwtSignatureHandler.cs @@ -25,7 +25,7 @@ namespace DigitalData.Core.Security _cryptograph = cryptograph; } - public SecurityToken CreateToken(TPrincipal subject, TokenDescription description) + public SecurityToken CreateToken(TPrincipal subject, RSATokenDescriptor description) { var descriptor = _mapper.Map(description); descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject); @@ -59,7 +59,7 @@ namespace DigitalData.Core.Security public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor)); - public string WriteToken(TPrincipal subject, TokenDescription description) => WriteToken(CreateToken(subject: subject, description: description)); + public string WriteToken(TPrincipal subject, RSATokenDescriptor description) => WriteToken(CreateToken(subject: subject, description: description)); public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience)); diff --git a/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs b/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs index eadb2b0..07dc170 100644 --- a/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs +++ b/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs @@ -1,4 +1,5 @@ using DigitalData.Core.Abstractions.Security; +using DigitalData.Core.Security.Config; using Microsoft.IdentityModel.Tokens; using System.Security.Cryptography; @@ -28,6 +29,12 @@ namespace DigitalData.Core.Security.RSAKey public IAsymmetricPublicKey PublicKey => _lazyPublicKey.Value; + private RSATokenDescriptor? _tokenDescriptor; + + private readonly Lazy _descLazyInitter; + + public RSATokenDescriptor? TokenDescriptor { get => _descLazyInitter.Value; init => _tokenDescriptor = value; } + public RSAPrivateKey() { _lazyPublicKey = new(() => new RSAPublicKey() @@ -35,6 +42,17 @@ namespace DigitalData.Core.Security.RSAKey Pem = RSA.ExportRSAPublicKeyPem(), Padding = Padding }); + + _descLazyInitter = new(() => + { + if(_tokenDescriptor is not null) + { + _tokenDescriptor.Issuer = Issuer; + _tokenDescriptor.Audience = Audience; + _tokenDescriptor.SigningCredentials = CreateSigningCredentials(); + } + return _tokenDescriptor; + }); } public byte[] Decrypt(byte[] data) => RSA.Decrypt(data, Padding); diff --git a/DigitalData.Core.Security/Config/TokenDescription.cs b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs similarity index 94% rename from DigitalData.Core.Security/Config/TokenDescription.cs rename to DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs index 0d68966..6cd5303 100644 --- a/DigitalData.Core.Security/Config/TokenDescription.cs +++ b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs @@ -6,14 +6,14 @@ namespace DigitalData.Core.Security.Config /// /// Contains some information which used to create a security token. Designed to abstract /// - public class TokenDescription : IUniqueSecurityContext + public class RSATokenDescriptor : IUniqueSecurityContext { public string? ApiRoute { get; init; } /// /// Gets or sets the value of the 'audience' claim. /// - public new string Audience { get; set; } + public new string Audience { get; internal set; } /// /// Defines the compression algorithm that will be used to compress the JWT token payload. @@ -33,7 +33,7 @@ namespace DigitalData.Core.Security.Config /// /// Gets or sets the issuer of this . /// - public new string Issuer { get; set; } + public new string Issuer { get; internal set; } /// /// Gets or sets the time the security token was issued. This value should be in UTC. @@ -82,7 +82,7 @@ namespace DigitalData.Core.Security.Config /// Specifies the signature algorithm to be applied to the . /// Default is . /// - public string SigningAlgorithm { get; init; } = SecurityAlgorithms.RsaSha256; + public string SigningAlgorithm { get; internal set; } = SecurityAlgorithms.RsaSha256; /// /// Optionally specifies the digest algorithm to be applied during the signing process for the .