WIP making ClientCreate endpoint
This commit is contained in:
eelke
parent
138f335af0
commit
eb872a4f44
28 changed files with 365 additions and 121 deletions
54
IdentityShroud.Core/Services/ClientService.cs
Normal file
54
IdentityShroud.Core/Services/ClientService.cs
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
using System.Security.Cryptography;
|
||||
using IdentityShroud.Core.Contracts;
|
||||
using IdentityShroud.Core.Model;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace IdentityShroud.Core.Services;
|
||||
|
||||
public class ClientService(
|
||||
Db db,
|
||||
IEncryptionService cryptor,
|
||||
IClock clock) : IClientService
|
||||
{
|
||||
public async Task<Result<Client>> Create(Guid realmId, ClientCreateRequest request, CancellationToken ct = default)
|
||||
{
|
||||
Client client = new()
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
RealmId = realmId,
|
||||
ClientId = request.ClientId,
|
||||
Name = request.Name,
|
||||
Description = request.Description,
|
||||
SignatureAlgorithm = request.SignatureAlgorithm,
|
||||
AllowClientCredentialsFlow = request.AllowClientCredentialsFlow ?? false,
|
||||
CreatedAt = clock.UtcNow(),
|
||||
};
|
||||
|
||||
if (client.AllowClientCredentialsFlow)
|
||||
{
|
||||
client.Secrets.Add(CreateSecret());
|
||||
}
|
||||
|
||||
await db.AddAsync(client, ct);
|
||||
await db.SaveChangesAsync(ct);
|
||||
|
||||
return client;
|
||||
}
|
||||
|
||||
public async Task<Client?> GetByClientId(string clientId, CancellationToken ct = default)
|
||||
{
|
||||
return await db.Clients.FirstOrDefaultAsync(c => c.ClientId == clientId, ct);
|
||||
}
|
||||
|
||||
private ClientSecret CreateSecret()
|
||||
{
|
||||
byte[] secret = RandomNumberGenerator.GetBytes(24);
|
||||
|
||||
return new ClientSecret()
|
||||
{
|
||||
CreatedAt = clock.UtcNow(),
|
||||
SecretEncrypted = cryptor.Encrypt(secret),
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
11
IdentityShroud.Core/Services/ClockService.cs
Normal file
11
IdentityShroud.Core/Services/ClockService.cs
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
using IdentityShroud.Core.Contracts;
|
||||
|
||||
namespace IdentityShroud.Core.Services;
|
||||
|
||||
public class ClockService : IClock
|
||||
{
|
||||
public DateTime UtcNow()
|
||||
{
|
||||
return DateTime.UtcNow;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
using IdentityShroud.Core.Messages.Realm;
|
||||
using IdentityShroud.Core.Model;
|
||||
|
||||
namespace IdentityShroud.Core.Services;
|
||||
|
||||
public interface IRealmService
|
||||
{
|
||||
Task<Realm?> FindBySlug(string slug, CancellationToken ct = default);
|
||||
|
||||
Task<Result<RealmCreateResponse>> Create(RealmCreateRequest request, CancellationToken ct = default);
|
||||
Task LoadActiveKeys(Realm realm);
|
||||
}
|
||||
30
IdentityShroud.Core/Services/KeyProvisioningService.cs
Normal file
30
IdentityShroud.Core/Services/KeyProvisioningService.cs
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
using System.Security.Cryptography;
|
||||
using IdentityShroud.Core.Contracts;
|
||||
using IdentityShroud.Core.Model;
|
||||
|
||||
namespace IdentityShroud.Core.Services;
|
||||
|
||||
public class KeyProvisioningService(
|
||||
IEncryptionService encryptionService,
|
||||
IClock clock) : IKeyProvisioningService
|
||||
{
|
||||
public RealmKey CreateRsaKey(int keySize = 2048)
|
||||
{
|
||||
using var rsa = RSA.Create(keySize);
|
||||
return CreateKey("RSA", rsa.ExportPkcs8PrivateKey());
|
||||
}
|
||||
|
||||
private RealmKey CreateKey(string keyType, byte[] keyData) =>
|
||||
new RealmKey(
|
||||
Guid.NewGuid(),
|
||||
keyType,
|
||||
encryptionService.Encrypt(keyData),
|
||||
clock.UtcNow());
|
||||
|
||||
// public byte[] GetPrivateKey(IEncryptionService encryptionService)
|
||||
// {
|
||||
// if (_privateKeyDecrypted.Length == 0 && PrivateKeyEncrypted.Length > 0)
|
||||
// _privateKeyDecrypted = encryptionService.Decrypt(PrivateKeyEncrypted);
|
||||
// return _privateKeyDecrypted;
|
||||
// }
|
||||
}
|
||||
|
|
@ -11,7 +11,7 @@ public record RealmCreateResponse(Guid Id, string Slug, string Name);
|
|||
|
||||
public class RealmService(
|
||||
Db db,
|
||||
IEncryptionService encryptionService) : IRealmService
|
||||
IKeyProvisioningService keyProvisioningService) : IRealmService
|
||||
{
|
||||
public async Task<Realm?> FindBySlug(string slug, CancellationToken ct = default)
|
||||
{
|
||||
|
|
@ -26,7 +26,7 @@ public class RealmService(
|
|||
Id = request.Id ?? Guid.CreateVersion7(),
|
||||
Slug = request.Slug ?? SlugHelper.GenerateSlug(request.Name),
|
||||
Name = request.Name,
|
||||
Keys = [ CreateKey() ],
|
||||
Keys = [ keyProvisioningService.CreateRsaKey() ],
|
||||
};
|
||||
|
||||
db.Add(realm);
|
||||
|
|
@ -40,21 +40,8 @@ public class RealmService(
|
|||
{
|
||||
await db.Entry(realm).Collection(r => r.Keys)
|
||||
.Query()
|
||||
.Where(k => k.DeactivatedAt == null)
|
||||
.Where(k => k.RevokedAt == null)
|
||||
.LoadAsync();
|
||||
|
||||
}
|
||||
|
||||
private Key CreateKey()
|
||||
{
|
||||
using RSA rsa = RSA.Create(2048);
|
||||
|
||||
Key key = new()
|
||||
{
|
||||
Priority = 10,
|
||||
};
|
||||
key.SetPrivateKey(encryptionService, rsa.ExportPkcs8PrivateKey());
|
||||
|
||||
return key;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue