IdentityShroud/IdentityShroud.Core/Services/KeyService.cs

using System.Security.Cryptography;
using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Messages;
using IdentityShroud.Core.Model;
using IdentityShroud.Core.Security.Keys;

namespace IdentityShroud.Core.Services;

public class KeyService(
    IEncryptionService cryptor,
    IKeyProviderFactory keyProviderFactory,
    IClock clock) : IKeyService
{
    public RealmKey CreateKey(KeyPolicy policy)
    {
        IKeyProvider provider = keyProviderFactory.CreateProvider(policy.KeyType);
        var plainKey = provider.CreateKey(policy);

        return CreateKey(policy.KeyType, plainKey);
    }

    public JsonWebKey? CreateJsonWebKey(RealmKey realmKey)
    {
        JsonWebKey jwk = new()
        {
            KeyId = realmKey.Id.ToString(),
            KeyType = realmKey.KeyType,
            Use = "sig",
        };
        
        IKeyProvider provider = keyProviderFactory.CreateProvider(realmKey.KeyType);
        provider.SetJwkParameters(
            cryptor.Decrypt(realmKey.KeyDataEncrypted),
            jwk);

        return jwk;
    }

    private RealmKey CreateKey(string keyType, byte[] plainKey) =>
        new RealmKey(
            Guid.NewGuid(),
            keyType,
            cryptor.Encrypt(plainKey),
            clock.UtcNow());

    // public byte[] GetPrivateKey(IEncryptionService encryptionService)
    // {
    //     if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)
    //         _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);
    //     return _privateKeyDecrypted;
    // }
}
Reworked code around signing keys have key details much more isolated from the other parts of the program. 2026-02-21 20:15:46 +01:00			`using System.Security.Cryptography;`
			`using IdentityShroud.Core.Contracts;`
			`using IdentityShroud.Core.Messages;`
			`using IdentityShroud.Core.Model;`
			`using IdentityShroud.Core.Security.Keys;`

			`namespace IdentityShroud.Core.Services;`

			`public class KeyService(`
			`IEncryptionService cryptor,`
			`IKeyProviderFactory keyProviderFactory,`
			`IClock clock) : IKeyService`
			`{`
			`public RealmKey CreateKey(KeyPolicy policy)`
			`{`
			`IKeyProvider provider = keyProviderFactory.CreateProvider(policy.KeyType);`
			`var plainKey = provider.CreateKey(policy);`

			`return CreateKey(policy.KeyType, plainKey);`
			`}`

			`public JsonWebKey? CreateJsonWebKey(RealmKey realmKey)`
			`{`
			`JsonWebKey jwk = new()`
			`{`
			`KeyId = realmKey.Id.ToString(),`
			`KeyType = realmKey.KeyType,`
			`Use = "sig",`
			`};`

			`IKeyProvider provider = keyProviderFactory.CreateProvider(realmKey.KeyType);`
			`provider.SetJwkParameters(`
			`cryptor.Decrypt(realmKey.KeyDataEncrypted),`
			`jwk);`

			`return jwk;`
			`}`

			`private RealmKey CreateKey(string keyType, byte[] plainKey) =>`
			`new RealmKey(`
			`Guid.NewGuid(),`
			`keyType,`
			`cryptor.Encrypt(plainKey),`
			`clock.UtcNow());`

			`// public byte[] GetPrivateKey(IEncryptionService encryptionService)`
			`// {`
			`// if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)`
			`// _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);`
			`// return _privateKeyDecrypted;`
			`// }`
			`}`