diff --git a/Authorization/Handlers/HasScopeHandler.cs b/Authorization/Handlers/HasScopeHandler.cs index 8f51065..82e54e6 100644 --- a/Authorization/Handlers/HasScopeHandler.cs +++ b/Authorization/Handlers/HasScopeHandler.cs @@ -12,7 +12,18 @@ namespace Icarus.Authorization.Handlers { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement) { - if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer)) + var issuer = requirement.Issuer; + var scope = requirement.Scope; + var claim = string.Empty; + // if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer)) + if (!context.User.HasClaim(c => + { + var i = 0; + var b = 99; + claim = c.Type; + return c.Type == "scope"; + }) + ) { return Task.CompletedTask; } diff --git a/Certs/Signing.cs b/Certs/Signing.cs new file mode 100644 index 0000000..4f53a26 --- /dev/null +++ b/Certs/Signing.cs @@ -0,0 +1,87 @@ +using System; +using System.Security.Cryptography; + +using Microsoft.IdentityModel.Tokens; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.OpenSsl; + + +namespace Icarus.Certs +{ + + public class SigningIssuerCertificate : IDisposable + { + private readonly RSACryptoServiceProvider _rsa; + + public SigningIssuerCertificate() + { + _rsa = new RSACryptoServiceProvider(); + } + + // public or private key? + public RsaSecurityKey GetIssuerSigningKey(string publicKeyPath) + { + var file = publicKeyPath; + var publicKey = System.IO.File.ReadAllText(file); + + using (var reader = System.IO.File.OpenText(file)) + { + var pem = new PemReader(reader); + var o = (RsaKeyParameters)pem.ReadObject(); + var parameters = new RSAParameters(); + parameters.Modulus = o.Modulus.ToByteArray(); + parameters.Exponent = o.Exponent.ToByteArray(); + _rsa.ImportParameters(parameters); + } + + return new RsaSecurityKey(_rsa); + } + + + public void Dispose() + { + _rsa?.Dispose(); + } + } + + + public class SigningAudienceCertificate : IDisposable + { + // private readonly RSA _rsa; + private readonly RSACryptoServiceProvider _rsa; + + public SigningAudienceCertificate() + { + _rsa = new RSACryptoServiceProvider(); + } + // public or private key? + public SigningCredentials GetAudienceSigningKey(string keyPath) + { + // string privateXmlKey = System.IO.File.ReadAllText("./private_key.xml"); + // rsa.FromXmlString(privateXmlKey); + + var file = keyPath; + var publicKey = System.IO.File.ReadAllText(file); + // var rsa = new RSACryptoServiceProvider(); + + using (var reader = System.IO.File.OpenText(file)) + { + var pem = new PemReader(reader); + var o = (RsaKeyParameters)pem.ReadObject(); + var parameters = new RSAParameters(); + parameters.Modulus = o.Modulus.ToByteArray(); + parameters.Exponent = o.Exponent.ToByteArray(); + _rsa.ImportParameters(parameters); + } + + return new SigningCredentials( + key: new RsaSecurityKey(_rsa), + algorithm: SecurityAlgorithms.RsaSha256); + } + + public void Dispose() + { + _rsa?.Dispose(); + } + } +} \ No newline at end of file diff --git a/Models/Shared/UserCredentials.cs b/Models/Shared/UserCredentials.cs new file mode 100644 index 0000000..1b8bf3d --- /dev/null +++ b/Models/Shared/UserCredentials.cs @@ -0,0 +1,8 @@ +namespace Icarus.Models.Shared +{ + public class UserCredentials + { + public string Username { get; set; } + public string Password { get; set; } + } +} \ No newline at end of file diff --git a/Scripts/Migrations/Linux/AddUpdate.sh b/Scripts/Migrations/Linux/AddUpdate.sh old mode 100755 new mode 100644 diff --git a/Services/TokenService.cs b/Services/TokenService.cs index 9bd7267..3c0e598 100644 --- a/Services/TokenService.cs +++ b/Services/TokenService.cs @@ -1,13 +1,19 @@ // using JwtAuthentication.AsymmetricEncryption.Certificates; +using System; +using System.IdentityModel.Tokens.Jwt; +using System.Security.Claims; +using System.Linq; + +using Microsoft.IdentityModel.Tokens; +using Microsoft.Extensions.Configuration; + using Icarus; +using Icarus.Certs; +using Icarus.Database.Contexts; using Icarus.Repositories; using Icarus.Models.Shared; // using JwtAuthentication.Shared; // using JwtAuthentication.Shared.Models; -using Microsoft.IdentityModel.Tokens; -using System; -using System.IdentityModel.Tokens.Jwt; -using System.Security.Claims; namespace Icarus.Services { @@ -15,7 +21,8 @@ namespace Icarus.Services { private Microsoft.Extensions.Configuration.IConfiguration _configuration; private readonly UserRepository userRepository; - private readonly SigningAudienceCertificate signingAudienceCertificate; + private readonly UserContext _userContext; + private readonly Icarus.Certs.SigningAudienceCertificate signingAudienceCertificate; private string _publickKeyPath = string.Empty; /** @@ -26,17 +33,29 @@ namespace Icarus.Services } */ + /** public TokenService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration) { this._configuration = configuration; this.userRepository = userRepository; - signingAudienceCertificate = new SigningAudienceCertificate(); + signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate(); + _publickKeyPath = configuration["RSAKeys:PublicKeyPath"]; + } + */ + + public TokenService(Microsoft.Extensions.Configuration.IConfiguration configuration) + { + this._configuration = configuration; + // this.userRepository = userRepository; + this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection")); + signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate(); _publickKeyPath = configuration["RSAKeys:PublicKeyPath"]; } public string GetToken(string username) { - var user = userRepository.GetUser(username); + // var user = userRepository.GetUser(username); + var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(username)); SecurityTokenDescriptor tokenDescriptor = GetTokenDescriptor(user); var tokenHandler = new JwtSecurityTokenHandler(); diff --git a/Services/UserService.sc.cs b/Services/UserService.sc.cs index a5e9689..19684f4 100644 --- a/Services/UserService.sc.cs +++ b/Services/UserService.sc.cs @@ -1,9 +1,14 @@ // using JwtAuthentication.Shared.Exceptions; // using JwtAuthentication.Shared.Models; +using System.Linq; + +using Microsoft.Extensions.Configuration; + using Icarus.Exceptions; using Icarus.Models.Shared; using Icarus.Services; using Icarus.Repositories; +using Icarus.Database.Contexts; namespace Icarus.Services { @@ -11,6 +16,7 @@ namespace Icarus.Services { private Microsoft.Extensions.Configuration.IConfiguration _configuration; private readonly UserRepository userRepository; + private readonly UserContext _userContext; public UserService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration) { @@ -18,9 +24,17 @@ namespace Icarus.Services this.userRepository = userRepository; } + // public UserService(UserContext userContext, Microsoft.Extensions.Configuration.IConfiguration configuration) + public UserService(Microsoft.Extensions.Configuration.IConfiguration configuration) + { + this._configuration = configuration; + this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection")); + } + public void ValidateCredentials(UserCredentials userCredentials) { - Icarus.Models.User user = userRepository.GetUser(userCredentials.Username); + // Icarus.Models.User user = userRepository.GetUser(userCredentials.Username); + var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(userCredentials.Username)); bool isValid = user != null && AreValidCredentials(userCredentials, user); if (!isValid) @@ -31,8 +45,9 @@ namespace Icarus.Services private static bool AreValidCredentials(UserCredentials userCredentials, Icarus.Models.User user) { - return user.Username == userCredentials.Username && - user.Password == userCredentials.Password; + // TODO: Has the user provided password and compair it to the hash retrieved from + // the DB + return true; } } } \ No newline at end of file diff --git a/Startup.cs b/Startup.cs index 9bc5aa6..13323a9 100644 --- a/Startup.cs +++ b/Startup.cs @@ -37,6 +37,7 @@ using Icarus.Database.Contexts; namespace Icarus { #region Classes + /** public class SigningIssuerCertificate { public SigningIssuerCertificate() @@ -63,7 +64,9 @@ namespace Icarus return new RsaSecurityKey(rsa); } } + */ + /** public class SigningAudienceCertificate { // public or private key? @@ -91,6 +94,7 @@ namespace Icarus algorithm: SecurityAlgorithms.RsaSha256); } } + */ #endregion public static class MyClass @@ -98,7 +102,7 @@ namespace Icarus public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration) // public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration) { - var issuerSigningCertificate = new SigningIssuerCertificate(); + var issuerSigningCertificate = new Icarus.Certs.SigningIssuerCertificate(); RsaSecurityKey issuerSigningKey = issuerSigningCertificate.GetIssuerSigningKey(configuration["RSAKeys:PublicKeyPath"]); services.AddAuthentication(authOptions => @@ -114,6 +118,14 @@ namespace Icarus return services; } + + private static bool LifetimeValidator(DateTime? notBefore, + DateTime? expires, + SecurityToken securityToken, + TokenValidationParameters validationParameters) + { + return expires != null && expires > DateTime.UtcNow; + } } public class Startup { @@ -138,7 +150,6 @@ namespace Icarus var auth_id = Configuration["Auth0:Domain"]; var domain = $"https://{auth_id}/"; var audience = Configuration["Auth0:ApiIdentifier"]; - /** services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) @@ -148,6 +159,7 @@ namespace Icarus options.Audience = audience; }); + /** services.AddAuthorization(options => { options.AddPolicy("download:songs", policy => @@ -211,9 +223,12 @@ namespace Icarus services.AddAsymmetricAuthentication(Configuration); - services.AddTransient(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration)); - services.AddTransient(us => new UserService(new UserRepository(), Configuration)); - services.AddTransient(tk => new TokenService(new UserRepository(), Configuration)); + // services.AddTransient(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration)); + services.AddTransient(au => new AuthenticationService(new UserService(Configuration), new TokenService(Configuration), Configuration)); + // services.AddTransient(us => new UserService(new UserRepository(), Configuration)); + services.AddTransient(us => new UserService(Configuration)); + // services.AddTransient(tk => new TokenService(new UserRepository(), Configuration)); + services.AddTransient(tk => new TokenService(Configuration)); services.AddTransient(); services.AddTransient(uc => new UserContext(connString)); /**