From dc45cf2c08a45a089dcf846bba2fa91db2540377 Mon Sep 17 00:00:00 2001 From: Developer 02 Date: Tue, 7 Jan 2025 13:55:30 +0100 Subject: [PATCH] refactor(JwtSignatureHandler): Aktualisiert, um RSAPrivateKey anstelle des Deskriptors zu verwenden --- .../Config/TokenParams.cs | 7 ----- DigitalData.Core.Security/DIExtensions.cs | 9 ------ .../JwtSignatureHandler.cs | 31 +++++++------------ 3 files changed, 11 insertions(+), 36 deletions(-) delete mode 100644 DigitalData.Core.Security/Config/TokenParams.cs diff --git a/DigitalData.Core.Security/Config/TokenParams.cs b/DigitalData.Core.Security/Config/TokenParams.cs deleted file mode 100644 index 860bc97..0000000 --- a/DigitalData.Core.Security/Config/TokenParams.cs +++ /dev/null @@ -1,7 +0,0 @@ -namespace DigitalData.Core.Security.Config -{ - public class TokenParams - { - public required IEnumerable Descriptions { get; init; } - } -} \ No newline at end of file diff --git a/DigitalData.Core.Security/DIExtensions.cs b/DigitalData.Core.Security/DIExtensions.cs index 406b36e..cb3a1a8 100644 --- a/DigitalData.Core.Security/DIExtensions.cs +++ b/DigitalData.Core.Security/DIExtensions.cs @@ -61,15 +61,6 @@ namespace DigitalData.Core.Security return services.AddSingleton(sp => Options.Create(descriptor)); } - public static IServiceCollection AddTokenParams(this IServiceCollection services, IConfiguration configuration) - => services.Configure(configuration); - - public static IServiceCollection AddTokenParams(this IServiceCollection services, TokenParams tokenParams) - => services.AddSingleton(Options.Create(tokenParams)); - - public static IServiceCollection AddTokenParams(this IServiceCollection services, params RSATokenDescriptor[] descriptions) - => services.AddSingleton(Options.Create(new() { Descriptions = descriptions })); - public static IServiceCollection AddJwtSignatureHandler(this IServiceCollection services, Func>? claimsMapper = null, Func? subjectMapper = null) diff --git a/DigitalData.Core.Security/JwtSignatureHandler.cs b/DigitalData.Core.Security/JwtSignatureHandler.cs index b2c6da5..3005c67 100644 --- a/DigitalData.Core.Security/JwtSignatureHandler.cs +++ b/DigitalData.Core.Security/JwtSignatureHandler.cs @@ -1,6 +1,7 @@ using AutoMapper; using DigitalData.Core.Abstractions.Security; using DigitalData.Core.Security.Config; +using DigitalData.Core.Security.RSAKey; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; @@ -13,21 +14,20 @@ namespace DigitalData.Core.Security private readonly IMapper _mapper; - private readonly TokenParams _params; - private readonly ICryptograph _cryptograph; - public JwtSignatureHandler(IOptions> claimDescriptorOptions, IMapper mapper, IOptions tokenParamOptions, ICryptograph cryptograph) + public JwtSignatureHandler(IOptions> claimDescriptorOptions, IMapper mapper, ICryptograph cryptograph) { _claimDescriptor = claimDescriptorOptions.Value; _mapper = mapper; - _params = tokenParamOptions.Value; _cryptograph = cryptograph; } - public SecurityToken CreateToken(TPrincipal subject, RSATokenDescriptor description) + public SecurityToken CreateToken(TPrincipal subject, RSAPrivateKey key) { - var descriptor = _mapper.Map(description); + if(key.TokenDescriptor is null) + throw new InvalidOperationException($"No descriptor found for issuer '{key.Issuer}' and audience '{key.Audience}'."); + var descriptor = _mapper.Map(key.TokenDescriptor); descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject); descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject); return CreateToken(descriptor); @@ -35,31 +35,22 @@ namespace DigitalData.Core.Security public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience) { - var description = _params.Descriptions?.Get(issuer: issuer, audience: audience) + var key = _cryptograph.PrivateKeys?.Get(issuer: issuer, audience: audience) ?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'."); - - description.SigningCredentials = _cryptograph.PrivateKeys - .Get(issuer: issuer, audience: audience) - .CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest); - - return CreateToken(subject: subject, description: description); + return CreateToken(subject: subject, key: (RSAPrivateKey)key); } public SecurityToken CreateToken(TPrincipal subject, string apiRoute) { - var description = _params.Descriptions.SingleOrDefault(description => description.ApiRoute == apiRoute) + var key = _cryptograph.PrivateKeys.SingleOrDefault(key => ((RSAPrivateKey)key).TokenDescriptor?.ApiRoute == apiRoute) ?? throw new InvalidOperationException($"No or multiple token description found for api route '{apiRoute}'."); - description.SigningCredentials = _cryptograph.PrivateKeys - .Get(issuer: description.Issuer, audience: description.Audience) - .CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest); - - return CreateToken(subject: subject, description: description); + return CreateToken(subject: subject, key: (RSAPrivateKey)key); } public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor)); - public string WriteToken(TPrincipal subject, RSATokenDescriptor description) => WriteToken(CreateToken(subject: subject, description: description)); + public string WriteToken(TPrincipal subject, RSAPrivateKey key) => WriteToken(CreateToken(subject: subject, key: key)); public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience));