AppStd/DigitalData.Core
Template
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: move CryptoFactory, JwtSignatureHandler and RSAFactory under Services

Browse Source
This commit is contained in:
Developer 02
2025-03-14 10:15:50 +01:00
parent 973a5f1023
commit 875692b578
5 changed files with 44 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
DigitalData.Core.Security/Services/CryptoFactory.cs Normal file
View File

@@ -0,0 +1,40 @@
using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace DigitalData.Core.Security.Services;
public class CryptoFactory : RSAFactory, ICryptoFactory, IAsymmetricKeyFactory
{
private readonly CryptoFactoryParams _params;
public IEnumerable<IAsymmetricDecryptor> Decryptors { get; }
/// <summary>
/// It is a separate decryptor for permanently stored encrypted data. It is assigned to the first Default decryptor by default.
/// </summary>
public IAsymmetricDecryptor VaultDecryptor { get; }
public IEnumerable<IAsymmetricTokenDescriptor> TokenDescriptors { get; init; } = new List<IAsymmetricTokenDescriptor>();
public CryptoFactory(IOptions<CryptoFactoryParams> cryptoFactoryParamsOptions, ILogger<CryptoFactory>? logger = null)
{
_params = cryptoFactoryParamsOptions.Value;
logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy"));
if (!_params.Decryptors.Any())
throw new InvalidOperationException(
"Any decryptor is not found. Ensure that at least one decryptor is configured in the provided parameters. " +
"This issue typically arises if the configuration for decryptors is incomplete or missing. " +
"Check the 'Decryptors' collection in the configuration and verify that it contains valid entries."
);
Decryptors = _params.Decryptors;
TokenDescriptors = _params.TokenDescriptors;
VaultDecryptor = _params.VaultDecryptor ?? Decryptors.First();
}
}

39
DigitalData.Core.Security/Services/JwtSignatureHandler.cs Normal file
View File

@@ -0,0 +1,39 @@
using AutoMapper;
using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
namespace DigitalData.Core.Security.Services;
public class JwtSignatureHandler<TPrincipal> : JwtSecurityTokenHandler, IJwtSignatureHandler<TPrincipal>
{
private readonly ClaimDescriptor<TPrincipal> _claimDescriptor;
private readonly IMapper _mapper;
private readonly ICryptoFactory _cryptoFactory;
public JwtSignatureHandler(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, IMapper mapper, ICryptoFactory cryptoFactory)
{
_claimDescriptor = claimDescriptorOptions.Value;
_mapper = mapper;
_cryptoFactory = cryptoFactory;
}
public SecurityToken CreateToken(TPrincipal subject, IAsymmetricTokenDescriptor descriptor)
{
var sDescriptor = _mapper.Map(descriptor);
sDescriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
sDescriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
return CreateToken(sDescriptor);
}
public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience)
{
var descriptor = _cryptoFactory.TokenDescriptors.Get(issuer: issuer, audience: audience)
?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'.");
return CreateToken(subject: subject, descriptor: descriptor);
}
}

57
DigitalData.Core.Security/Services/RSAFactory.cs Normal file
View File

@@ -0,0 +1,57 @@
using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config;
using DigitalData.Core.Security.RSAKey;
using System.Security.Cryptography;
namespace DigitalData.Core.Security.Services;
public class RSAFactory : IAsymmetricKeyFactory
{
public static readonly RSAFactory Static = new();
public string CreatePrivateKeyPem(int? keySizeInBits = null, bool encrypt = false) => encrypt
? CreateEncryptedPrivateKeyPem(keySizeInBits: keySizeInBits)
: RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportRSAPrivateKeyPem();
public string CreateEncryptedPrivateKeyPem(
PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null,
HashAlgorithmName? hashAlgorithmName = null,
int? iterationCount = null,
int? keySizeInBits = null,
string? password = null)
{
password ??= RSAFactoryParams.Default.PbePassword;
var pbeParameters = new PbeParameters(
pbeEncryptionAlgorithm ?? RSAFactoryParams.Default.PbeEncryptionAlgorithm,
hashAlgorithmName ?? RSAFactoryParams.Default.PbeHashAlgorithm,
iterationCount ?? RSAFactoryParams.Default.PbeIterationCount);
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
var pemChars = PemEncoding.Write(RSAFactoryParams.Default.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
return new string(pemChars);
}
public string CreateEncryptedPrivateKeyPem(
PbeParameters pbeParameters,
int? keySizeInBits = null,
string? password = null)
{
password ??= RSAFactoryParams.Default.PbePassword;
var encryptedPrivateKey = RSA.Create(keySizeInBits ?? RSAFactoryParams.Default.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters);
var pemChars = PemEncoding.Write(RSAFactoryParams.Default.EncryptedPrivateKeyPemLabel, encryptedPrivateKey);
return new string(pemChars);
}
public IAsymmetricDecryptor CreateDecryptor(string pem, string? issuer = null, string? audience = null, bool encrypt = false, RSAEncryptionPadding? padding = null) => new RSADecryptor()
{
Content = pem,
IsEncrypted = encrypt,
Padding = padding ?? RSAEncryptionPadding.OaepSHA256
};
}