68 lines
3.3 KiB
C#
68 lines
3.3 KiB
C#
using AutoMapper;
|
|
using DigitalData.Core.Abstractions.Security;
|
|
using DigitalData.Core.Security.Config;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
|
|
namespace DigitalData.Core.Security
|
|
{
|
|
public class JwtSignatureHandler<TPrincipal> : JwtSecurityTokenHandler, IJwtSignatureHandler<TPrincipal>
|
|
{
|
|
private readonly ClaimDescriptor<TPrincipal> _claimDescriptor;
|
|
|
|
private readonly IMapper _mapper;
|
|
|
|
private readonly IEnumerable<TokenDescription>? _tokenDescriptions;
|
|
|
|
private readonly IAsymCryptHandler _cryptHandler;
|
|
|
|
public JwtSignatureHandler(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, IMapper mapper, IOptions<IEnumerable<TokenDescription>>? tokenDescriptionOptions, IAsymCryptHandler asymCryptHandler)
|
|
{
|
|
_claimDescriptor = claimDescriptorOptions.Value;
|
|
_mapper = mapper;
|
|
_tokenDescriptions = tokenDescriptionOptions?.Value;
|
|
_cryptHandler = asymCryptHandler;
|
|
}
|
|
|
|
public SecurityToken CreateToken(TPrincipal subject, TokenDescription description)
|
|
{
|
|
var descriptor = _mapper.Map(description);
|
|
descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
|
|
descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
|
|
return CreateToken(descriptor);
|
|
}
|
|
|
|
public SecurityToken CreateToken(TPrincipal subject, string issuer, string audience)
|
|
{
|
|
var description = _tokenDescriptions?.Get(issuer: issuer, audience: audience)
|
|
?? throw new InvalidOperationException($"No or multiple token description found for issuer '{issuer}' and audience '{audience}'.");
|
|
|
|
description.SigningCredentials = _cryptHandler.Decryptors
|
|
.Get(issuer: issuer, audience: audience)
|
|
.CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest);
|
|
|
|
return CreateToken(subject: subject, description: description);
|
|
}
|
|
|
|
public SecurityToken CreateToken(TPrincipal subject, string apiRoute)
|
|
{
|
|
var description = _tokenDescriptions?.SingleOrDefault(description => description.ApiRoute == apiRoute)
|
|
?? throw new InvalidOperationException($"No or multiple token description found for api route '{apiRoute}'.");
|
|
|
|
description.SigningCredentials = _cryptHandler.Decryptors
|
|
.Get(issuer: description.Issuer, audience: description.Audience)
|
|
.CreateSigningCredentials(algorithm: description.SigningAlgorithm, digest: description.SigningDigest);
|
|
|
|
return CreateToken(subject: subject, description: description);
|
|
}
|
|
|
|
public string WriteToken(SecurityTokenDescriptor descriptor) => WriteToken(CreateToken(descriptor));
|
|
|
|
public string WriteToken(TPrincipal subject, TokenDescription description) => WriteToken(CreateToken(subject: subject, description: description));
|
|
|
|
public string WriteToken(TPrincipal subject, string issuer, string audience) => WriteToken(CreateToken(subject: subject, issuer: issuer, audience: audience));
|
|
|
|
public string WriteToken(TPrincipal subject, string apiRoute) => WriteToken(CreateToken(subject: subject, apiRoute: apiRoute));
|
|
}
|
|
} |