/// <summary> /// Validates the signature of the JWT token signed via RSA or HMAC DS algorithm /// (generated by any approach implemented in this microservice). /// </summary> /// <returns>The JSON object with validation result data.</returns> private ContentResult ValidateTokenSignature(string token, DigitalSignatureAlgorithm dsAlgorithm) { var start = Stopwatch.GetTimestamp(); var jwtToken = new JwtSecurityToken(token); var isCognitoToken = this._jwtTokenHelper.CheckIsTokenFromCognito(jwtToken); string message; var validIssuer = string.Empty; var validAudience = string.Empty; try { var securityKey = isCognitoToken ? this._jwtTokenHelper.GetRsaSecurityKey(jwtToken, this.CurrentClient.ConfigClientData.Cognito.CognitoJwksUrl) : dsAlgorithm == DigitalSignatureAlgorithm.RSA ? this._jwtTokenHelper.RsaKeyData.SigningCredentials.Key : new SymmetricSecurityKey(Convert.FromBase64String(this._jwtTokenHelper.HmacKey)); validIssuer = isCognitoToken ? this.CurrentClient.ConfigClientData.Cognito.TokenIssuer : this.TokenIssuer; validAudience = isCognitoToken ? this.CurrentClient.ConfigClientData.Cognito.ClientApp.ClientId : this.CurrentClient.ExtraClientData.ClientName; _logger.LogInformation($"ValidateTokenSignature: validIssuer={validIssuer}, validAudience={validAudience}"); this._jwtTokenHelper.ValidateToken(token, validIssuer, validAudience, securityKey); } catch (Exception e) { message = $"{{\"isCognitoToken\": \"{isCognitoToken}\", \"validIssuer\": \"{validIssuer}\", \"validAudience\": \"{validAudience}\", \"TokenValidationResult\": \"{CommonConstants.Token.ValidationResult.Failure}\", \"ExceptionMessage\": \"{e.Message}\", \"StackTrace\": \"{e.StackTrace}\"}}"; _logger.LogError($"ValidateTokenSignature: message={message}"); return(this.Content(message)); } finally { var elapsedMs = TimeHelper.GetElapsedMilliseconds(start, Stopwatch.GetTimestamp()); _logger.LogInformation($"_jwtTokenHelper.ValidateToken for {dsAlgorithm.ToString()} - elapsed {elapsedMs:N5} ms."); } message = $"{{\"TokenValidationResult\": \"{CommonConstants.Token.ValidationResult.Success}\", \"TokenClaims\": \"{string.Join(",", jwtToken.Claims.Select(c => $"{c.Type}={c.Value}"))}\"}}"; return(this.Content(message)); }
public DigitalSignature(string nickname, DigitalSignatureAlgorithm digitalSignatureAlgorithm) { this.Nickname = nickname; this.DigitalSignatureAlgorithm = digitalSignatureAlgorithm; if (digitalSignatureAlgorithm == DigitalSignatureAlgorithm.EcDsaP521_Sha256) { byte[] publicKey, privateKey; EcDsaP521_Sha256.CreateKeys(out publicKey, out privateKey); this.PublicKey = publicKey; this.PrivateKey = privateKey; } else if (digitalSignatureAlgorithm == DigitalSignatureAlgorithm.Rsa2048_Sha256) { byte[] publicKey, privateKey; Rsa2048_Sha256.CreateKeys(out publicKey, out privateKey); this.PublicKey = publicKey; this.PrivateKey = privateKey; } }