refactorisation : separation du code serveur d'authentification

OAuth.AspNet.Token/MonoDataProtectionProvider.cs

@@ -0,0 +1,38 @@
+
+
+
+using System;
+using System.IO;
+using Microsoft.AspNet.DataProtection;
+
+public class MonoDataProtectionProvider : IDataProtectionProvider
+{
+    private readonly string appName;
+
+    public MonoDataProtectionProvider()
+      : this(Guid.NewGuid().ToString())
+    { }
+
+    public MonoDataProtectionProvider(DirectoryInfo dataProtectionDirInfo)
+    : this(Guid.NewGuid().ToString())
+    {
+
+    }
+    public MonoDataProtectionProvider(string appName)
+    {
+        if (appName == null) { throw new ArgumentNullException("appName"); }
+        this.appName = appName;
+    }
+
+    public IDataProtector Create(params string[] purposes)
+    {
+        if (purposes == null) { throw new ArgumentNullException("profile"); }
+
+        return new MonoDataProtector(appName, purposes);
+    }
+
+    public IDataProtector CreateProtector(string purpose)
+    {
+        return Create(new string[] { purpose });
+    }
+}

OAuth.AspNet.Token/MonoDataProtector.cs

@@ -0,0 +1,83 @@
+//
+//  MonoDataProtector.cs
+//
+//  Author:
+//       Paul Schneider <paul@pschneider.fr>
+//
+//  Copyright (c) 2016 GNU GPL
+//
+//  This program is free software: you can redistribute it and/or modify
+//  it under the terms of the GNU Lesser General Public License as published by
+//  the Free Software Foundation, either version 3 of the License, or
+//  (at your option) any later version.
+//
+//  This program is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//  GNU Lesser General Public License for more details.
+//
+//  You should have received a copy of the GNU Lesser General Public License
+//  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+using System;
+using System.Security.Cryptography;
+using System.IO;
+using Microsoft.AspNet.DataProtection;
+using System.Linq;
+
+public class MonoDataProtector : IDataProtector
+{
+    private const string PRIMARY_PURPOSE = "IDataProtector";
+
+    private readonly string appName;
+    private readonly DataProtectionScope dataProtectionScope;
+    private readonly string[] purposes;
+
+    public MonoDataProtector(string appName, string[] purposes)
+    {
+        if (appName == null) { throw new ArgumentNullException("appName"); }
+        if (purposes == null) { throw new ArgumentNullException("purposes"); }
+
+        this.appName = appName;
+        this.purposes = purposes;
+        this.dataProtectionScope = DataProtectionScope.CurrentUser;
+    }
+
+    public IDataProtector CreateProtector(string purpose)
+    {
+        if (purposes.Contains(purpose))
+            return new MonoDataProtector(appName, new string[] { purpose });
+        return new MonoDataProtector(appName, new string[] { });
+    }
+
+    public byte[] Protect(byte[] userData)
+    {
+        return ProtectedData.Protect(userData, this.GetEntropy(), dataProtectionScope);
+    }
+
+    public byte[] Unprotect(byte[] protectedData)
+    {
+        return ProtectedData.Unprotect(protectedData, this.GetEntropy(), dataProtectionScope);
+    }
+
+    private byte[] GetEntropy()
+    {
+        using (SHA256 sha256 = SHA256.Create())
+        {
+            using (MemoryStream memoryStream = new MemoryStream())
+            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, sha256, CryptoStreamMode.Write))
+            using (StreamWriter writer = new StreamWriter(cryptoStream))
+            {
+                writer.Write(this.appName);
+                writer.Write(PRIMARY_PURPOSE);
+
+                foreach (string purpose in this.purposes)
+                {
+                    writer.Write(purpose);
+                }
+            }
+
+            return sha256.Hash;
+        }
+    }
+}

OAuth.AspNet.Token/TicketDataFormatTokenValidator.cs

@@ -0,0 +1,91 @@
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.DataProtection;
+using System;
+using System.IdentityModel.Tokens;
+using System.Security.Claims;
+using System.Text.RegularExpressions;
+
+namespace OAuth.AspNet.Tokens
+{
+
+    public class TicketDataFormatTokenValidator : ISecurityTokenValidator
+    {
+        #region Constructors
+
+        public TicketDataFormatTokenValidator() : this(null) { }
+
+        public TicketDataFormatTokenValidator(IDataProtectionProvider dataProtectionProvider)
+        {
+            if (dataProtectionProvider == null)
+            {
+                dataProtectionProvider = new MonoDataProtectionProvider(System.AppDomain.CurrentDomain.FriendlyName)
+                .CreateProtector("profile");
+            }
+            _ticketDataFormat = new TicketDataFormat(dataProtectionProvider.CreateProtector("Access_Token", "v1"));
+        }
+
+        #endregion
+
+        #region non-Public Members
+
+        private TicketDataFormat _ticketDataFormat;
+
+        private const string _serializationRegex = @"^[A-Za-z0-9-_]*$";
+
+        private int _maximumTokenSizeInBytes = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
+
+        #endregion
+
+        #region Public Members
+
+        public bool CanValidateToken
+        {
+            get
+            {
+                return true;
+            }
+        }
+
+        public int MaximumTokenSizeInBytes
+        {
+            get
+            {
+                return _maximumTokenSizeInBytes;
+            }
+
+            set
+            {
+                if (value < 1)
+                    throw new ArgumentOutOfRangeException(nameof(MaximumTokenSizeInBytes), "Negative or zero-sized tokens are invalid.");
+
+                _maximumTokenSizeInBytes = value;
+            }
+        }
+
+        public bool CanReadToken(string securityToken)
+        {
+            if (string.IsNullOrWhiteSpace(securityToken))
+                throw new ArgumentException("Security token has no value.", nameof(securityToken));
+
+            if (securityToken.Length * 2 > this.MaximumTokenSizeInBytes)
+                return false;
+
+            if (Regex.IsMatch(securityToken, _serializationRegex))
+                return true;
+
+            return false;
+        }
+
+        public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+        {
+            AuthenticationTicket ticket = _ticketDataFormat.Unprotect(securityToken);
+
+            validatedToken = null;
+
+            return ticket?.Principal;
+        }
+
+        #endregion
+    }
+
+}

OAuth.AspNet.Token/project.json

@@ -0,0 +1,38 @@
+{
+    "version": "1.0.5-*",
+    "description": "OAuth AspNet Token",
+    "authors": [
+        "Paul Schneider <paul@pschneider.fr>"
+    ],
+    "packOptions": {
+        "repository": {
+            "type": "git",
+            "url": "https://github.com/pazof/yavsc"
+        },
+        "licenseUrl": "https://github.com/pazof/yavsc/blob/vnext/LICENSE",
+        "requireLicenseAcceptance": true,
+        "owners": [
+            "Paul Schneider <paul@pschneider.fr>"
+        ],
+        "summary": "Yet another very small company",
+        "projectUrl": "http://yavsc.pschneider.fr",
+        "tags": [
+            "Authorization server",
+            "OAuth",
+            "Web API"
+        ]
+    },
+    "tooling": {
+        "defaultNamespace": "Yavsc"
+    },
+    "dependencies": {
+        "Newtonsoft.Json": "9.0.1",
+        "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
+        "Microsoft.AspNet.DataProtection": "1.0.0-rc1-final"
+    },
+    "frameworks": {
+        "dnx451": {
+            "frameworkAssemblies": {}
+        }
+    }
+}