using TEAMModelOS.SDK.Extension.JwtAuth.Models;
using IdentityModel;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using TEAMModelOS.SDK.Helper.Common.DateTimeHelper;
using TEAMModelOS.SDK.Context.Configuration;
using System.Security.Cryptography;
using TEAMModelOS.SDK.Helper.Security.RSACrypt;
namespace TEAMModelOS.SDK.Extension.JwtAuth.JwtHelper
{
public class JwtHelper
{
///
/// 颁发JWT Token
///
///
///
///
public static JwtResponse IssueJWT(ClaimModel claimModel, JwtSetting setting)
{
// JwtClient jwtClient = null;
JwtClient jwtClient= setting.JwtClient.Where(x => x.Name.Equals(claimModel.Scope)).First();
//foreach (JwtClient client in setting.JwtClient) {
// if (claimModel.Scope.Equals(client.Name)) {
// jwtClient = client;
// break;
// }
//}
List claims = new List();
var dateTime = DateTimeHelper.ConvertToTimeStamp10(DateTime.Now);
claims.AddRange(claimModel.Claims);
claims.Add(new Claim(JwtClaimTypes.IssuedAt, dateTime + "", ClaimValueTypes.Integer64));
claims.Add(new Claim(JwtClaimTypes.NotBefore, dateTime + "", ClaimValueTypes.Integer64));
claims.Add(new Claim(JwtClaimTypes.Expiration, dateTime + jwtClient.Exp + "", ClaimValueTypes.Integer64));
claims.Add(new Claim(JwtClaimTypes.Audience, setting.Audience));
claims.Add(new Claim(JwtClaimTypes.Issuer, setting.Issuer));
claims.Add(new Claim(JwtClaimTypes.Scope, claimModel.Scope));
claims.Add(new Claim(JwtClaimTypes.JwtId, Guid.NewGuid().ToString()));
claims.AddRange(claimModel.Roles.ToArray().Select(s=>new Claim(JwtClaimTypes.Role,s)));
string path = BaseConfigModel.ContentRootPath;
RSACryptoServiceProvider provider = RsaHelper.LoadCertificateFile(path + "/private.pem");
RsaSecurityKey rsaSecurity = new RsaSecurityKey(provider);
var creds =new SigningCredentials(rsaSecurity, SecurityAlgorithms.RsaSha256);
var jwt = new JwtSecurityToken(
claims:claims,
signingCredentials:creds
);
var jwtHandler = new JwtSecurityTokenHandler();
return new JwtResponse {
Access_token = jwtHandler.WriteToken(jwt),
Scope = claimModel.Scope
};
}
///
/// 解析jwt
///
///
///
public static ClaimModel SerializeJWT(string jwtStr)
{
///https://www.cnblogs.com/JacZhu/p/6837676.html#Update2.0 刷新 用户的 Token 在过期时间之内根本无法手动设置失效,随之而来的还有重放攻击等等问题
var jwtHandler = new JwtSecurityTokenHandler();
JwtSecurityToken jwtToken = jwtHandler.ReadJwtToken(jwtStr);
ClaimModel claimModel = new ClaimModel();
object role = new object();
claimModel.Claims = jwtToken.Claims.ToList();
jwtToken.Payload.TryGetValue("role", out role);
if(role!=null)claimModel.Roles=role.ToString().Split(",").ToList();
return claimModel;
}
}
}