Add the ACL skeleton (Application/Infrastructure/Api per §9) and failing xUnit tests for the single operation: AclService.OpenZaakAsync must default-fill bronorganisatie, verantwoordelijkeOrganisatie, startdatum (clock) and vertrouwelijkheidaanduiding and delegate to the gateway; the OpenZaakGateway must POST the zaak to OpenZaak with a Bearer JWT and the default-filled body. Implementations throw NotImplementedException — red. Also add ADR-0003 (default-fill strategy). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
30 lines
1.1 KiB
C#
30 lines
1.1 KiB
C#
using System.Security.Cryptography;
|
|
using System.Text;
|
|
using System.Text.Json;
|
|
|
|
namespace Acl.Infrastructure;
|
|
|
|
/// <summary>Mints a ZGW (vng-api-common) JWT: HS256 over the standard claims.</summary>
|
|
internal static class ZgwToken
|
|
{
|
|
public static string Mint(string clientId, string secret)
|
|
{
|
|
var header = B64Url(JsonSerializer.SerializeToUtf8Bytes(new { alg = "HS256", typ = "JWT" }));
|
|
var payload = B64Url(JsonSerializer.SerializeToUtf8Bytes(new
|
|
{
|
|
iss = clientId,
|
|
iat = DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
|
|
client_id = clientId,
|
|
user_id = "acl",
|
|
user_representation = "acl",
|
|
}));
|
|
var signingInput = $"{header}.{payload}";
|
|
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
|
|
var signature = B64Url(hmac.ComputeHash(Encoding.UTF8.GetBytes(signingInput)));
|
|
return $"{signingInput}.{signature}";
|
|
}
|
|
|
|
private static string B64Url(byte[] bytes) =>
|
|
Convert.ToBase64String(bytes).TrimEnd('=').Replace('+', '-').Replace('/', '_');
|
|
}
|