public void When_Passing_Null_Parameter_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
// ACT & ASSERT
Assert.Throws <ArgumentNullException>(() => _jsonWebKeyConverter.ExtractSerializedKeys(null));
}
public async Task <JsonWebKey> GetJsonWebKey(string kid, Uri uri)
{
if (string.IsNullOrWhiteSpace(kid))
{
throw new ArgumentNullException(nameof(kid));
}
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
try
{
var httpClient = _httpClientFactory.GetHttpClient();
httpClient.BaseAddress = uri;
var request = await httpClient.GetAsync(uri.AbsoluteUri).ConfigureAwait(false);
request.EnsureSuccessStatusCode();
var json = request.Content.ReadAsStringAsync().Result;
var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>();
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid));
}
catch (Exception)
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, kid, uri.AbsoluteUri));
}
}
public async Task <JwsPayload> UnSign(string jws)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
var protectedHeader = _jwsParser.GetHeader(jws);
if (protectedHeader == null)
{
return(null);
}
var jsonWebKeySet = await _identityServerClientFactory.CreateJwksClient()
.ResolveAsync(_parametersProvider.GetOpenIdConfigurationUrl())
.ConfigureAwait(false);
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
if (jsonWebKeys == null ||
!jsonWebKeys.Any(j => j.Kid == protectedHeader.Kid))
{
return(null);
}
var jsonWebKey = jsonWebKeys.First(j => j.Kid == protectedHeader.Kid);
if (protectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE)
{
return(_jwsParser.GetPayload(jws));
}
return(_jwsParser.ValidateSignature(jws, jsonWebKey));
}
/// <summary>
/// Validate the signature and returns the JWSPayload.
/// </summary>
/// <param name="jws"></param>
/// <param name="jsonWebKeySet"></param>
/// <returns></returns>
public JwsPayload ValidateSignature(string jws, JsonWebKeySet jsonWebKeySet)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
if (jsonWebKeySet == null)
{
throw new ArgumentNullException(nameof(jsonWebKeySet));
}
if (jsonWebKeySet.Keys == null)
{
throw new ArgumentNullException(nameof(jsonWebKeySet.Keys));
}
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
if (!jsonWebKeys.Any())
{
return(null);
}
var header = GetHeader(jws);
var jsonWebKey = jsonWebKeys.FirstOrDefault(s => s.Kid == header.Kid);
if (jsonWebKey == null)
{
return(null);
}
return(ValidateSignature(jws, jsonWebKey));
}
private async Task <JsonWebKey> GetJsonWebKey(
string jwksUri,
string kid)
{
JsonWebKey result = null;
if (!string.IsNullOrWhiteSpace(jwksUri))
{
Uri uri = null;
if (!Uri.TryCreate(jwksUri, UriKind.Absolute, out uri))
{
return(null);
}
var httpClient = _httpClientFactory.GetHttpClient();
httpClient.BaseAddress = uri;
var request = await httpClient.GetAsync(uri.AbsoluteUri).ConfigureAwait(false);
try
{
request.EnsureSuccessStatusCode();
var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false);
var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>();
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid));
}
catch (Exception)
{
return(null);
}
}
return(result);
}
private async Task <JsonWebKey> GetJsonWebKeyFromClient(Core.Common.Models.Client client, string kid)
{
JsonWebKey result = null;
// Fetch the json web key from the jwks_uri
if (!string.IsNullOrWhiteSpace(client.JwksUri))
{
Uri uri = null;
if (!Uri.TryCreate(client.JwksUri, UriKind.Absolute, out uri))
{
return(null);
}
var httpClient = _httpClientFactory.GetHttpClient();
httpClient.BaseAddress = uri;
var request = httpClient.GetAsync(uri.AbsoluteUri).Result;
try
{
request.EnsureSuccessStatusCode();
var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false);
var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>();
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid));
}
catch (Exception)
{
return(null);
}
}
// Fetch the json web key from the jwks
if (client.JsonWebKeys != null &&
client.JsonWebKeys.Any())
{
result = client.JsonWebKeys.FirstOrDefault(j => j.Kid == kid);
}
return(result);
}
public Models.Client Execute(RegistrationParameter registrationParameter)
{
if (registrationParameter == null)
{
throw new ArgumentNullException(nameof(registrationParameter));
}
// Validate the parameters
_registrationParameterValidator.Validate(registrationParameter);
// Generate the client
var client = new Models.Client
{
RedirectionUrls = registrationParameter.RedirectUris,
Contacts = registrationParameter.Contacts,
// TODO : should support different languages for the client_name
ClientName = registrationParameter.ClientName,
ClientUri = registrationParameter.ClientUri,
PolicyUri = registrationParameter.PolicyUri,
TosUri = registrationParameter.TosUri,
JwksUri = registrationParameter.JwksUri,
SectorIdentifierUri = registrationParameter.SectorIdentifierUri,
// TODO : should support both subject types
SubjectType = Constants.SubjectTypeNames.Public,
DefaultMaxAge = registrationParameter.DefaultMaxAge,
DefaultAcrValues = registrationParameter.DefaultAcrValues,
RequireAuthTime = registrationParameter.RequireAuthTime,
InitiateLoginUri = registrationParameter.InitiateLoginUri,
RequestUris = registrationParameter.RequestUris,
LogoUri = registrationParameter.LogoUri,
ScimProfile = registrationParameter.ScimProfile
};
// If omitted then the default value is authorization code response type
if (registrationParameter.ResponseTypes == null ||
!registrationParameter.ResponseTypes.Any())
{
client.ResponseTypes = new List <ResponseType>
{
ResponseType.code
};
}
else
{
client.ResponseTypes = registrationParameter.ResponseTypes;
}
// If omitted then the default value is authorization code grant type
if (registrationParameter.GrantTypes == null ||
!registrationParameter.GrantTypes.Any())
{
client.GrantTypes = new List <GrantType>
{
GrantType.authorization_code
};
}
else
{
client.GrantTypes = registrationParameter.GrantTypes;
}
client.ApplicationType = registrationParameter.ApplicationType == null ? ApplicationTypes.web
: registrationParameter.ApplicationType.Value;
if (registrationParameter.Jwks != null)
{
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(registrationParameter.Jwks);
if (jsonWebKeys != null &&
jsonWebKeys.Any())
{
client.JsonWebKeys = jsonWebKeys.ToList();
}
}
if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenSignedResponseAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.IdTokenSignedResponseAlg))
{
client.IdTokenSignedResponseAlg = registrationParameter.IdTokenSignedResponseAlg;
}
else
{
client.IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256;
}
if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseAlg) &&
Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.IdTokenEncryptedResponseAlg))
{
client.IdTokenEncryptedResponseAlg = registrationParameter.IdTokenEncryptedResponseAlg;
}
else
{
client.IdTokenEncryptedResponseAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(client.IdTokenEncryptedResponseAlg))
{
if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseEnc) &&
Constants.Supported.SupportedJweEncs.Contains(registrationParameter.IdTokenEncryptedResponseEnc))
{
client.IdTokenEncryptedResponseEnc = registrationParameter.IdTokenEncryptedResponseEnc;
}
else
{
client.IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
}
}
if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoSignedResponseAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.UserInfoSignedResponseAlg))
{
client.UserInfoSignedResponseAlg = registrationParameter.UserInfoSignedResponseAlg;
}
else
{
client.UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.NONE;
}
if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseAlg) &&
Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.UserInfoEncryptedResponseAlg))
{
client.UserInfoEncryptedResponseAlg = registrationParameter.UserInfoEncryptedResponseAlg;
}
else
{
client.UserInfoEncryptedResponseAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(client.UserInfoEncryptedResponseAlg))
{
if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseEnc) &&
Constants.Supported.SupportedJweEncs.Contains(registrationParameter.UserInfoEncryptedResponseEnc))
{
client.UserInfoEncryptedResponseEnc = registrationParameter.UserInfoEncryptedResponseEnc;
}
else
{
client.UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
}
}
if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectSigningAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.RequestObjectSigningAlg))
{
client.RequestObjectSigningAlg = registrationParameter.RequestObjectSigningAlg;
}
else
{
client.RequestObjectSigningAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionAlg) &&
Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.RequestObjectEncryptionAlg))
{
client.RequestObjectEncryptionAlg = registrationParameter.RequestObjectEncryptionAlg;
}
else
{
client.RequestObjectEncryptionAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(client.RequestObjectEncryptionAlg))
{
if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionEnc) &&
Constants.Supported.SupportedJweEncs.Contains(registrationParameter.RequestObjectEncryptionEnc))
{
client.RequestObjectEncryptionEnc = registrationParameter.RequestObjectEncryptionEnc;
}
else
{
client.RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
}
}
TokenEndPointAuthenticationMethods tokenEndPointAuthenticationMethod;
if (string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthMethod) ||
!Enum.TryParse(registrationParameter.TokenEndPointAuthMethod, out tokenEndPointAuthenticationMethod))
{
tokenEndPointAuthenticationMethod = TokenEndPointAuthenticationMethods.client_secret_basic;
}
client.TokenEndPointAuthMethod = tokenEndPointAuthenticationMethod;
if (!string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthSigningAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.TokenEndPointAuthSigningAlg))
{
client.TokenEndPointAuthSigningAlg = registrationParameter.TokenEndPointAuthSigningAlg;
}
else
{
client.TokenEndPointAuthSigningAlg = string.Empty;
}
return(client);
}
