Add tests and fixes to .well-known/openid-configuration and create realm

2026-02-14 14:50:06 +01:00 · 2026-02-14 14:50:06 +01:00 · d440979451
commit d440979451
parent e07d6e3ea5
17 changed files with 642 additions and 45 deletions
--- a/IdentityShroud.Core/Db.cs
+++ b/IdentityShroud.Core/Db.cs
@ -17,6 +17,7 @@ public class Db(
    : DbContext
 {
    public virtual DbSet<Realm> Realms { get; set; }
+    public virtual DbSet<Key> Keys { get; set; }
    
    protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
    {
--- a/IdentityShroud.Core/Model/Key.cs
+++ b/IdentityShroud.Core/Model/Key.cs
@ -0,0 +1,45 @@
+using System.ComponentModel.DataAnnotations.Schema;
+using IdentityShroud.Core.Contracts;
+
+namespace IdentityShroud.Core.Model;
+
+
+[Table("key")]
+public class Key
+{
+    private byte[] _privateKeyDecrypted = [];
+
+    public Guid Id { get; set; }
+    
+    public DateTime CreatedAt { get; set; }
+    public DateTime? DeactivatedAt { get; set; }
+
+    /// <summary>
+    /// Key with highest priority will be used. While there is not really a use case for this I know some users
+    /// are more comfortable replacing keys by using priority then directly deactivating the old key.
+    /// </summary>
+    public int Priority { get; set; } = 10;
+    
+    public byte[] PrivateKeyEncrypted
+    {
+        get;
+        set
+        {
+            field = value;
+            _privateKeyDecrypted = [];
+        }
+    } = [];
+
+    public byte[] GetPrivateKey(IEncryptionService encryptionService)
+    {
+        if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)
+            _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);
+        return _privateKeyDecrypted;
+    }
+
+    public void SetPrivateKey(IEncryptionService encryptionService, byte[] privateKey)
+    {
+        PrivateKeyEncrypted = encryptionService.Encrypt(privateKey);
+        _privateKeyDecrypted = privateKey;
+    }
+}
--- a/IdentityShroud.Core/Model/Realm.cs
+++ b/IdentityShroud.Core/Model/Realm.cs
@ -1,13 +1,11 @@
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
-using IdentityShroud.Core.Contracts;

 namespace IdentityShroud.Core.Model;

 [Table("realm")]
 public class Realm
 {
-    private byte[] _privateKeyDecrypted = [];
    
    public Guid Id { get; set; }
    /// <summary>
@ -20,26 +18,5 @@ public class Realm
    public string Name { get; set; } = "";
    public List<Client> Clients { get; init; } = [];

-    public byte[] PrivateKeyEncrypted
-    {
-        get;
-        set
-        {
-            field = value;
-            _privateKeyDecrypted = [];
-        }
-    } = [];
-
-    public byte[] GetPrivateKey(IEncryptionService encryptionService)
-    {
-        if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)
-            _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);
-        return _privateKeyDecrypted;
-    }
-
-    public void SetPrivateKey(IEncryptionService encryptionService, byte[] privateKey)
-    {
-        PrivateKeyEncrypted = encryptionService.Encrypt(privateKey);
-        _privateKeyDecrypted = privateKey;
-    }
+    public List<Key> Keys { get; init; } = [];
 }
--- a/IdentityShroud.Core/Services/IRealmService.cs
+++ b/IdentityShroud.Core/Services/IRealmService.cs
@ -1,8 +1,11 @@
 using IdentityShroud.Core.Messages.Realm;
+using IdentityShroud.Core.Model;

 namespace IdentityShroud.Core.Services;

 public interface IRealmService
 {
+    Task<Realm?> FindBySlug(string slug, CancellationToken ct = default);
+        
    Task<Result<RealmCreateResponse>> Create(RealmCreateRequest request, CancellationToken ct = default);
 }
--- a/IdentityShroud.Core/Services/RealmService.cs
+++ b/IdentityShroud.Core/Services/RealmService.cs
@ -12,6 +12,11 @@ public class RealmService(
    Db db,
    IEncryptionService encryptionService) : IRealmService
 {
+    public Task<Realm?> FindBySlug(string slug, CancellationToken ct = default)
+    {
+        throw new NotImplementedException();
+    }
+
    public async Task<Result<RealmCreateResponse>> Create(RealmCreateRequest request, CancellationToken ct = default)
    {
        Realm realm = new()
@ -19,10 +24,10 @@ public class RealmService(
            Id = request.Id ?? Guid.CreateVersion7(),
            Slug = request.Slug ?? SlugHelper.GenerateSlug(request.Name),
            Name = request.Name,
+            Keys = [ CreateKey() ],
        };
        
-        using RSA rsa = RSA.Create(2048);
-        realm.SetPrivateKey(encryptionService, rsa.ExportPkcs8PrivateKey());
+        

        db.Add(realm);
        await db.SaveChangesAsync(ct);
@ -30,4 +35,17 @@ public class RealmService(
        return new RealmCreateResponse(
            realm.Id, realm.Slug, realm.Name);
    }
+
+    private Key CreateKey()
+    {
+        using RSA rsa = RSA.Create(2048);
+
+        Key key = new()
+        {
+            Priority = 10,
+        };
+        key.SetPrivateKey(encryptionService, rsa.ExportPkcs8PrivateKey());
+
+        return key;
+    }
 }