Página inicial Explorar Ajuda
Entrar
lukas.angerer
/
PasswordlessWebLogin
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

Factored out KeyConverter

Lukas Angerer 2 anos atrás
pai
8a32d6108c
commit
48d5434f12
3 arquivos alterados com 49 adições e 30 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1 27
      CredentialManager.cs
  2. 46 0
      KeyConverter.cs
  3. 2 3
      Program.cs

+ 1 - 27
CredentialManager.cs
Ver arquivo 

@@ -25,7 +25,7 @@ public class CredentialManager
 
         _fido2 = fido2;

         _optionsCache = optionsCache;

         _jwtConfig = jwtOptions.Value;

-        _rsa = ToRsa(_jwtConfig.Key!);

+        _rsa = KeyConverter.JwkToRsa(_jwtConfig.Key!);

 

         _jsonOptions = new JsonSerializerOptions()

         {

@@ -192,31 +192,5 @@ public class CredentialManager
 
         return token;

     }

 

-    private RSA ToRsa(JsonWebKey key)

-    {

-        var rsaParameters = new RSAParameters

-        {

-            // PUBLIC KEY PARAMETERS

-            // n parameter - public modulus

-            Modulus = Base64UrlEncoder.DecodeBytes(key.N),

-            // e parameter - public exponent

-            Exponent = Base64UrlEncoder.DecodeBytes(key.E),

     

-            // PRIVATE KEY PARAMETERS (optional)

-            // d parameter - the private exponent value for the RSA key 

-            D = Base64UrlEncoder.DecodeBytes(key.D),

-            // dp parameter - CRT exponent of the first factor

-            DP = Base64UrlEncoder.DecodeBytes(key.DP),

-            // dq parameter - CRT exponent of the second factor

-            DQ = Base64UrlEncoder.DecodeBytes(key.DQ),

-            // p parameter - first prime factor

-            P = Base64UrlEncoder.DecodeBytes(key.P),

-            // q parameter - second prime factor

-            Q = Base64UrlEncoder.DecodeBytes(key.Q),

-            // qi parameter - CRT coefficient of the second factor

-            InverseQ = Base64UrlEncoder.DecodeBytes(key.QI)

-        };

-

-        return RSA.Create(rsaParameters);

-    }

 }

+ 46 - 0
KeyConverter.cs
Ver arquivo 

@@ -0,0 +1,46 @@
 
+using System.Security.Cryptography;

+using Microsoft.IdentityModel.Tokens;

+

+namespace Passwordless;

+

+public static class KeyConverter

+{

+    public static RSA JwkToRsa(JsonWebKey key)

+    {

+        var rsaParameters = new RSAParameters

+        {

+            // PUBLIC KEY PARAMETERS

+            // n parameter - public modulus

+            Modulus = Base64UrlEncoder.DecodeBytes(key.N),

+            // e parameter - public exponent

+            Exponent = Base64UrlEncoder.DecodeBytes(key.E),

+    

+            // PRIVATE KEY PARAMETERS (optional)

+            // d parameter - the private exponent value for the RSA key 

+            D = Base64UrlEncoder.DecodeBytes(key.D),

+            // dp parameter - CRT exponent of the first factor

+            DP = Base64UrlEncoder.DecodeBytes(key.DP),

+            // dq parameter - CRT exponent of the second factor

+            DQ = Base64UrlEncoder.DecodeBytes(key.DQ),

+            // p parameter - first prime factor

+            P = Base64UrlEncoder.DecodeBytes(key.P),

+            // q parameter - second prime factor

+            Q = Base64UrlEncoder.DecodeBytes(key.Q),

+            // qi parameter - CRT coefficient of the second factor

+            InverseQ = Base64UrlEncoder.DecodeBytes(key.QI)

+        };

+

+        return RSA.Create(rsaParameters);

+    }

+

+    public static JsonWebKey ExtractPublicKey(JsonWebKey key)

+    {

+        return new JsonWebKey()

+        {

+            Kty = key.Kty,

+            E = key.E,

+            N = key.N,

+            Use = "sig",

+        };

+    }

+}

+ 2 - 3
Program.cs
Ver arquivo 

@@ -5,7 +5,6 @@ using Microsoft.AspNetCore.Mvc;
 
 using Microsoft.IdentityModel.Tokens;

 using Passwordless;

 

-// TODO: RoslynPad code for key generation

 var jwk = JsonWebKey.Create(File.ReadAllText("./demo-jwk.json"));

 //var host = "http://localhost:5172";

 var host = "https://demo.larcanum.net";

@@ -21,7 +20,7 @@ builder.Services.AddFido2(options =>
 
     // server domain MUST match the actual domain name that the client uses to make the request from

     options.ServerDomain = host.Substring(host.LastIndexOf("/", StringComparison.Ordinal) + 1);

     options.ServerName = "FIDO2 Test";

-    options.Origins = [host];

+    options.Origins = [host, "http://localhost:5172"];

     options.TimestampDriftTolerance = 300000;

 });

 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

@@ -44,7 +43,7 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
 
         options.Authority = host;

         options.TokenValidationParameters = new TokenValidationParameters

         {

-            IssuerSigningKey = jwk,

+            IssuerSigningKey = KeyConverter.ExtractPublicKey(jwk),

             ValidIssuer = host,

             ValidAudience = host,

             NameClaimType = ClaimTypes.NameIdentifier, // important to get the "sub" claim mapped to User.Identity.Name