Code changes

Did not run code. Had a spur of the moment to try something out.
This commit is contained in:
Kun Deng
2022-08-25 20:56:12 -04:00
parent 467a9d7e0f
commit 2cc13ac9bb
7 changed files with 171 additions and 16 deletions
+12 -1
View File
@@ -12,7 +12,18 @@ namespace Icarus.Authorization.Handlers
{ {
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasScopeRequirement requirement)
{ {
if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer)) var issuer = requirement.Issuer;
var scope = requirement.Scope;
var claim = string.Empty;
// if (!context.User.HasClaim(c => c.Type == "scope" && c.Issuer == requirement.Issuer))
if (!context.User.HasClaim(c =>
{
var i = 0;
var b = 99;
claim = c.Type;
return c.Type == "scope";
})
)
{ {
return Task.CompletedTask; return Task.CompletedTask;
} }
+87
View File
@@ -0,0 +1,87 @@
using System;
using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.OpenSsl;
namespace Icarus.Certs
{
public class SigningIssuerCertificate : IDisposable
{
private readonly RSACryptoServiceProvider _rsa;
public SigningIssuerCertificate()
{
_rsa = new RSACryptoServiceProvider();
}
// public or private key?
public RsaSecurityKey GetIssuerSigningKey(string publicKeyPath)
{
var file = publicKeyPath;
var publicKey = System.IO.File.ReadAllText(file);
using (var reader = System.IO.File.OpenText(file))
{
var pem = new PemReader(reader);
var o = (RsaKeyParameters)pem.ReadObject();
var parameters = new RSAParameters();
parameters.Modulus = o.Modulus.ToByteArray();
parameters.Exponent = o.Exponent.ToByteArray();
_rsa.ImportParameters(parameters);
}
return new RsaSecurityKey(_rsa);
}
public void Dispose()
{
_rsa?.Dispose();
}
}
public class SigningAudienceCertificate : IDisposable
{
// private readonly RSA _rsa;
private readonly RSACryptoServiceProvider _rsa;
public SigningAudienceCertificate()
{
_rsa = new RSACryptoServiceProvider();
}
// public or private key?
public SigningCredentials GetAudienceSigningKey(string keyPath)
{
// string privateXmlKey = System.IO.File.ReadAllText("./private_key.xml");
// rsa.FromXmlString(privateXmlKey);
var file = keyPath;
var publicKey = System.IO.File.ReadAllText(file);
// var rsa = new RSACryptoServiceProvider();
using (var reader = System.IO.File.OpenText(file))
{
var pem = new PemReader(reader);
var o = (RsaKeyParameters)pem.ReadObject();
var parameters = new RSAParameters();
parameters.Modulus = o.Modulus.ToByteArray();
parameters.Exponent = o.Exponent.ToByteArray();
_rsa.ImportParameters(parameters);
}
return new SigningCredentials(
key: new RsaSecurityKey(_rsa),
algorithm: SecurityAlgorithms.RsaSha256);
}
public void Dispose()
{
_rsa?.Dispose();
}
}
}
+8
View File
@@ -0,0 +1,8 @@
namespace Icarus.Models.Shared
{
public class UserCredentials
{
public string Username { get; set; }
public string Password { get; set; }
}
}
View File
+26 -7
View File
@@ -1,13 +1,19 @@
// using JwtAuthentication.AsymmetricEncryption.Certificates; // using JwtAuthentication.AsymmetricEncryption.Certificates;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Linq;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Extensions.Configuration;
using Icarus; using Icarus;
using Icarus.Certs;
using Icarus.Database.Contexts;
using Icarus.Repositories; using Icarus.Repositories;
using Icarus.Models.Shared; using Icarus.Models.Shared;
// using JwtAuthentication.Shared; // using JwtAuthentication.Shared;
// using JwtAuthentication.Shared.Models; // using JwtAuthentication.Shared.Models;
using Microsoft.IdentityModel.Tokens;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
namespace Icarus.Services namespace Icarus.Services
{ {
@@ -15,7 +21,8 @@ namespace Icarus.Services
{ {
private Microsoft.Extensions.Configuration.IConfiguration _configuration; private Microsoft.Extensions.Configuration.IConfiguration _configuration;
private readonly UserRepository userRepository; private readonly UserRepository userRepository;
private readonly SigningAudienceCertificate signingAudienceCertificate; private readonly UserContext _userContext;
private readonly Icarus.Certs.SigningAudienceCertificate signingAudienceCertificate;
private string _publickKeyPath = string.Empty; private string _publickKeyPath = string.Empty;
/** /**
@@ -26,17 +33,29 @@ namespace Icarus.Services
} }
*/ */
/**
public TokenService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration) public TokenService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration)
{ {
this._configuration = configuration; this._configuration = configuration;
this.userRepository = userRepository; this.userRepository = userRepository;
signingAudienceCertificate = new SigningAudienceCertificate(); signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate();
_publickKeyPath = configuration["RSAKeys:PublicKeyPath"];
}
*/
public TokenService(Microsoft.Extensions.Configuration.IConfiguration configuration)
{
this._configuration = configuration;
// this.userRepository = userRepository;
this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection"));
signingAudienceCertificate = new Icarus.Certs.SigningAudienceCertificate();
_publickKeyPath = configuration["RSAKeys:PublicKeyPath"]; _publickKeyPath = configuration["RSAKeys:PublicKeyPath"];
} }
public string GetToken(string username) public string GetToken(string username)
{ {
var user = userRepository.GetUser(username); // var user = userRepository.GetUser(username);
var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(username));
SecurityTokenDescriptor tokenDescriptor = GetTokenDescriptor(user); SecurityTokenDescriptor tokenDescriptor = GetTokenDescriptor(user);
var tokenHandler = new JwtSecurityTokenHandler(); var tokenHandler = new JwtSecurityTokenHandler();
+18 -3
View File
@@ -1,9 +1,14 @@
// using JwtAuthentication.Shared.Exceptions; // using JwtAuthentication.Shared.Exceptions;
// using JwtAuthentication.Shared.Models; // using JwtAuthentication.Shared.Models;
using System.Linq;
using Microsoft.Extensions.Configuration;
using Icarus.Exceptions; using Icarus.Exceptions;
using Icarus.Models.Shared; using Icarus.Models.Shared;
using Icarus.Services; using Icarus.Services;
using Icarus.Repositories; using Icarus.Repositories;
using Icarus.Database.Contexts;
namespace Icarus.Services namespace Icarus.Services
{ {
@@ -11,6 +16,7 @@ namespace Icarus.Services
{ {
private Microsoft.Extensions.Configuration.IConfiguration _configuration; private Microsoft.Extensions.Configuration.IConfiguration _configuration;
private readonly UserRepository userRepository; private readonly UserRepository userRepository;
private readonly UserContext _userContext;
public UserService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration) public UserService(UserRepository userRepository, Microsoft.Extensions.Configuration.IConfiguration configuration)
{ {
@@ -18,9 +24,17 @@ namespace Icarus.Services
this.userRepository = userRepository; this.userRepository = userRepository;
} }
// public UserService(UserContext userContext, Microsoft.Extensions.Configuration.IConfiguration configuration)
public UserService(Microsoft.Extensions.Configuration.IConfiguration configuration)
{
this._configuration = configuration;
this._userContext = new UserContext(configuration.GetConnectionString("DefaultConnection"));
}
public void ValidateCredentials(UserCredentials userCredentials) public void ValidateCredentials(UserCredentials userCredentials)
{ {
Icarus.Models.User user = userRepository.GetUser(userCredentials.Username); // Icarus.Models.User user = userRepository.GetUser(userCredentials.Username);
var user = _userContext.Users.FirstOrDefault(usr => usr.Username.Equals(userCredentials.Username));
bool isValid = user != null && AreValidCredentials(userCredentials, user); bool isValid = user != null && AreValidCredentials(userCredentials, user);
if (!isValid) if (!isValid)
@@ -31,8 +45,9 @@ namespace Icarus.Services
private static bool AreValidCredentials(UserCredentials userCredentials, Icarus.Models.User user) private static bool AreValidCredentials(UserCredentials userCredentials, Icarus.Models.User user)
{ {
return user.Username == userCredentials.Username && // TODO: Has the user provided password and compair it to the hash retrieved from
user.Password == userCredentials.Password; // the DB
return true;
} }
} }
} }
+20 -5
View File
@@ -37,6 +37,7 @@ using Icarus.Database.Contexts;
namespace Icarus namespace Icarus
{ {
#region Classes #region Classes
/**
public class SigningIssuerCertificate public class SigningIssuerCertificate
{ {
public SigningIssuerCertificate() public SigningIssuerCertificate()
@@ -63,7 +64,9 @@ namespace Icarus
return new RsaSecurityKey(rsa); return new RsaSecurityKey(rsa);
} }
} }
*/
/**
public class SigningAudienceCertificate public class SigningAudienceCertificate
{ {
// public or private key? // public or private key?
@@ -91,6 +94,7 @@ namespace Icarus
algorithm: SecurityAlgorithms.RsaSha256); algorithm: SecurityAlgorithms.RsaSha256);
} }
} }
*/
#endregion #endregion
public static class MyClass public static class MyClass
@@ -98,7 +102,7 @@ namespace Icarus
public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration) public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration)
// public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration) // public static IServiceCollection AddAsymmetricAuthentication(this IServiceCollection services, IConfiguration configuration)
{ {
var issuerSigningCertificate = new SigningIssuerCertificate(); var issuerSigningCertificate = new Icarus.Certs.SigningIssuerCertificate();
RsaSecurityKey issuerSigningKey = issuerSigningCertificate.GetIssuerSigningKey(configuration["RSAKeys:PublicKeyPath"]); RsaSecurityKey issuerSigningKey = issuerSigningCertificate.GetIssuerSigningKey(configuration["RSAKeys:PublicKeyPath"]);
services.AddAuthentication(authOptions => services.AddAuthentication(authOptions =>
@@ -114,6 +118,14 @@ namespace Icarus
return services; return services;
} }
private static bool LifetimeValidator(DateTime? notBefore,
DateTime? expires,
SecurityToken securityToken,
TokenValidationParameters validationParameters)
{
return expires != null && expires > DateTime.UtcNow;
}
} }
public class Startup public class Startup
{ {
@@ -138,7 +150,6 @@ namespace Icarus
var auth_id = Configuration["Auth0:Domain"]; var auth_id = Configuration["Auth0:Domain"];
var domain = $"https://{auth_id}/"; var domain = $"https://{auth_id}/";
var audience = Configuration["Auth0:ApiIdentifier"]; var audience = Configuration["Auth0:ApiIdentifier"];
/**
services services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
@@ -148,6 +159,7 @@ namespace Icarus
options.Audience = audience; options.Audience = audience;
}); });
/**
services.AddAuthorization(options => services.AddAuthorization(options =>
{ {
options.AddPolicy("download:songs", policy => options.AddPolicy("download:songs", policy =>
@@ -211,9 +223,12 @@ namespace Icarus
services.AddAsymmetricAuthentication(Configuration); services.AddAsymmetricAuthentication(Configuration);
services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration)); // services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(new UserRepository(), Configuration), new TokenService(new UserRepository(), Configuration), Configuration));
services.AddTransient<UserService>(us => new UserService(new UserRepository(), Configuration)); services.AddTransient<AuthenticationService>(au => new AuthenticationService(new UserService(Configuration), new TokenService(Configuration), Configuration));
services.AddTransient<TokenService>(tk => new TokenService(new UserRepository(), Configuration)); // services.AddTransient<UserService>(us => new UserService(new UserRepository(), Configuration));
services.AddTransient<UserService>(us => new UserService(Configuration));
// services.AddTransient<TokenService>(tk => new TokenService(new UserRepository(), Configuration));
services.AddTransient<TokenService>(tk => new TokenService(Configuration));
services.AddTransient<UserRepository>(); services.AddTransient<UserRepository>();
services.AddTransient<UserContext>(uc => new UserContext(connString)); services.AddTransient<UserContext>(uc => new UserContext(connString));
/** /**