public Func <byte[], byte[]> GetHashAlgorithm(IRequest req)
{
Func <byte[], byte[]> hashAlgorithm = null;
if (HmacAlgorithms.TryGetValue(HashAlgorithm, out var hmac))
{
var authKey = GetAuthKey(req);
if (authKey == null)
{
throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
}
hashAlgorithm = data => hmac(authKey, data);
}
if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out var rsa))
{
var privateKey = GetPrivateKey(req);
if (privateKey == null)
{
throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
}
hashAlgorithm = data => rsa(privateKey.Value, data);
}
if (hashAlgorithm == null)
{
throw new NotSupportedException("Invalid algorithm: " + HashAlgorithm);
}
return(hashAlgorithm);
}
public Func <byte[], byte[]> GetHashAlgorithm()
{
Func <byte[], byte[]> hashAlgoritm = null;
Func <byte[], byte[], byte[]> hmac;
if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
{
if (AuthKey == null)
{
throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
}
hashAlgoritm = data => hmac(AuthKey, data);
}
Func <RSAParameters, byte[], byte[]> rsa;
if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
{
if (PrivateKey == null)
{
throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
}
hashAlgoritm = data => rsa(PrivateKey.Value, data);
}
if (hashAlgoritm == null)
{
throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
}
return(hashAlgoritm);
}
public string CreateJwtBearerToken(IAuthSession session, IEnumerable <string> roles = null, IEnumerable <string> perms = null)
{
var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms);
CreatePayloadFilter?.Invoke(jwtPayload, session);
if (EncryptPayload)
{
if (PrivateKey == null || PublicKey == null)
{
throw new NotSupportedException("PrivateKey is required to EncryptPayload");
}
return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value));
}
var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId());
CreateHeaderFilter?.Invoke(jwtHeader, session);
Func <byte[], byte[]> hashAlgoritm = null;
Func <byte[], byte[], byte[]> hmac;
if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
{
if (AuthKey == null)
{
throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
}
hashAlgoritm = data => hmac(AuthKey, data);
}
Func <RSAParameters, byte[], byte[]> rsa;
if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
{
if (PrivateKey == null)
{
throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
}
hashAlgoritm = data => rsa(PrivateKey.Value, data);
}
if (hashAlgoritm == null)
{
throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
}
var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm);
return(bearerToken);
}
public string CreateJwtBearerToken(IAuthSession session)
{
IEnumerable <string> roles = null, perms = null;
var authRepo = HostContext.TryResolve <IAuthRepository>() as IManageRoles;
if (authRepo != null)
{
roles = authRepo.GetRoles(session.UserAuthId);
perms = authRepo.GetPermissions(session.UserAuthId);
}
var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms);
if (CreatePayloadFilter != null)
{
CreatePayloadFilter(jwtPayload, session);
}
if (EncryptPayload)
{
if (PrivateKey == null || PublicKey == null)
{
throw new NotSupportedException("PrivateKey is required to EncryptPayload");
}
return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value));
}
var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId());
if (CreateHeaderFilter != null)
{
CreateHeaderFilter(jwtHeader, session);
}
Func <byte[], byte[]> hashAlgoritm = null;
Func <byte[], byte[], byte[]> hmac;
if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
{
hashAlgoritm = data => hmac(AuthKey, data);
}
Func <RSAParameters, byte[], byte[]> rsa;
if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
{
if (PrivateKey == null)
{
throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
}
hashAlgoritm = data => rsa(PrivateKey.Value, data);
}
if (hashAlgoritm == null)
{
throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
}
var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm);
return(bearerToken);
}
