public async Task <string> CreateJwtAssertion(ClientAssertion clientAssertion, string alg = null,
                                                      string typ = null)
        {
            if (alg != null && alg != Sha256Algorithm)
            {
                throw new AssertionException(
                          $"Invalid \"{nameof(alg)}\" header. The \"{nameof(alg)}\" header must contain the following value: \"{Sha256Algorithm}\".");
            }

            var jwt       = CreateJwsToken(clientAssertion, null);
            var publicKey = await _keyVault.GetPublicKey();

            jwt.Header["x5c"] = new string[1] {
                publicKey
            };
            jwt.Header["alg"] = Sha256Algorithm;
            if (typ != null)
            {
                jwt.Header["typ"] = typ;
            }

            var jws = await _tokenGenerator.GenerateToken(jwt.Header, jwt.Payload);

            return(jws);
        }
        public async Task <IEnumerable <SecurityKey> > GetValidationKeysAsync()
        {
            var publicKey = await _digitalSigner.GetPublicKey();

            var certificate = publicKey.CreateX509Certificate2();
            var securityKey = new X509SecurityKey(certificate);

            return(new[] { securityKey });
        }
Beispiel #3
0
        private async Task <JwtHeader> BuildJwtHeader()
        {
            var header = new JwtHeader();

            var publicKey = await _digitalSigner.GetPublicKey();

            header.Add("x5c", new[] { publicKey });
            header.Add("alg", SecurityAlgorithms.RsaSha256);
            header.Add("typ", "JWT");

            return(header);
        }
        private async Task <string[]> GetCertificates()
        {
            var publicKeyTask       = _digitalSigner.GetPublicKey();
            var publicKeysChainTask = _digitalSigner.GetPublicKeyChain();
            await Task.WhenAll(publicKeyTask, publicKeysChainTask);

            var keys = new List <string> {
                publicKeyTask.Result
            };

            keys.AddRange(publicKeysChainTask.Result);

            return(keys.ToArray());
        }
        public async Task <IEnumerable <SecurityKeyInfo> > GetValidationKeysAsync()
        {
            var publicKey = await _digitalSigner.GetPublicKey();

            var certificate = publicKey.ConvertToX509Certificate2();
            var securityKey = new X509SecurityKey(certificate);

            return(new[]
            {
                new SecurityKeyInfo
                {
                    Key = securityKey,
                    SigningAlgorithm = SecurityAlgorithms.RsaSha256
                }
            });
        }