public Func <byte[], byte[]> GetHashAlgorithm(IRequest req)
        {
            Func <byte[], byte[]> hashAlgorithm = null;

            if (HmacAlgorithms.TryGetValue(HashAlgorithm, out var hmac))
            {
                var authKey = GetAuthKey(req);
                if (authKey == null)
                {
                    throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
                }

                hashAlgorithm = data => hmac(authKey, data);
            }

            if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out var rsa))
            {
                var privateKey = GetPrivateKey(req);
                if (privateKey == null)
                {
                    throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
                }

                hashAlgorithm = data => rsa(privateKey.Value, data);
            }

            if (hashAlgorithm == null)
            {
                throw new NotSupportedException("Invalid algorithm: " + HashAlgorithm);
            }

            return(hashAlgorithm);
        }
Beispiel #2
0
        public Func <byte[], byte[]> GetHashAlgorithm()
        {
            Func <byte[], byte[]> hashAlgoritm = null;

            Func <byte[], byte[], byte[]> hmac;

            if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
            {
                if (AuthKey == null)
                {
                    throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => hmac(AuthKey, data);
            }

            Func <RSAParameters, byte[], byte[]> rsa;

            if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
            {
                if (PrivateKey == null)
                {
                    throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => rsa(PrivateKey.Value, data);
            }

            if (hashAlgoritm == null)
            {
                throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
            }

            return(hashAlgoritm);
        }
        public string CreateJwtBearerToken(IAuthSession session, IEnumerable <string> roles = null, IEnumerable <string> perms = null)
        {
            var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms);

            CreatePayloadFilter?.Invoke(jwtPayload, session);

            if (EncryptPayload)
            {
                if (PrivateKey == null || PublicKey == null)
                {
                    throw new NotSupportedException("PrivateKey is required to EncryptPayload");
                }

                return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value));
            }

            var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId());

            CreateHeaderFilter?.Invoke(jwtHeader, session);

            Func <byte[], byte[]> hashAlgoritm = null;

            Func <byte[], byte[], byte[]> hmac;

            if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
            {
                if (AuthKey == null)
                {
                    throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => hmac(AuthKey, data);
            }

            Func <RSAParameters, byte[], byte[]> rsa;

            if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
            {
                if (PrivateKey == null)
                {
                    throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => rsa(PrivateKey.Value, data);
            }

            if (hashAlgoritm == null)
            {
                throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
            }

            var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm);

            return(bearerToken);
        }
        public string CreateJwtBearerToken(IAuthSession session)
        {
            IEnumerable <string> roles = null, perms = null;
            var authRepo = HostContext.TryResolve <IAuthRepository>() as IManageRoles;

            if (authRepo != null)
            {
                roles = authRepo.GetRoles(session.UserAuthId);
                perms = authRepo.GetPermissions(session.UserAuthId);
            }

            var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms);

            if (CreatePayloadFilter != null)
            {
                CreatePayloadFilter(jwtPayload, session);
            }

            if (EncryptPayload)
            {
                if (PrivateKey == null || PublicKey == null)
                {
                    throw new NotSupportedException("PrivateKey is required to EncryptPayload");
                }

                return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value));
            }

            var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId());

            if (CreateHeaderFilter != null)
            {
                CreateHeaderFilter(jwtHeader, session);
            }

            Func <byte[], byte[]> hashAlgoritm = null;

            Func <byte[], byte[], byte[]> hmac;

            if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
            {
                hashAlgoritm = data => hmac(AuthKey, data);
            }

            Func <RSAParameters, byte[], byte[]> rsa;

            if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
            {
                if (PrivateKey == null)
                {
                    throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => rsa(PrivateKey.Value, data);
            }

            if (hashAlgoritm == null)
            {
                throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
            }

            var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm);

            return(bearerToken);
        }