Reworked code around signing keys have key details much more isolated from the other parts of the program.

2026-02-21 20:15:46 +01:00 · 2026-02-21 20:15:46 +01:00 · 0c6f227049
commit 0c6f227049
parent eb872a4f44
40 changed files with 474 additions and 281 deletions
--- a/IdentityShroud.Core/Services/KeyService.cs
+++ b/IdentityShroud.Core/Services/KeyService.cs
@ -0,0 +1,52 @@
+using System.Security.Cryptography;
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Messages;
+using IdentityShroud.Core.Model;
+using IdentityShroud.Core.Security.Keys;
+
+namespace IdentityShroud.Core.Services;
+
+public class KeyService(
+    IEncryptionService cryptor,
+    IKeyProviderFactory keyProviderFactory,
+    IClock clock) : IKeyService
+{
+    public RealmKey CreateKey(KeyPolicy policy)
+    {
+        IKeyProvider provider = keyProviderFactory.CreateProvider(policy.KeyType);
+        var plainKey = provider.CreateKey(policy);
+
+        return CreateKey(policy.KeyType, plainKey);
+    }
+
+    public JsonWebKey? CreateJsonWebKey(RealmKey realmKey)
+    {
+        JsonWebKey jwk = new()
+        {
+            KeyId = realmKey.Id.ToString(),
+            KeyType = realmKey.KeyType,
+            Use = "sig",
+        };
+        
+        IKeyProvider provider = keyProviderFactory.CreateProvider(realmKey.KeyType);
+        provider.SetJwkParameters(
+            cryptor.Decrypt(realmKey.KeyDataEncrypted),
+            jwk);
+
+        return jwk;
+    }
+
+    private RealmKey CreateKey(string keyType, byte[] plainKey) =>
+        new RealmKey(
+            Guid.NewGuid(),
+            keyType,
+            cryptor.Encrypt(plainKey),
+            clock.UtcNow());
+
+    // public byte[] GetPrivateKey(IEncryptionService encryptionService)
+    // {
+    //     if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)
+    //         _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);
+    //     return _privateKeyDecrypted;
+    // }
+}