MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2025-12-31 04:00:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

(refactor): jwk and jws external classes usage

Browse Source
This commit is contained in:
Maksym Sadovnychyy 2025-11-12 18:40:49 +01:00
parent 7a745a30db
commit 85d72b7b28
10 changed files with 49 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/LetsEncrypt/Entities/Jws/ACMEJwsHeader.cs Normal file
View File

@ -0,0 +1,11 @@
using MaksIT.Core.Security.JWS;
using System.Text.Json.Serialization;
namespace MaksIT.LetsEncrypt.Entities.Jws;
public class ACMEJwsHeader : JwsHeader {
[JsonPropertyName("url")]
public string? Url { get; set; }
[JsonPropertyName("nonce")]
public string? Nonce { get; set; }
}

106
src/LetsEncrypt/Entities/Jws/Jwk.cs
View File

@ -1,106 +0,0 @@
// https://tools.ietf.org/html/rfc7517
using System.Text.Json.Serialization;
namespace MaksIT.LetsEncrypt.Entities.Jws;
public class Jwk {
/// <summary>
/// "kty" (Key Type) Parameter
/// <para>
/// The "kty" (key type) parameter identifies the cryptographic algorithm
/// family used with the key, such as "RSA" or "EC".
/// </para>
/// </summary>
[JsonPropertyName("kty")]
public string? KeyType { get; set; }
/// <summary>
/// "kid" (Key ID) Parameter
/// <para>
/// The "kid" (key ID) parameter is used to match a specific key. This
/// is used, for instance, to choose among a set of keys within a JWK Set
/// during key rollover. The structure of the "kid" value is
/// unspecified.
/// </para>
/// </summary>
[JsonPropertyName("kid")]
public string? KeyId { get; set; }
/// <summary>
/// "use" (Public Key Use) Parameter
/// <para>
/// The "use" (public key use) parameter identifies the intended use of
/// the public key. The "use" parameter is employed to indicate whether
/// a public key is used for encrypting data or verifying the signature
/// on data.
/// </para>
/// </summary>
[JsonPropertyName("use")]
public string? Use { get; set; }
/// <summary>
/// The the modulus value for the public RSA key. It is represented as the Base64URL encoding of value's big endian representation.
/// </summary>
[JsonPropertyName("n")]
public string? Modulus { get; set; }
/// <summary>
/// The exponent value for the public RSA key. It is represented as the Base64URL encoding of value's big endian representation.
/// </summary>
[JsonPropertyName("e")]
public string? Exponent { get; set; }
/// <summary>
/// The private exponent. It is represented as the Base64URL encoding of the value's big endian representation.
/// </summary>
[JsonPropertyName("d")]
public string? D { get; set; }
/// <summary>
/// The first prime factor. It is represented as the Base64URL encoding of the value's big endian representation.
/// </summary>
[JsonPropertyName("p")]
public string? P { get; set; }
/// <summary>
/// The second prime factor. It is represented as the Base64URL encoding of the value's big endian representation.
/// </summary>
[JsonPropertyName("q")]
public string? Q { get; set; }
/// <summary>
/// The first factor Chinese Remainder Theorem exponent. It is represented as the Base64URL encoding of the value's big endian representation.
/// </summary>
[JsonPropertyName("dp")]
public string? DP { get; set; }
/// <summary>
/// The second factor Chinese Remainder Theorem exponent. It is represented as the Base64URL encoding of the value's big endian representation.
/// </summary>
[JsonPropertyName("dq")]
public string? DQ { get; set; }
/// <summary>
/// The first Chinese Remainder Theorem coefficient. It is represented as the Base64URL encoding of the value's big endian representation.
/// </summary>
[JsonPropertyName("qi")]
public string? InverseQ { get; set; }
/// <summary>
/// The other primes information, should they exist, null or an empty list if not specified.
/// </summary>
[JsonPropertyName("oth")]
public string? OthInf { get; set; }
/// <summary>
/// "alg" (Algorithm) Parameter
/// <para>
/// The "alg" (algorithm) parameter identifies the algorithm intended for
/// use with the key.
/// </para>
/// </summary>
[JsonPropertyName("alg")]
public string? Algorithm { get; set; }
}

35
src/LetsEncrypt/Entities/Jws/JwsMessage.cs
View File

@ -1,35 +0,0 @@
using System.Text.Json.Serialization;
namespace MaksIT.LetsEncrypt.Entities.Jws;
public class JwsMessage {
public string? Protected { get; set; }
public string? Payload { get; set; }
public string? Signature { get; set; }
}
public class JwsHeader {
[JsonPropertyName("alg")]
public string? Algorithm { get; set; }
[JsonPropertyName("jwk")]
public Jwk? Key { get; set; }
[JsonPropertyName("kid")]
public string? KeyId { get; set; }
public string? Nonce { get; set; }
public Uri? Url { get; set; }
[JsonPropertyName("Host")]
public string? Host { get; set; }
}

2
src/LetsEncrypt/Entities/LetsEncrypt/RegistrationCache.cs
View File

@ -2,7 +2,7 @@
using System.Text; using System.Text;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
using MaksIT.LetsEncrypt.Entities.Jws; using MaksIT.Core.Security.JWK;
namespace MaksIT.LetsEncrypt.Entities; namespace MaksIT.LetsEncrypt.Entities;

2
src/LetsEncrypt/LetsEncrypt.csproj
View File

@ -8,7 +8,7 @@
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<PackageReference Include="MaksIT.Core" Version="1.5.4" /> <PackageReference Include="MaksIT.Core" Version="1.5.6" />
<PackageReference Include="MaksIT.Results" Version="1.1.1" /> <PackageReference Include="MaksIT.Results" Version="1.1.1" />
<PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="10.0.0" /> <PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="10.0.0" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" /> <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />

3
src/LetsEncrypt/Models/Responses/Account.cs
View File

@ -1,4 +1,5 @@
using MaksIT.LetsEncrypt.Entities.Jws; using MaksIT.Core.Security.JWK;
using MaksIT.LetsEncrypt.Entities.Jws;
using MaksIT.LetsEncrypt.Models.Interfaces; using MaksIT.LetsEncrypt.Models.Interfaces;
/* /*

21
src/LetsEncrypt/Services/JwsService.cs
View File

@ -7,14 +7,16 @@ using System.Text;
using System.Security.Cryptography; using System.Security.Cryptography;
using MaksIT.Core.Extensions; using MaksIT.Core.Extensions;
using MaksIT.LetsEncrypt.Entities.Jws; using MaksIT.LetsEncrypt.Entities.Jws;
using MaksIT.Core.Security.JWK;
using MaksIT.Core.Security.JWS;
namespace MaksIT.LetsEncrypt.Services; namespace MaksIT.LetsEncrypt.Services;
public interface IJwsService { public interface IJwsService {
void SetKeyId(string location); void SetKeyId(string location);
JwsMessage Encode(JwsHeader protectedHeader); JwsMessage Encode(ACMEJwsHeader protectedHeader);
JwsMessage Encode<TPayload>(TPayload payload, JwsHeader protectedHeader); JwsMessage Encode<TPayload>(TPayload payload, ACMEJwsHeader protectedHeader);
string GetKeyAuthorization(string token); string GetKeyAuthorization(string token);
string Base64UrlEncoded(string s); string Base64UrlEncoded(string s);
string Base64UrlEncoded(byte[] arg); string Base64UrlEncoded(byte[] arg);
@ -35,8 +37,8 @@ public class JwsService : IJwsService {
_jwk = new Jwk() { _jwk = new Jwk() {
KeyType = "RSA", KeyType = "RSA",
Exponent = Base64UrlEncoded(exp), RsaExponent = Base64UrlEncoded(exp),
Modulus = Base64UrlEncoded(mod), RsaModulus = Base64UrlEncoded(mod),
}; };
} }
@ -44,10 +46,10 @@ public class JwsService : IJwsService {
_jwk.KeyId = location; _jwk.KeyId = location;
} }
public JwsMessage Encode(JwsHeader protectedHeader) => public JwsMessage Encode(ACMEJwsHeader protectedHeader) =>
Encode<string>(null, protectedHeader); Encode<string>(null, protectedHeader);
public JwsMessage Encode<T>(T? payload, JwsHeader protectedHeader) { public JwsMessage Encode<T>(T? payload, ACMEJwsHeader protectedHeader) {
protectedHeader.Algorithm = "RS256"; protectedHeader.Algorithm = "RS256";
if (_jwk.KeyId != null) { if (_jwk.KeyId != null) {
@ -69,7 +71,6 @@ public class JwsService : IJwsService {
message.Payload = Base64UrlEncoded(payload.ToJson()); message.Payload = Base64UrlEncoded(payload.ToJson());
} }
message.Signature = Base64UrlEncoded( message.Signature = Base64UrlEncoded(
_rsa.SignData(Encoding.ASCII.GetBytes($"{message.Protected}.{message.Payload}"), _rsa.SignData(Encoding.ASCII.GetBytes($"{message.Protected}.{message.Payload}"),
HashAlgorithmName.SHA256, HashAlgorithmName.SHA256,
@ -84,12 +85,12 @@ public class JwsService : IJwsService {
private string GetSha256Thumbprint() { private string GetSha256Thumbprint() {
var thumbprint = new { var thumbprint = new {
e = _jwk.Exponent, e = _jwk.RsaExponent,
kty = "RSA", kty = "RSA",
n = _jwk.Modulus n = _jwk.RsaModulus
}; };
var json = "{\"e\":\"" + _jwk.Exponent + "\",\"kty\":\"RSA\",\"n\":\"" + _jwk.Modulus + "\"}"; var json = "{\"e\":\"" + _jwk.RsaExponent + "\",\"kty\":\"RSA\",\"n\":\"" + _jwk.RsaModulus + "\"}";
return Base64UrlEncoded(SHA256.HashData(Encoding.UTF8.GetBytes(json))); return Base64UrlEncoded(SHA256.HashData(Encoding.UTF8.GetBytes(json)));
} }

42
src/LetsEncrypt/Services/LetsEncryptService.cs
View File

@ -89,8 +89,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, challenge.Url, state); await HandleNonceAsync(sessionId, challenge.Url, state);
var pollJson = EncodeMessage(true, null, state, new JwsHeader { var pollJson = EncodeMessage(true, null, state, new ACMEJwsHeader {
Url = challenge.Url, Url = challenge.Url.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -194,8 +194,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, state.Directory.NewAccount, state); await HandleNonceAsync(sessionId, state.Directory.NewAccount, state);
var json = EncodeMessage(false, letsEncryptOrder, state, new JwsHeader { var json = EncodeMessage(false, letsEncryptOrder, state, new ACMEJwsHeader {
Url = state.Directory.NewAccount, Url = state.Directory.NewAccount.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -287,8 +287,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, state.Directory.NewOrder, state); await HandleNonceAsync(sessionId, state.Directory.NewOrder, state);
var json = EncodeMessage(false, letsEncryptOrder, state, new JwsHeader { var json = EncodeMessage(false, letsEncryptOrder, state, new ACMEJwsHeader {
Url = state.Directory.NewOrder, Url = state.Directory.NewOrder.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -316,8 +316,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, item, state); await HandleNonceAsync(sessionId, item, state);
json = EncodeMessage(true, null, state, new JwsHeader { json = EncodeMessage(true, null, state, new ACMEJwsHeader {
Url = item, Url = item.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -399,8 +399,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, challenge.Url, state); await HandleNonceAsync(sessionId, challenge.Url, state);
var json = EncodeMessage(false, "{}", state, new JwsHeader { var json = EncodeMessage(false, "{}", state, new ACMEJwsHeader {
Url = challenge.Url, Url = challenge.Url.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -440,8 +440,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, state.Directory.NewOrder, state); await HandleNonceAsync(sessionId, state.Directory.NewOrder, state);
var json = EncodeMessage(false, letsEncryptOrder, state, new JwsHeader { var json = EncodeMessage(false, letsEncryptOrder, state, new ACMEJwsHeader {
Url = state.Directory.NewOrder, Url = state.Directory.NewOrder.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -501,8 +501,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, state.CurrentOrder.Finalize!, state); await HandleNonceAsync(sessionId, state.CurrentOrder.Finalize!, state);
var json = EncodeMessage(false, letsEncryptOrder, state, new JwsHeader { var json = EncodeMessage(false, letsEncryptOrder, state, new ACMEJwsHeader {
Url = state.CurrentOrder.Finalize, Url = state.CurrentOrder.Finalize.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -515,8 +515,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, state.CurrentOrder.Location!, state); await HandleNonceAsync(sessionId, state.CurrentOrder.Location!, state);
json = EncodeMessage(true, null, state, new JwsHeader { json = EncodeMessage(true, null, state, new ACMEJwsHeader {
Url = state.CurrentOrder.Location, Url = state.CurrentOrder.Location.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -544,8 +544,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, certificateUrl!, state); await HandleNonceAsync(sessionId, certificateUrl!, state);
var finalJson = EncodeMessage(true, null, state, new JwsHeader { var finalJson = EncodeMessage(true, null, state, new ACMEJwsHeader {
Url = certificateUrl, Url = certificateUrl.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}); });
@ -617,8 +617,8 @@ public class LetsEncryptService : ILetsEncryptService {
await HandleNonceAsync(sessionId, state.Directory.RevokeCert, state); await HandleNonceAsync(sessionId, state.Directory.RevokeCert, state);
var jwsHeader = new JwsHeader { var jwsHeader = new ACMEJwsHeader {
Url = state.Directory.RevokeCert, Url = state.Directory.RevokeCert.ToString(),
Nonce = state.Nonce Nonce = state.Nonce
}; };
@ -691,7 +691,7 @@ public class LetsEncryptService : ILetsEncryptService {
} }
} }
private string EncodeMessage(bool isPostAsGet, object? requestModel, State state, JwsHeader jwsHeader) { private string EncodeMessage(bool isPostAsGet, object? requestModel, State state, ACMEJwsHeader jwsHeader) {
return isPostAsGet return isPostAsGet
? state.JwsService!.Encode(jwsHeader).ToJson() ? state.JwsService!.Encode(jwsHeader).ToJson()
: state.JwsService!.Encode(requestModel, jwsHeader).ToJson(); : state.JwsService!.Encode(requestModel, jwsHeader).ToJson();

2
src/MaksIT.Webapi/Dockerfile
View File

@ -8,7 +8,7 @@ EXPOSE 5000
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG BUILD_CONFIGURATION=Release ARG BUILD_CONFIGURATION=Release
WORKDIR /src WORKDIR /src
COPY ["Models/Models.csproj", "Models/"] COPY ["MaksIT.Models/MaksIT.Models.csproj", "MaksIT.Models/"]
COPY ["LetsEncrypt/LetsEncrypt.csproj", "LetsEncrypt/"] COPY ["LetsEncrypt/LetsEncrypt.csproj", "LetsEncrypt/"]
COPY ["MaksIT.Webapi/MaksIT.Webapi.csproj", "MaksIT.Webapi/"] COPY ["MaksIT.Webapi/MaksIT.Webapi.csproj", "MaksIT.Webapi/"]
RUN dotnet restore "./MaksIT.Webapi/MaksIT.Webapi.csproj" RUN dotnet restore "./MaksIT.Webapi/MaksIT.Webapi.csproj"

2
src/Models/MaksIT.Models.csproj
View File

@ -11,7 +11,7 @@
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<PackageReference Include="MaksIT.Core" Version="1.5.4" /> <PackageReference Include="MaksIT.Core" Version="1.5.6" />
</ItemGroup> </ItemGroup>
</Project> </Project>