ASPNETSelfCreatedTokenAuthExample/src/TokenAuthExampleWebApplication/RSAKeyUtils.cs at c71d586231bbbddf1cace3ea6c03ce5b47a4c2d8 · mrsheepuk/ASPNETSelfCreatedTokenAuthExample · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using Microsoft.AspNet.DataProtection;
using Microsoft.Extensions.DependencyInjection;
using System.IdentityModel.Tokens;

namespace TokenAuthExampleWebApplication
{
    public class RSAKeyUtils
    {
        public static RSAParameters GetRandomKey()
        {
            using (var rsa = new RSACryptoServiceProvider(2048))
            {
                try
                {
                    return rsa.ExportParameters(true);
                }
                finally
                {
                    rsa.PersistKeyInCsp = false;
                }
            }
        }

        IDataProtector mProtector;

        public RSAKeyUtils(IDataProtectionProvider aProvider)
        {
          mProtector = aProvider.CreateProtector("TestProtector");
        }

        public static TokenAuthOptions GetTokenOptions(IServiceProvider aServiceProvider)
        {
          RSAKeyUtils lRsaKeyUtils = ActivatorUtilities.CreateInstance<RSAKeyUtils>(aServiceProvider);
          // Create the key, and a set of token options to record signing credentials
          // using that key, along with the other parameters we will need in the
          // token controlller.
          RSAParameters lKeyParams = RSAKeyUtils.GetKeyParameters("authtoken.key");
          RsaSecurityKey lKey = new RsaSecurityKey(lKeyParams);
          TokenAuthOptions lTokenOptions = new TokenAuthOptions()
          {
            Audience = Startup.TokenAudience,
            Issuer = Startup.TokenIssuer,
            SigningCredentials = new SigningCredentials(lKey, SecurityAlgorithms.RsaSha256Signature)
          };
          return lTokenOptions;
        }

        public static void GenerateProtectedKeyToFile(string file)
        {
          var lServiceCollection = new ServiceCollection();
          lServiceCollection.AddDataProtection();
          lServiceCollection.ConfigureDataProtection(configure =>
          {
              // persist keys to a specific directory
              configure.PersistKeysToFileSystem(new DirectoryInfo(@".\keys"));
              // uncomment when doing this from different application
              //configure.SetApplicationName("SameAppName");
          });
          var lServices = lServiceCollection.BuildServiceProvider();

          // create an instance of MyClass using the service provider
          var lKeyUtils = ActivatorUtilities.CreateInstance<RSAKeyUtils>(lServices);

          lKeyUtils.GenerateKeyAndSave("authtoken.key");
        }

        private void GenerateKeyAndSave(string file)
        {
          var lRandomKey = GetRandomKey();
          string lSerializedParameters = JsonConvert.SerializeObject(lRandomKey);

          string lProtectedString = mProtector.Protect(lSerializedParameters);
          File.WriteAllText(file, lProtectedString);
        }


    /// <summary>
    /// This expects a file in the format:
    /// {
    ///  "Modulus": "z7eXmrs9z3Xm7VXwYIdziDYzXGfi3XQiozIRa58m3ApeLVDcsDeq6Iv8C5zJ2DHydDyc0x6o5dtTRIb23r5/ZRj4I/UwbgrwMk5iHA0bVsXVPBDSWsrVcPDGafr6YbUNQnNWIF8xOqgpeTwxrqGiCJMUjuKyUx01PBzpBxjpnQ++Ryz6Y7MLqKHxBkDiOw5wk9cxO8/IMspSNJJosOtRXFTR74+bj+pvNBa8IJ+5Jf/UfJEEjk+qC+pohCAryRk0ziXcPdxXEv5KGT4zf3LdtHy1YwsaGLnTb62vgbdqqCJaVyHWOoXsDTQBLjxNl9o9CzP6CrfBGK6JV8pA/xfQlw==",
    ///  "Exponent": "AQAB",
    ///  "P": "+VsETS2exORYlg2CxaRMzyG60dTfHSuv0CsfmO3PFv8mcYxglGa6bUV5VGtB6Pd1HdtV/iau1WR/hYXQphCP99Pu803NZvFvVi34alTFbh0LMfZ+2iQ9toGzVfO8Qdbj7go4TWoHNzCpG4UCx/9wicVIWJsNzkppSEcXYigADMM=",
    ///  "Q": "1UCJ2WAHasiCdwJtV2Ep0VCK3Z4rVFLWg3q1v5OoOU1CkX5/QAcrr6bX6zOdHR1bDCPsH1n1E9cCMvwakgi9M4Ch0dYF5CxDKtlx+IGsZJL0gB6HhcEsHat+yXUtOAlS4YB82G1hZqiDw+Q0O8LGyu/gLDPB+bn0HmbkUC2kP50=",
    ///  "DP": "CBqvLxr2eAu73VSfFXFblbfQ7JTwk3AiDK/6HOxNuL+eLj6TvP8BvB9v7BB4WewBAHFqgBIdyI21n09UErGjHDjlIT88F8ZtCe4AjuQmboe/H2aVhN18q/vXKkn7qmAjlE78uXdiuKZ6OIzAJGPm8nNZAJg5gKTmexTka6pFJiU=",
    ///  "DQ": "ND6zhwX3yzmEfROjJh0v2ZAZ9WGiy+3fkCaoEF9kf2VmQa70DgOzuDzv+TeT7mYawEasuqGXYVzztPn+qHhrogqJmpcMqnINopnTSka6rYkzTZAtM5+35yz0yvZiNbBTFdwcuglSK4xte7iU828stNs/2JR1mXDtVeVvWhVUgCE=",
    ///  "InverseQ": "Heo0BHv685rvWreFcI5MXSy3AN0Zs0YbwAYtZZd1K/OzFdYVdOnqw+Dg3wGU9yFD7h4icJFwZUBGOZ0ww/gZX/5ZgJK35/YY/DeV+qfZmywKauUzC6+DPsrDdW1uf1eAety6/huRZTduBFTwIOlPdZ+PY49j6S38DjPFNImn0cU=",
    ///  "D": "IvjMI5cGzxkQqkDf2cC0aOiHOTWccqCM/GD/odkH1+A+/u4wWdLliYWYB/R731R5d6yE0t7EnP6SRGVcxx/XnxPXI2ayorRgwHeF+ScTxUZFonlKkVK5IOzI2ysQYMb01o1IoOamCTQq12iVDMvV1g+9VFlCoM+4GMjdSv6cxn6ELabuD4nWt8tCskPjECThO+WdrknbUTppb2rRgMvNKfsPuF0H7+g+WisbzVS+UVRvJe3U5O5X5j7Z82Uq6hw2NCwv2YhQZRo/XisFZI7yZe0OU2JkXyNG3NCk8CgsM9yqX8Sk5esXMZdJzjwXtEpbR7FiKZXiz9LhPSmzxz/VsQ=="
    /// }
    ///
    /// Generate
    /// </summary>
    /// <param name="file"></param>
    /// <returns></returns>
    public static RSAParameters GetKeyParameters(string file)
        {
            if (!File.Exists(file)) throw new FileNotFoundException("Check configuration - cannot find auth key file: " + file);
            var keyParams = JsonConvert.DeserializeObject<RSAParameters>(File.ReadAllText(file));
            return keyParams;
        }
    }
}