public TokenService(IOptions <CryptoOptions> cryptoOptions)
{
_cryptoOptions = cryptoOptions.Value;
_key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_cryptoOptions.Key)
);
}
public static CryptoOptions AddHmacSha1Support(this CryptoOptions options)
=> options
.AddSupportedKeyedHashAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1", (_, key) => new HMACSHA1(key))
.AddSupportedKeyedHashAlgorithm("H1", (_, key) => new HMACSHA1(key))
.AddSupportedSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1", (_, key, __) => new SymmetricSignatureProvider(key, "http://www.w3.org/2000/09/xmldsig#hmac-sha1"))
.AddSupportedSignatureAlgorithm("H1", (_, key, __) => new SymmetricSignatureProvider(key, "H1"))
;
public CustomCryptoProvider(IOptionsMonitor <CryptoOptions> monitor, ILogger <CustomCryptoProvider> logger, IServiceProvider services)
{
_options = monitor.CurrentValue;
_optionsChangeToken = monitor.OnChange((options, _) => _options = options);
_logger = logger;
_services = services;
_lazyCryptoProviderFactory = new Lazy <CryptoProviderFactory>(() => _services.GetService <CryptoProviderFactory>(), System.Threading.LazyThreadSafetyMode.ExecutionAndPublication);
}
public static CryptoOptions AddRsaWithSha1Support(this CryptoOptions options)
=> options
.AddSupportedSignatureAlgorithm("RS1", (services, key, _) =>
{
var logger = services.GetRequiredService <ILogger <RsaSignatureProvider> >();
return(new RsaSignatureProvider(key, "RS1", HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1, logger));
})
.MapSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1", "RS1")
;
private static CryptoOptions AddAesSupport(this CryptoOptions options, string algorithm, int keySize, CipherMode mode)
=> options
.AddSupportedSymmetricAlgorithm(algorithm, _ =>
{
var aes = Aes.Create();
aes.Mode = mode;
aes.KeySize = keySize;
return(aes);
})
;
public static CryptoOptions AddFullSupport(this CryptoOptions options)
=> options
.AddSha1Support()
.AddRsaWithSha1Support()
.MapKeyWrapAlgorithm(SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.RsaOAEP)
.MapKeyWrapAlgorithm(KeyWrapAlgorithms.RsaOaepMgf1pAlgorithm, SecurityAlgorithms.RsaOAEP)
.AddHmacSha1Support()
.AddAes128CbcSupport()
.AddAes192CbcSupport()
.AddAes256CbcSupport()
;
public AspNetCryptoContext(IOptions <CryptoOptions> options)
{
_options = options.Value;
if (_options == null)
{
throw new ArgumentNullException();
}
if (_options.SaltSizeBits < 512 || _options.SaltSizeBits % 8 != 0)
{
throw new ArgumentException($"Salt size cannot be less than {_options.SaltSizeBits} bits and has to be dividable by 8");
}
if (_options.DerivedKeySizeBits < 512 || _options.DerivedKeySizeBits % 8 != 0)
{
throw new ArgumentException($"Derived key size cannot be less than {_options.DerivedKeySizeBits} bits and has to be dividable by 8");
}
}
public static CryptoOptions AddSha1Support(this CryptoOptions options)
=> options
.AddSupportedHashAlgorithm("SHA1", _ => SHA1.Create())
.MapHashAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1", "SHA1")
;
public static CryptoOptions AddAes256CbcSupport(this CryptoOptions options) => options .AddAesSupport(SecurityAlgorithms.Aes256Encryption, 256, CipherMode.CBC) ;
