Revoke JWT Validation Access

[WingZer0o]

In the user dashboard their should be a button that allows an admin to revoke JWT validation access. Basically what can happen is that we can create a new key pair for the public trust certificate that validates the public key that is used to validate the JWT leading to a 401.

In theory this should just kick the user back into the login screen and require them to log back in with their credentials. Thus creating a whole new token, public key, and trust certificate.

Lol this isn't stateless JWT anymore. I'll get around to these issues one day.

[WingZer0o]

The above commit proves that my initial thought was correct, this however does not account for SDK tokens. Need to look a little deeper.

[WingZer0o]

It looks like the SDK login and Website login are storing to the same Key in Garnet cache. This shouldn't be the case, the SDK should have a different certificate and when fetching a token via an API it should be restricted to their product and how home licenses they get.

Login For Website

ECDSAWrapper ecdsa = new ECDSAWrapper("ES521");
string token = new JWT().GenerateECCToken(activeUser.Id, activeUser.IsAdmin, ecdsa, 1, activeUser.StripProductId);
string publicKeyCacheKey = Constants.RedisKeys.UserTokenPublicKey + activeUser.Id;
await this._userRepository.SetUserTokenPublicKey(activeUser.Id, ecdsa.PublicKey);
this._redisClient.SetString(publicKeyCacheKey, ecdsa.PublicKey, new TimeSpan(1, 0, 0));
string isUserActiveRedisKey = Constants.RedisKeys.IsActiveUser + activeUser.Id;
this._redisClient.SetString(isUserActiveRedisKey, true.ToString(), new TimeSpan(1, 0, 0));
string isUserAdminRedisKey = Constants.RedisKeys.IsUserAdmin + activeUser.Id;
this._redisClient.SetString(isUserAdminRedisKey, activeUser.IsAdmin.ToString(), new TimeSpan(1, 0, 0));
this._jwtPublicKeyTrustCertificate.CreatePublicKeyTrustCertificate(ecdsa.PublicKey, activeUser.Id);
return token;

SDK Login With API Key

ECDSAWrapper ecdsa = new ECDSAWrapper("ES521");
string token = new JWT().GenerateECCToken(activeUser.Id, activeUser.IsAdmin, ecdsa, 1, activeUser.StripProductId);
string publicKeyCacheKey = Constants.RedisKeys.UserTokenPublicKey + activeUser.Id;
this._redisClient.SetString(publicKeyCacheKey, ecdsa.PublicKey, new TimeSpan(1, 0, 0));
await this._userRepository.SetUserTokenPublicKey(activeUser.Id, ecdsa.PublicKey);
string isUserActiveRedisKey = Constants.RedisKeys.IsActiveUser + activeUser.Id;
this._redisClient.SetString(isUserActiveRedisKey, true.ToString(), new TimeSpan(1, 0, 0));
this._jwtPublicKeyTrustCertificate.CreatePublicKeyTrustCertificate(ecdsa.PublicKey, activeUser.Id);
result = new OkObjectResult(new GetTokenResponse() { Token = token });