644b005f2a
The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet)
46 lines
1.3 KiB
C#
46 lines
1.3 KiB
C#
using IdentityShroud.Core.Contracts;
|
|
using IdentityShroud.Core.Messages;
|
|
using IdentityShroud.Core.Model;
|
|
using IdentityShroud.Core.Security.Keys;
|
|
|
|
namespace IdentityShroud.Core.Services;
|
|
|
|
public class KeyService(
|
|
IEncryptionService cryptor,
|
|
IKeyProviderFactory keyProviderFactory,
|
|
IClock clock) : IKeyService
|
|
{
|
|
public RealmKey CreateKey(KeyPolicy policy)
|
|
{
|
|
IKeyProvider provider = keyProviderFactory.CreateProvider(policy.KeyType);
|
|
var plainKey = provider.CreateKey(policy);
|
|
|
|
return CreateKey(policy.KeyType, plainKey);
|
|
}
|
|
|
|
public JsonWebKey? CreateJsonWebKey(RealmKey realmKey)
|
|
{
|
|
JsonWebKey jwk = new()
|
|
{
|
|
KeyId = realmKey.Id.ToString(),
|
|
KeyType = realmKey.KeyType,
|
|
Use = "sig",
|
|
};
|
|
|
|
IKeyProvider provider = keyProviderFactory.CreateProvider(realmKey.KeyType);
|
|
provider.SetJwkParameters(
|
|
cryptor.Decrypt(realmKey.Key),
|
|
jwk);
|
|
|
|
return jwk;
|
|
}
|
|
|
|
private RealmKey CreateKey(string keyType, byte[] plainKey) =>
|
|
new RealmKey()
|
|
{
|
|
Id = Guid.NewGuid(),
|
|
KeyType = keyType,
|
|
Key = cryptor.Encrypt(plainKey),
|
|
CreatedAt = clock.UtcNow(),
|
|
};
|
|
}
|