public void When_Passing_Null_Parameter_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); // ACT & ASSERT Assert.Throws <ArgumentNullException>(() => _jsonWebKeyConverter.ExtractSerializedKeys(null)); }
public async Task <JsonWebKey> GetJsonWebKey(string kid, Uri uri) { if (string.IsNullOrWhiteSpace(kid)) { throw new ArgumentNullException(nameof(kid)); } if (uri == null) { throw new ArgumentNullException(nameof(uri)); } try { var httpClient = _httpClientFactory.GetHttpClient(); httpClient.BaseAddress = uri; var request = await httpClient.GetAsync(uri.AbsoluteUri).ConfigureAwait(false); request.EnsureSuccessStatusCode(); var json = request.Content.ReadAsStringAsync().Result; var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>(); var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet); return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid)); } catch (Exception) { throw new IdentityServerManagerException( ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, kid, uri.AbsoluteUri)); } }
public async Task <JwsPayload> UnSign(string jws) { if (string.IsNullOrWhiteSpace(jws)) { throw new ArgumentNullException(nameof(jws)); } var protectedHeader = _jwsParser.GetHeader(jws); if (protectedHeader == null) { return(null); } var jsonWebKeySet = await _identityServerClientFactory.CreateJwksClient() .ResolveAsync(_parametersProvider.GetOpenIdConfigurationUrl()) .ConfigureAwait(false); var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet); if (jsonWebKeys == null || !jsonWebKeys.Any(j => j.Kid == protectedHeader.Kid)) { return(null); } var jsonWebKey = jsonWebKeys.First(j => j.Kid == protectedHeader.Kid); if (protectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE) { return(_jwsParser.GetPayload(jws)); } return(_jwsParser.ValidateSignature(jws, jsonWebKey)); }
/// <summary> /// Validate the signature and returns the JWSPayload. /// </summary> /// <param name="jws"></param> /// <param name="jsonWebKeySet"></param> /// <returns></returns> public JwsPayload ValidateSignature(string jws, JsonWebKeySet jsonWebKeySet) { if (string.IsNullOrWhiteSpace(jws)) { throw new ArgumentNullException(nameof(jws)); } if (jsonWebKeySet == null) { throw new ArgumentNullException(nameof(jsonWebKeySet)); } if (jsonWebKeySet.Keys == null) { throw new ArgumentNullException(nameof(jsonWebKeySet.Keys)); } var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet); if (!jsonWebKeys.Any()) { return(null); } var header = GetHeader(jws); var jsonWebKey = jsonWebKeys.FirstOrDefault(s => s.Kid == header.Kid); if (jsonWebKey == null) { return(null); } return(ValidateSignature(jws, jsonWebKey)); }
private async Task <JsonWebKey> GetJsonWebKey( string jwksUri, string kid) { JsonWebKey result = null; if (!string.IsNullOrWhiteSpace(jwksUri)) { Uri uri = null; if (!Uri.TryCreate(jwksUri, UriKind.Absolute, out uri)) { return(null); } var httpClient = _httpClientFactory.GetHttpClient(); httpClient.BaseAddress = uri; var request = await httpClient.GetAsync(uri.AbsoluteUri).ConfigureAwait(false); try { request.EnsureSuccessStatusCode(); var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false); var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>(); var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet); return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid)); } catch (Exception) { return(null); } } return(result); }
private async Task <JsonWebKey> GetJsonWebKeyFromClient(Core.Common.Models.Client client, string kid) { JsonWebKey result = null; // Fetch the json web key from the jwks_uri if (!string.IsNullOrWhiteSpace(client.JwksUri)) { Uri uri = null; if (!Uri.TryCreate(client.JwksUri, UriKind.Absolute, out uri)) { return(null); } var httpClient = _httpClientFactory.GetHttpClient(); httpClient.BaseAddress = uri; var request = httpClient.GetAsync(uri.AbsoluteUri).Result; try { request.EnsureSuccessStatusCode(); var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false); var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>(); var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet); return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid)); } catch (Exception) { return(null); } } // Fetch the json web key from the jwks if (client.JsonWebKeys != null && client.JsonWebKeys.Any()) { result = client.JsonWebKeys.FirstOrDefault(j => j.Kid == kid); } return(result); }
public Models.Client Execute(RegistrationParameter registrationParameter) { if (registrationParameter == null) { throw new ArgumentNullException(nameof(registrationParameter)); } // Validate the parameters _registrationParameterValidator.Validate(registrationParameter); // Generate the client var client = new Models.Client { RedirectionUrls = registrationParameter.RedirectUris, Contacts = registrationParameter.Contacts, // TODO : should support different languages for the client_name ClientName = registrationParameter.ClientName, ClientUri = registrationParameter.ClientUri, PolicyUri = registrationParameter.PolicyUri, TosUri = registrationParameter.TosUri, JwksUri = registrationParameter.JwksUri, SectorIdentifierUri = registrationParameter.SectorIdentifierUri, // TODO : should support both subject types SubjectType = Constants.SubjectTypeNames.Public, DefaultMaxAge = registrationParameter.DefaultMaxAge, DefaultAcrValues = registrationParameter.DefaultAcrValues, RequireAuthTime = registrationParameter.RequireAuthTime, InitiateLoginUri = registrationParameter.InitiateLoginUri, RequestUris = registrationParameter.RequestUris, LogoUri = registrationParameter.LogoUri, ScimProfile = registrationParameter.ScimProfile }; // If omitted then the default value is authorization code response type if (registrationParameter.ResponseTypes == null || !registrationParameter.ResponseTypes.Any()) { client.ResponseTypes = new List <ResponseType> { ResponseType.code }; } else { client.ResponseTypes = registrationParameter.ResponseTypes; } // If omitted then the default value is authorization code grant type if (registrationParameter.GrantTypes == null || !registrationParameter.GrantTypes.Any()) { client.GrantTypes = new List <GrantType> { GrantType.authorization_code }; } else { client.GrantTypes = registrationParameter.GrantTypes; } client.ApplicationType = registrationParameter.ApplicationType == null ? ApplicationTypes.web : registrationParameter.ApplicationType.Value; if (registrationParameter.Jwks != null) { var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(registrationParameter.Jwks); if (jsonWebKeys != null && jsonWebKeys.Any()) { client.JsonWebKeys = jsonWebKeys.ToList(); } } if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenSignedResponseAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.IdTokenSignedResponseAlg)) { client.IdTokenSignedResponseAlg = registrationParameter.IdTokenSignedResponseAlg; } else { client.IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256; } if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseAlg) && Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.IdTokenEncryptedResponseAlg)) { client.IdTokenEncryptedResponseAlg = registrationParameter.IdTokenEncryptedResponseAlg; } else { client.IdTokenEncryptedResponseAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(client.IdTokenEncryptedResponseAlg)) { if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseEnc) && Constants.Supported.SupportedJweEncs.Contains(registrationParameter.IdTokenEncryptedResponseEnc)) { client.IdTokenEncryptedResponseEnc = registrationParameter.IdTokenEncryptedResponseEnc; } else { client.IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256; } } if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoSignedResponseAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.UserInfoSignedResponseAlg)) { client.UserInfoSignedResponseAlg = registrationParameter.UserInfoSignedResponseAlg; } else { client.UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.NONE; } if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseAlg) && Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.UserInfoEncryptedResponseAlg)) { client.UserInfoEncryptedResponseAlg = registrationParameter.UserInfoEncryptedResponseAlg; } else { client.UserInfoEncryptedResponseAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(client.UserInfoEncryptedResponseAlg)) { if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseEnc) && Constants.Supported.SupportedJweEncs.Contains(registrationParameter.UserInfoEncryptedResponseEnc)) { client.UserInfoEncryptedResponseEnc = registrationParameter.UserInfoEncryptedResponseEnc; } else { client.UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256; } } if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectSigningAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.RequestObjectSigningAlg)) { client.RequestObjectSigningAlg = registrationParameter.RequestObjectSigningAlg; } else { client.RequestObjectSigningAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionAlg) && Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.RequestObjectEncryptionAlg)) { client.RequestObjectEncryptionAlg = registrationParameter.RequestObjectEncryptionAlg; } else { client.RequestObjectEncryptionAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(client.RequestObjectEncryptionAlg)) { if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionEnc) && Constants.Supported.SupportedJweEncs.Contains(registrationParameter.RequestObjectEncryptionEnc)) { client.RequestObjectEncryptionEnc = registrationParameter.RequestObjectEncryptionEnc; } else { client.RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256; } } TokenEndPointAuthenticationMethods tokenEndPointAuthenticationMethod; if (string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthMethod) || !Enum.TryParse(registrationParameter.TokenEndPointAuthMethod, out tokenEndPointAuthenticationMethod)) { tokenEndPointAuthenticationMethod = TokenEndPointAuthenticationMethods.client_secret_basic; } client.TokenEndPointAuthMethod = tokenEndPointAuthenticationMethod; if (!string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthSigningAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.TokenEndPointAuthSigningAlg)) { client.TokenEndPointAuthSigningAlg = registrationParameter.TokenEndPointAuthSigningAlg; } else { client.TokenEndPointAuthSigningAlg = string.Empty; } return(client); }