/// <summary>
/// Validates the signature of the JWT token signed via RSA or HMAC DS algorithm
/// (generated by any approach implemented in this microservice).
/// </summary>
/// <returns>The JSON object with validation result data.</returns>
private ContentResult ValidateTokenSignature(string token, DigitalSignatureAlgorithm dsAlgorithm)
{
var start = Stopwatch.GetTimestamp();
var jwtToken = new JwtSecurityToken(token);
var isCognitoToken = this._jwtTokenHelper.CheckIsTokenFromCognito(jwtToken);
string message;
var validIssuer = string.Empty;
var validAudience = string.Empty;
try
{
var securityKey = isCognitoToken
?
this._jwtTokenHelper.GetRsaSecurityKey(jwtToken, this.CurrentClient.ConfigClientData.Cognito.CognitoJwksUrl)
: dsAlgorithm == DigitalSignatureAlgorithm.RSA
? this._jwtTokenHelper.RsaKeyData.SigningCredentials.Key
:
new SymmetricSecurityKey(Convert.FromBase64String(this._jwtTokenHelper.HmacKey));
validIssuer = isCognitoToken
? this.CurrentClient.ConfigClientData.Cognito.TokenIssuer
: this.TokenIssuer;
validAudience = isCognitoToken
? this.CurrentClient.ConfigClientData.Cognito.ClientApp.ClientId
: this.CurrentClient.ExtraClientData.ClientName;
_logger.LogInformation($"ValidateTokenSignature: validIssuer={validIssuer}, validAudience={validAudience}");
this._jwtTokenHelper.ValidateToken(token, validIssuer, validAudience, securityKey);
}
catch (Exception e)
{
message = $"{{\"isCognitoToken\": \"{isCognitoToken}\", \"validIssuer\": \"{validIssuer}\", \"validAudience\": \"{validAudience}\", \"TokenValidationResult\": \"{CommonConstants.Token.ValidationResult.Failure}\", \"ExceptionMessage\": \"{e.Message}\", \"StackTrace\": \"{e.StackTrace}\"}}";
_logger.LogError($"ValidateTokenSignature: message={message}");
return(this.Content(message));
}
finally
{
var elapsedMs = TimeHelper.GetElapsedMilliseconds(start, Stopwatch.GetTimestamp());
_logger.LogInformation($"_jwtTokenHelper.ValidateToken for {dsAlgorithm.ToString()} - elapsed {elapsedMs:N5} ms.");
}
message = $"{{\"TokenValidationResult\": \"{CommonConstants.Token.ValidationResult.Success}\", \"TokenClaims\": \"{string.Join(",", jwtToken.Claims.Select(c => $"{c.Type}={c.Value}"))}\"}}";
return(this.Content(message));
}
public DigitalSignature(string nickname, DigitalSignatureAlgorithm digitalSignatureAlgorithm)
{
this.Nickname = nickname;
this.DigitalSignatureAlgorithm = digitalSignatureAlgorithm;
if (digitalSignatureAlgorithm == DigitalSignatureAlgorithm.EcDsaP521_Sha256)
{
byte[] publicKey, privateKey;
EcDsaP521_Sha256.CreateKeys(out publicKey, out privateKey);
this.PublicKey = publicKey;
this.PrivateKey = privateKey;
}
else if (digitalSignatureAlgorithm == DigitalSignatureAlgorithm.Rsa2048_Sha256)
{
byte[] publicKey, privateKey;
Rsa2048_Sha256.CreateKeys(out publicKey, out privateKey);
this.PublicKey = publicKey;
this.PrivateKey = privateKey;
}
}
