Update to RSA encryption instead of hmac
Docker Build and Release Upload / build (push) Successful in 1m28s
Docker Build and Release Upload / build (push) Successful in 1m28s
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using Auth.Entities;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
@@ -7,6 +8,9 @@ using Microsoft.IdentityModel.Tokens;
|
||||
namespace Auth.Services {
|
||||
public class AuthJWT {
|
||||
|
||||
public static RsaSecurityKey RsaPublicKey = LoadRSAKey("/certs/public_key.pem");
|
||||
public static RsaSecurityKey RsaPrivateKey = LoadRSAKey("/certs/private_key.pem");
|
||||
|
||||
public static string TokenAudience = "mistox-llc-auth-token";
|
||||
public static string TokenIssuer = "https://auth.mistox.com";
|
||||
public static string TokenSecretKey = "";
|
||||
@@ -18,15 +22,13 @@ namespace Auth.Services {
|
||||
ValidateIssuerSigningKey = true,
|
||||
ValidIssuer = TokenIssuer,
|
||||
ValidAudience = TokenAudience,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(TokenSecretKey)),
|
||||
IssuerSigningKey = RsaPublicKey,
|
||||
ClockSkew = TimeSpan.FromMinutes(1)
|
||||
};
|
||||
|
||||
public static string GenereateJWTToken(Account account, bool StayLoggedIn) {
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var key = Encoding.UTF8.GetBytes(TokenSecretKey);
|
||||
|
||||
var tokenDiscriptor = new SecurityTokenDescriptor {
|
||||
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
|
||||
SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor {
|
||||
Subject = new ClaimsIdentity([
|
||||
new Claim(ClaimTypes.NameIdentifier, account.ID.ToString()),
|
||||
new Claim(ClaimTypes.Name, account.UserName),
|
||||
@@ -37,7 +39,7 @@ namespace Auth.Services {
|
||||
]),
|
||||
Expires = DateTime.UtcNow.AddDays(7),
|
||||
IssuedAt = DateTime.UtcNow,
|
||||
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256),
|
||||
SigningCredentials = new SigningCredentials(RsaPrivateKey, SecurityAlgorithms.RsaSha256),
|
||||
Audience = TokenAudience,
|
||||
Issuer = TokenIssuer
|
||||
};
|
||||
@@ -46,7 +48,7 @@ namespace Auth.Services {
|
||||
return tokenHandler.WriteToken(token);
|
||||
}
|
||||
|
||||
public static string RenewJWTToken( ClaimsPrincipal principal ) {
|
||||
public static string RenewJWTToken(ClaimsPrincipal principal) {
|
||||
return GenereateJWTToken(new Account {
|
||||
ID = Convert.ToInt32(principal.FindFirst(ClaimTypes.NameIdentifier)!.Value),
|
||||
UserName = principal.FindFirst(ClaimTypes.Name)!.Value,
|
||||
@@ -56,5 +58,12 @@ namespace Auth.Services {
|
||||
}, Convert.ToBoolean(principal.FindFirst(ClaimTypes.IsPersistent)!.Value));
|
||||
}
|
||||
|
||||
public static RsaSecurityKey LoadRSAKey(string KeyPath) {
|
||||
string KeyText = File.ReadAllText(KeyPath);
|
||||
RSA rsa = RSA.Create();
|
||||
rsa.ImportFromPem(KeyText.ToCharArray());
|
||||
return new RsaSecurityKey(rsa);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user