/// <summary>
/// Creates a new token handler.
/// </summary>
/// <param name="cfg">Configuration settings.</param>
/// <param name="keyDeriver">Encryption key deriver.</param>
public ActionTokenPairHandler(
IOptions <ConfigurationAuthentication> cfg,
IKeyDeriver keyDeriver)
{
this.Configuration = cfg.Value;
var keyBase = AbstractionUtilities.UTF8.GetBytes(this.Configuration.TokenKey);
if (keyBase.Length < 8)
{
throw new ArgumentException("Token key must be at least 8 bytes-long.", nameof(cfg));
}
var saltBytes = new byte[96];
using (var rng = new SecureRandom())
rng.GetBytes(saltBytes);
var async = new AsyncExecutor();
this.SigningKey = async.Execute(keyDeriver.DeriveKeyAsync(
value: keyBase,
salt: saltBytes,
byteCount: 256 / 8));
}
/// <summary>
/// Creates a new handler.
/// </summary>
/// <param name="cfg">Configuration to use.</param>
public JwtHandler(
IOptions <ConfigurationAuthentication> cfg,
IKeyDeriver keyDeriver)
{
this.Configuration = cfg.Value;
var keyBase = AbstractionUtilities.UTF8.GetBytes(this.Configuration.TokenKey);
if (keyBase.Length < 8)
{
throw new ArgumentException("Token key must be at least 8 bytes-long.", nameof(cfg));
}
var saltBase = MemoryMarshal.Read <long>(keyBase);
saltBase *= 13;
var saltBytes = MemoryMarshal.AsBytes(MemoryMarshal.CreateSpan(ref saltBase, 1));
var async = new AsyncExecutor();
this.Key = new SymmetricSecurityKey(
async.Execute(
keyDeriver.DeriveKeyAsync(
value: keyBase,
salt: saltBytes.ToArray(),
byteCount: 512 / 8)));
this.Credentials = new SigningCredentials(this.Key, SecurityAlgorithms.HmacSha512);
this.JwtValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = this.Configuration.TokenIssuer,
ValidAudience = this.Configuration.TokenIssuer,
IssuerSigningKey = this.Key,
ClockSkew = TimeSpan.FromSeconds(1)
};
}
