/// <summary> /// Creates a new token handler. /// </summary> /// <param name="cfg">Configuration settings.</param> /// <param name="keyDeriver">Encryption key deriver.</param> public ActionTokenPairHandler( IOptions <ConfigurationAuthentication> cfg, IKeyDeriver keyDeriver) { this.Configuration = cfg.Value; var keyBase = AbstractionUtilities.UTF8.GetBytes(this.Configuration.TokenKey); if (keyBase.Length < 8) { throw new ArgumentException("Token key must be at least 8 bytes-long.", nameof(cfg)); } var saltBytes = new byte[96]; using (var rng = new SecureRandom()) rng.GetBytes(saltBytes); var async = new AsyncExecutor(); this.SigningKey = async.Execute(keyDeriver.DeriveKeyAsync( value: keyBase, salt: saltBytes, byteCount: 256 / 8)); }
/// <summary> /// Creates a new handler. /// </summary> /// <param name="cfg">Configuration to use.</param> public JwtHandler( IOptions <ConfigurationAuthentication> cfg, IKeyDeriver keyDeriver) { this.Configuration = cfg.Value; var keyBase = AbstractionUtilities.UTF8.GetBytes(this.Configuration.TokenKey); if (keyBase.Length < 8) { throw new ArgumentException("Token key must be at least 8 bytes-long.", nameof(cfg)); } var saltBase = MemoryMarshal.Read <long>(keyBase); saltBase *= 13; var saltBytes = MemoryMarshal.AsBytes(MemoryMarshal.CreateSpan(ref saltBase, 1)); var async = new AsyncExecutor(); this.Key = new SymmetricSecurityKey( async.Execute( keyDeriver.DeriveKeyAsync( value: keyBase, salt: saltBytes.ToArray(), byteCount: 512 / 8))); this.Credentials = new SigningCredentials(this.Key, SecurityAlgorithms.HmacSha512); this.JwtValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = this.Configuration.TokenIssuer, ValidAudience = this.Configuration.TokenIssuer, IssuerSigningKey = this.Key, ClockSkew = TimeSpan.FromSeconds(1) }; }