AppStd/DigitalData.Core
Template
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(JwtSignatureHandler): Aktualisiert, um RSAPrivateKey anstelle des Deskriptors zu verwenden

Browse Source
This commit is contained in:
Developer 02 2025-01-07 13:55:30 +01:00
parent 09a31b5a3d
commit dc45cf2c08
3 changed files with 11 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
DigitalData.Core.Security/Config/TokenParams.cs
View File

@ -1,7 +0,0 @@
namespace DigitalData.Core.Security.Config
{
public class TokenParams
{
public required IEnumerable<RSATokenDescriptor> Descriptions { get; init; }
}
}

9
DigitalData.Core.Security/DIExtensions.cs
View File

@ -61,15 +61,6 @@ namespace DigitalData.Core.Security
return services.AddSingleton(sp => Options.Create(descriptor)); return services.AddSingleton(sp => Options.Create(descriptor));
} }
public static IServiceCollection AddTokenParams(this IServiceCollection services, IConfiguration configuration)
=> services.Configure<TokenParams>(configuration);
public static IServiceCollection AddTokenParams(this IServiceCollection services, TokenParams tokenParams)
=> services.AddSingleton(Options.Create(tokenParams));
public static IServiceCollection AddTokenParams(this IServiceCollection services, params RSATokenDescriptor[] descriptions)
=> services.AddSingleton(Options.Create<TokenParams>(new() { Descriptions = descriptions }));
public static IServiceCollection AddJwtSignatureHandler<TPrincipal>(this IServiceCollection services, public static IServiceCollection AddJwtSignatureHandler<TPrincipal>(this IServiceCollection services,
Func<TPrincipal, IDictionary<string, object>>? claimsMapper = null, Func<TPrincipal, IDictionary<string, object>>? claimsMapper = null,
Func<TPrincipal, ClaimsIdentity>? subjectMapper = null) Func<TPrincipal, ClaimsIdentity>? subjectMapper = null)

31
DigitalData.Core.Security/JwtSignatureHandler.cs
View File

@ -1,6 +1,7 @@
using AutoMapper; using AutoMapper;
using DigitalData.Core.Abstractions.Security; using DigitalData.Core.Abstractions.Security;
using DigitalData.Core.Security.Config; using DigitalData.Core.Security.Config;
using DigitalData.Core.Security.RSAKey;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens; using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt; using System.IdentityModel.Tokens.Jwt;
@ -13,21 +14,20 @@ namespace DigitalData.Core.Security
private readonly IMapper _mapper; private readonly IMapper _mapper;
private readonly TokenParams _params;
private readonly ICryptograph _cryptograph; private readonly ICryptograph _cryptograph;
public JwtSignatureHandler(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, IMapper mapper, IOptions<TokenParams> tokenParamOptions, ICryptograph cryptograph) public JwtSignatureHandler(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, IMapper mapper, ICryptograph cryptograph)
{ {
_claimDescriptor = claimDescriptorOptions.Value; _claimDescriptor = claimDescriptorOptions.Value;
_mapper = mapper; _mapper = mapper;
_params = tokenParamOptions.Value;
_cryptograph = cryptograph; _cryptograph = cryptograph;
} }
public SecurityToken CreateToken(TPrincipal subject, RSATokenDescriptor description) public SecurityToken CreateToken(TPrincipal subject, RSAPrivateKey key)
{ {
var descriptor = _mapper.Map(description); if(key.TokenDescriptor is null)
throw new InvalidOperationException($"No descriptor found for issuer '{key.Issuer}' and audience '{key.Audience}'.");
var descriptor = _mapper.Map(key.TokenDescriptor);
descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject); descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject); descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
return CreateToken(descriptor); return CreateToken(descriptor);
@ -35,31 +35,22 @@ namespace DigitalData.Core.Security
public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience) public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience)
{ {
var description = _params.Descriptions?.Get(issuer: issuer, audience: audience) var key = _cryptograph.PrivateKeys?.Get(issuer: issuer, audience: audience)
?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'."); ?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'.");
return CreateToken(subject: subject, key: (RSAPrivateKey)key);
description.SigningCredentials = _cryptograph.PrivateKeys
.Get(issuer: issuer, audience: audience)
.CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest);
return CreateToken(subject: subject, description: description);
} }
public SecurityToken CreateToken(TPrincipal subject, string apiRoute) public SecurityToken CreateToken(TPrincipal subject, string apiRoute)
{ {
var description = _params.Descriptions.SingleOrDefault(description => description.ApiRoute == apiRoute) var key = _cryptograph.PrivateKeys.SingleOrDefault(key => ((RSAPrivateKey)key).TokenDescriptor?.ApiRoute == apiRoute)
?? throw new InvalidOperationException($"No or multiple token description found for api route '{apiRoute}'."); ?? throw new InvalidOperationException($"No or multiple token description found for api route '{apiRoute}'.");
description.SigningCredentials = _cryptograph.PrivateKeys return CreateToken(subject: subject, key: (RSAPrivateKey)key);
.Get(issuer: description.Issuer, audience: description.Audience)
.CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest);
return CreateToken(subject: subject, description: description);
} }
public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor)); public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor));
public string WriteToken(TPrincipal subject, RSATokenDescriptor description) => WriteToken(CreateToken(subject: subject, description: description)); public string WriteToken(TPrincipal subject, RSAPrivateKey key) => WriteToken(CreateToken(subject: subject, key: key));
public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience)); public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience));