AppStd/DigitalData.Core
Template
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(RSATokenDescriptor): In die Abstraktionsschicht verschoben und in PrivateKeyTokenDescriptor umbenannt

Browse Source
This commit is contained in:
Developer 02
2025-01-07 16:34:19 +01:00
parent dc45cf2c08
commit 34e14fd2f5
6 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
DigitalData.Core.Security/Config/MappingProfile.cs
View File

@@ -1,4 +1,5 @@
using AutoMapper;
using DigitalData.Core.Abstractions.Security;
using Microsoft.IdentityModel.Tokens;
namespace DigitalData.Core.Security.Config
@@ -7,7 +8,7 @@ namespace DigitalData.Core.Security.Config
{
public MappingProfile()
{
CreateMap<RSATokenDescriptor, SecurityTokenDescriptor>();
CreateMap<PrivateKeyTokenDescriptor, SecurityTokenDescriptor>();
}
}
}

2
DigitalData.Core.Security/Cryptograph.cs
View File

@@ -19,7 +19,7 @@ namespace DigitalData.Core.Security
public IEnumerable<IAsymmetricPublicKey> PublicKeys => _lazyPublicKeys.Value;
public IEnumerable<RSATokenDescriptor> TokenDescriptions { get; init; } = new List<RSATokenDescriptor>();
public IEnumerable<PrivateKeyTokenDescriptor> TokenDescriptions { get; init; } = new List<PrivateKeyTokenDescriptor>();
public Cryptograph(IOptions<CryptographParams> options, ILogger<Cryptograph>? logger = null) : base(options)
{

3
DigitalData.Core.Security/Extension.cs
View File

@@ -1,4 +1,5 @@
using AutoMapper;
using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config;
using Microsoft.IdentityModel.Tokens;
@@ -91,7 +92,7 @@ namespace DigitalData.Core.Security
/// <param name="description">The <see cref="RSATokenDescriptor"/> instance to be mapped.</param>
/// <returns>A <see cref="SecurityTokenDescriptor"/> instance populated with the mapped values.</returns>
/// <exception cref="ArgumentNullException">Thrown if <paramref name="mapper"/> or <paramref name="description"/> is <c>null</c>.</exception>
internal static SecurityTokenDescriptor Map(this IMapper mapper, RSATokenDescriptor description)
internal static SecurityTokenDescriptor Map(this IMapper mapper, PrivateKeyTokenDescriptor description)
=> mapper.Map(description, new SecurityTokenDescriptor());
}
}

9
DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs
View File

@@ -1,5 +1,4 @@
using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography;
@@ -29,11 +28,11 @@ namespace DigitalData.Core.Security.RSAKey
public IAsymmetricPublicKey PublicKey => _lazyPublicKey.Value;
private RSATokenDescriptor? _tokenDescriptor;
private PrivateKeyTokenDescriptor? _tokenDescriptor;
private readonly Lazy<RSATokenDescriptor?> _descLazyInitter;
private readonly Lazy<PrivateKeyTokenDescriptor?> _descriptorInitiator;
public RSATokenDescriptor? TokenDescriptor { get => _descLazyInitter.Value; init => _tokenDescriptor = value; }
public PrivateKeyTokenDescriptor? TokenDescriptor { get => _descriptorInitiator.Value; init => _tokenDescriptor = value; }
public RSAPrivateKey()
{
@@ -43,7 +42,7 @@ namespace DigitalData.Core.Security.RSAKey
Padding = Padding
});
_descLazyInitter = new(() =>
_descriptorInitiator = new(() =>
{
if(_tokenDescriptor is not null)
{

93
DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
View File

@@ -1,93 +0,0 @@
using DigitalData.Core.Abstractions.Security;
using Microsoft.IdentityModel.Tokens;
namespace DigitalData.Core.Security.Config
{
/// <summary>
/// Contains some information which used to create a security token. Designed to abstract <see cref="SecurityTokenDescriptor"/>
/// </summary>
public class RSATokenDescriptor : IUniqueSecurityContext
{
public string? ApiRoute { get; init; }
/// <summary>
/// Gets or sets the value of the 'audience' claim.
/// </summary>
public new string Audience { get; internal set; }
/// <summary>
/// Defines the compression algorithm that will be used to compress the JWT token payload.
/// </summary>
public string CompressionAlgorithm { get; set; }
/// <summary>
/// Gets or sets the <see cref="EncryptingCredentials"/> used to create a encrypted security token.
/// </summary>
public EncryptingCredentials EncryptingCredentials { get; set; }
/// <summary>
/// Gets or sets the value of the 'expiration' claim. This value should be in UTC.
/// </summary>
public DateTime? Expires { get; set; }
/// <summary>
/// Gets or sets the issuer of this <see cref="ITokenDescription"/>.
/// </summary>
public new string Issuer { get; internal set; }
/// <summary>
/// Gets or sets the time the security token was issued. This value should be in UTC.
/// </summary>
public DateTime? IssuedAt { get; set; }
/// <summary>
/// Gets or sets the notbefore time for the security token. This value should be in UTC.
/// </summary>
public DateTime? NotBefore { get; set; }
/// <summary>
/// Gets or sets the token type.
/// <remarks> If provided, this will be added as the value for the 'typ' header parameter. In the case of a JWE, this will be added to both the inner (JWS) and the outer token (JWE) header. By default, the value used is 'JWT'.
/// If <see cref="AdditionalHeaderClaims"/> also contains 'typ' header claim value, it will override the TokenType provided here.
/// This value is used only for JWT tokens and not for SAML/SAML2 tokens</remarks>
/// </summary>
public string TokenType { get; set; }
/// <summary>
/// Gets or sets the <see cref="Dictionary{TKey, TValue}"/> which contains any custom header claims that need to be added to the JWT token header.
/// The 'alg', 'kid', 'x5t', 'enc', and 'zip' claims are added by default based on the <see cref="SigningCredentials"/>,
/// <see cref="EncryptingCredentials"/>, and/or <see cref="CompressionAlgorithm"/> provided and SHOULD NOT be included in this dictionary as this
/// will result in an exception being thrown.
/// <remarks> These claims are only added to the outer header (in case of a JWE).</remarks>
/// </summary>
public IDictionary<string, object> AdditionalHeaderClaims { get; set; }
/// <summary>
/// Gets or sets the <see cref="Dictionary{TKey, TValue}"/> which contains any custom header claims that need to be added to the inner JWT token header.
/// The 'alg', 'kid', 'x5t', 'enc', and 'zip' claims are added by default based on the <see cref="SigningCredentials"/>,
/// <see cref="EncryptingCredentials"/>, and/or <see cref="CompressionAlgorithm"/> provided and SHOULD NOT be included in this dictionary as this
/// will result in an exception being thrown.
/// <remarks>
/// For JsonWebTokenHandler, these claims are merged with <see cref="AdditionalHeaderClaims"/> while adding to the inner JWT header.
/// </remarks>
/// </summary>
public IDictionary<string, object> AdditionalInnerHeaderClaims { get; set; }
/// <summary>
/// Gets or sets the <see cref="SigningCredentials"/> used to create a security token.
/// </summary>
public SigningCredentials SigningCredentials { get; set; }
/// <summary>
/// Specifies the signature algorithm to be applied to the <see cref="SigningCredentials"/>.
/// Default is <see cref="SecurityAlgorithms.RsaSha256"/>.
/// </summary>
public string SigningAlgorithm { get; internal set; } = SecurityAlgorithms.RsaSha256;
/// <summary>
/// Optionally specifies the digest algorithm to be applied during the signing process for the <see cref="SigningCredentials"/>.
/// If not provided, the default algorithm is used.
/// </summary>
public string? SigningDigest { get; init; }
}
}