C# (CSharp) JwsPayload Beispiele

Beispiel #1

        public async Task When_Using_PrivateKeyJwtAuthentication_Then_AccessToken_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
            var payload = new JwsPayload
            {
                {
                    StandardClaimNames.Issuer, "private_key_client"
                },
                {
                    Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, "private_key_client"
                },
                {
                    StandardClaimNames.Audiences, new []
                    {
                        "http://localhost:5000"
                    }
                },
                {
                    StandardClaimNames.ExpirationTime, DateTime.UtcNow.AddHours(1).ConvertToUnixTimestamp()
                }
            };
            var jws = _jwsGenerator.Generate(payload, JwsAlg.RS256, _server.SharedCtx.SignatureKey);

            // ACT
            var token = await _clientAuthSelector.UseClientPrivateKeyAuth(jws, "private_key_client")
                        .UseClientCredentials("api1")
                        .ResolveAsync(baseUrl + "/.well-known/openid-configuration");

            // ASSERTS
            Assert.NotNull(token);
            Assert.False(token.ContainsError);
            Assert.NotEmpty(token.Content.AccessToken);
        }

Beispiel #2

Datei: ClientHelper.cs Projekt: hannanmumtaz/SimpleIdentityServer

        public async Task <string> GenerateIdTokenAsync(Client client, JwsPayload jwsPayload)
        {
            if (client == null)
            {
                throw new ArgumentNullException(nameof(client));
            }

            if (jwsPayload == null)
            {
                throw new ArgumentNullException(nameof(jwsPayload));
            }

            var signedResponseAlg  = client.GetIdTokenSignedResponseAlg();
            var encryptResponseAlg = client.GetIdTokenEncryptedResponseAlg();
            var encryptResponseEnc = client.GetIdTokenEncryptedResponseEnc();

            if (signedResponseAlg == null)
            {
                signedResponseAlg = JwsAlg.RS256;
            }

            var idToken = await _jwtGenerator.SignAsync(jwsPayload, signedResponseAlg.Value);

            if (encryptResponseAlg == null)
            {
                return(idToken);
            }

            if (encryptResponseEnc == null)
            {
                encryptResponseEnc = JweEnc.A128CBC_HS256;
            }

            return(await _jwtGenerator.EncryptAsync(idToken, encryptResponseAlg.Value, encryptResponseEnc.Value));
        }

Beispiel #3

        public async Task When_Generating_AuthorizationResponse_With_AccessToken_And_ThereIs_No_Granted_Token_Then_Token_Is_Generated_And_Added_To_The_Parameters()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string idToken                = "idToken";
            const string clientId               = "clientId";
            const string scope                  = "openid";
            var          claimsPrincipal        = new ClaimsPrincipal(new ClaimsIdentity("fake"));
            var          authorizationParameter = new AuthorizationParameter
            {
                ClientId = clientId,
                Scope    = scope
            };
            var grantedToken = new GrantedToken
            {
                AccessToken = Guid.NewGuid().ToString()
            };
            var actionResult = new ActionResult
            {
                RedirectInstruction = new RedirectInstruction()
            };
            var jwsPayload = new JwsPayload();

            _parameterParserHelperFake.Setup(p => p.ParseResponseTypes(It.IsAny <string>()))
            .Returns(new List <ResponseType>
            {
                ResponseType.token
            });
            _jwtGeneratorFake.Setup(
                j => j.GenerateIdTokenPayloadForScopesAsync(It.IsAny <ClaimsPrincipal>(), It.IsAny <AuthorizationParameter>()))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(
                j => j.GenerateUserInfoPayloadForScopeAsync(It.IsAny <ClaimsPrincipal>(), It.IsAny <AuthorizationParameter>()))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(j => j.EncryptAsync(It.IsAny <string>(), It.IsAny <JweAlg>(), It.IsAny <JweEnc>()))
            .Returns(Task.FromResult(idToken));
            _parameterParserHelperFake.Setup(p => p.ParseScopes(It.IsAny <string>()))
            .Returns(() => new List <string> {
                scope
            });
            _grantedTokenHelperStub.Setup(r => r.GetValidGrantedTokenAsync(It.IsAny <string>(),
                                                                           It.IsAny <string>(),
                                                                           It.IsAny <JwsPayload>(),
                                                                           It.IsAny <JwsPayload>()))
            .Returns(Task.FromResult((GrantedToken)null));
            _grantedTokenGeneratorHelperFake.Setup(r => r.GenerateTokenAsync(It.IsAny <Client>(),
                                                                             It.IsAny <string>(),
                                                                             It.IsAny <JwsPayload>(),
                                                                             It.IsAny <JwsPayload>()))
            .Returns(Task.FromResult(grantedToken));

            // ACT
            await _generateAuthorizationResponse.ExecuteAsync(actionResult, authorizationParameter, claimsPrincipal, new Client());

            // ASSERTS
            Assert.True(actionResult.RedirectInstruction.Parameters.Any(p => p.Name == Core.Constants.StandardAuthorizationResponseNames.AccessTokenName));
            Assert.True(actionResult.RedirectInstruction.Parameters.Any(p => p.Value == grantedToken.AccessToken));
            _grantedTokenRepositoryFake.Verify(g => g.AddToken(grantedToken));
            _simpleIdentityServerEventSource.Verify(e => e.GrantAccessToClient(clientId, grantedToken.AccessToken, scope));
        }

Beispiel #4

Datei: JwtGenerator.cs Projekt: lulzzz/SimpleIdserver.Core

        private async Task FillInResourceOwnerClaimsFromScopes(JwsPayload jwsPayload, AuthorizationParameter authorizationParameter, IList <Claim> cls)
        {
            // 1. Fill-in the subject claim
            var subject = cls.First(c => c.Type == Jwt.Constants.StandardResourceOwnerClaimNames.Subject).Value;

            jwsPayload.Add(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject);

            if (authorizationParameter == null ||
                string.IsNullOrWhiteSpace(authorizationParameter.Scope))
            {
                return;
            }

            // 2. Fill-in the other claims
            var scopes = _parameterParserHelper.ParseScopes(authorizationParameter.Scope);
            var claims = await GetClaimsFromRequestedScopes(scopes, cls);

            foreach (var claim in claims)
            {
                if (claim.Key == Jwt.Constants.StandardResourceOwnerClaimNames.Subject)
                {
                    continue;
                }

                jwsPayload.Add(claim.Key, claim.Value);
            }
        }

Beispiel #5

Datei: JwtParserFixture.cs Projekt: hannanmumtaz/SimpleIdentityServer

        public async Task When_Passing_Valid_Request_To_Unsign_Without_ClientId_Then_No_Exception_Is_Thrown()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string jws        = "jws";
            const string clientId   = "client_id";
            const string kid        = "1";
            var          jsonWebKey = new JsonWebKey
            {
                Kid           = kid,
                SerializedKey = "serialized_key"
            };
            var payLoad            = new JwsPayload();
            var jwsProtectedHeader = new JwsProtectedHeader
            {
                Alg = Jwt.Constants.JwsAlgNames.PS256,
                Kid = kid
            };

            _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
            .Returns(jwsProtectedHeader);
            _jsonWebKeyRepositoryMock.Setup(j => j.GetByKidAsync(It.IsAny <string>()))
            .Returns(Task.FromResult(jsonWebKey));
            _jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
            .Returns(payLoad);

            // ACT
            var result = await _jwtParser.UnSignAsync(jws);

            // ASSERT
            Assert.NotNull(result);
            _jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey));
        }

Beispiel #6

Datei: JwtGenerator.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task <JwsPayload> UpdatePayloadDate(JwsPayload jwsPayload)
        {
            if (jwsPayload == null)
            {
                throw new ArgumentNullException(nameof(jwsPayload));
            }

            var timeKeyValuePair = await GetExpirationAndIssuedTime();

            var expirationInSeconds = timeKeyValuePair.Key;
            var issuedAtTime        = timeKeyValuePair.Value;

            if (jwsPayload.ContainsKey(StandardClaimNames.Iat))
            {
                jwsPayload[StandardClaimNames.Iat] = issuedAtTime;
            }
            else
            {
                jwsPayload.Add(StandardClaimNames.Iat, issuedAtTime);
            }

            if (jwsPayload.ContainsKey(StandardClaimNames.ExpirationTime))
            {
                jwsPayload[StandardClaimNames.ExpirationTime] = expirationInSeconds;
            }
            else
            {
                jwsPayload.Add(StandardClaimNames.ExpirationTime, expirationInSeconds);
            }

            return(jwsPayload);
        }

Beispiel #7

        public async Task When_Pass_IdTokenHint_And_The_Subject_Doesnt_Match_Then_Error_Is_Returned()
        {
            // GENERATE JWS
            InitializeFakeObjects();
            _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
            var payload = new JwsPayload
            {
                {
                    "sub", "adm"
                }
            };

            payload.Add("aud", new[] { "http://localhost:5000" });
            var jws = _jwsGenerator.Generate(payload, JwsAlg.RS256, _server.SharedCtx.SignatureKey);

            // ACT
            var result = await _authorizationClient.ResolveAsync(baseUrl + "/.well-known/openid-configuration",
                                                                 new AuthorizationRequest(new[] { "openid", "api1" }, new[] { ResponseTypes.Code }, "authcode_client", "http://localhost:5000/callback", "state")
            {
                IdTokenHint = jws,
                Prompt      = "none"
            });

            // ASSERT
            Assert.NotNull(result);
            Assert.True(result.ContainsError);
            Assert.Equal((string)"invalid_request", (string)result.Error.Error);
            Assert.Equal((string)"the current authenticated user doesn't match with the identity token", (string)result.Error.ErrorDescription);
        }

Beispiel #8

        public void WhenBuildClaimToken(Table table)
        {
            var jwsPayload = new JwsPayload();

            foreach (var record in table.Rows)
            {
                var key   = record["Key"];
                var value = record["Value"];
                if (value.StartsWith('[') && value.EndsWith(']'))
                {
                    value = value.TrimStart('[').TrimEnd(']');
                    var splitted = value.Split(',');
                    jwsPayload.Add(key, JArray.FromObject(splitted));
                }
                else
                {
                    jwsPayload.Add(key, value);
                }
            }

            var jwtBuilder = (IJwtBuilder)_factory.Server.Host.Services.GetService(typeof(IJwtBuilder));
            var jwk        = JwksStore.GetInstance().GetJsonWebKey();
            var jws        = jwtBuilder.Sign(jwsPayload, jwk, jwk.Alg);

            _scenarioContext.Set(jws, "claim_token");
        }

Beispiel #9

Datei: SharedSteps.cs Projekt: slimjack/SimpleIdServer

        public void WhenBuildSoftwareStatement(Table table)
        {
            var jwsPayload = new JwsPayload();

            foreach (var record in table.Rows)
            {
                var key   = record["Key"];
                var value = record["Value"];
                if (value.StartsWith('[') && value.EndsWith(']'))
                {
                    value = value.TrimStart('[').TrimEnd(']');
                    var splitted = value.Split(',');
                    jwsPayload.Add(key, JArray.FromObject(splitted));
                }
                else
                {
                    jwsPayload.Add(key, value);
                }
            }

            var jwtBuilder = (IJwtBuilder)_factory.Server.Host.Services.GetService(typeof(IJwtBuilder));
            var jws        = jwtBuilder.Sign(jwsPayload, FakeJwks.GetInstance().Jwks.First());

            _scenarioContext.Set(jws, "softwareStatement");
        }

Beispiel #10

Datei: ClientAssertionAuthenticationFixture.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task When_A_Jws_Token_With_Invalid_Signature_Is_Passed_To_AuthenticateClientWithPrivateKeyJwt_Then_Null_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            var instruction = new AuthenticateInstruction
            {
                ClientAssertion = "invalid_header.invalid_payload"
            };
            var jwsPayload = new JwsPayload();

            _jwtParserFake.Setup(j => j.IsJwsToken(It.IsAny <string>()))
            .Returns(true);
            _jwsParserFake.Setup(j => j.GetPayload(It.IsAny <string>()))
            .Returns(jwsPayload);
            _jwtParserFake.Setup(j => j.UnSignAsync(It.IsAny <string>(),
                                                    It.IsAny <string>()))
            .Returns(() => Task.FromResult((JwsPayload)null));

            // ACT
            var result = await _clientAssertionAuthentication.AuthenticateClientWithPrivateKeyJwtAsync(instruction, null);

            // ASSERT
            Assert.Null(result.Client);
            Assert.True(result.ErrorMessage == ErrorDescriptions.TheSignatureIsNotCorrect);
        }

Beispiel #11

        public async Task When_Pass_IdTokenHint_And_The_Subject_Matches_The_Authenticated_User_Then_Token_Is_Returned()
        {
            // GENERATE JWS
            InitializeFakeObjects();
            _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
            var payload = new JwsPayload
            {
                {
                    "sub", "administrator"
                }
            };

            payload.Add("aud", new[] { "http://localhost:5000" });
            var jws = _jwsGenerator.Generate(payload, JwsAlg.RS256, _server.SharedCtx.SignatureKey);
            var jwe = _jweGenerator.GenerateJwe(jws, JweAlg.RSA1_5, JweEnc.A128CBC_HS256, _server.SharedCtx.EncryptionKey);

            // ACT
            var result = await _authorizationClient.ResolveAsync(baseUrl + "/.well-known/openid-configuration",
                                                                 new AuthorizationRequest(new[] { "openid", "api1" }, new[] { ResponseTypes.Code }, "authcode_client", "http://localhost:5000/callback", "state")
            {
                IdTokenHint = jwe,
                Prompt      = "none"
            });

            // ASSERT
            Assert.NotNull(result);
            Assert.False(result.ContainsError);
        }

Beispiel #12

Datei: JwtParserFixture.cs Projekt: hannanmumtaz/SimpleIdentityServer

        public async Task When_Passing_Jws_With_None_Algorithm_To_Unsign_And_No_Uri_And_Jwks_Are_Defined_Then_Payload_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string jws                = "jws";
            const string clientId           = "client_id";
            var          payLoad            = new JwsPayload();
            var          jwsProtectedHeader = new JwsProtectedHeader
            {
                Alg = Jwt.Constants.JwsAlgNames.NONE
            };
            var client = new Models.Client
            {
                ClientId = clientId
            };

            _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
            .Returns(jwsProtectedHeader);
            _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
            .Returns(Task.FromResult(client));
            _jwsParserMock.Setup(j => j.GetPayload(It.IsAny <string>()))
            .Returns(payLoad);

            // ACT
            var result = await _jwtParser.UnSignAsync(jws, clientId);

            // ASSERT
            Assert.NotNull(result);
            _jwsParserMock.Verify(j => j.GetPayload(jws));
        }

Beispiel #13

        private static bool CompareJwsPayload(JwsPayload firstJwsPayload, JwsPayload secondJwsPayload)
        {
            foreach (var record in firstJwsPayload)
            {
                if (!Constants.AllStandardResourceOwnerClaimNames.Contains(record.Key))
                {
                    continue;
                }

                if (!secondJwsPayload.ContainsKey(record.Key))
                {
                    return(false);
                }

                if (!string.Equals(
                        record.Value.ToString(),
                        secondJwsPayload[record.Key].ToString(),
                        StringComparison.CurrentCultureIgnoreCase))
                {
                    return(false);
                }
            }

            return(true);
        }

Beispiel #14

Datei: ClientAssertionAuthenticationFixture.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task When_A_Jws_Token_With_Invalid_Issuer_Is_Passed_To_AuthenticateClientWithPrivateKeyJwt_Then_Null_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            var instruction = new AuthenticateInstruction
            {
                ClientAssertion = "invalid_header.invalid_payload"
            };
            var jwsPayload = new JwsPayload
            {
                {
                    StandardClaimNames.Issuer, "issuer"
                }
            };

            _jwtParserFake.Setup(j => j.IsJwsToken(It.IsAny <string>()))
            .Returns(true);
            _jwsParserFake.Setup(j => j.GetPayload(It.IsAny <string>()))
            .Returns(jwsPayload);
            _jwtParserFake.Setup(j => j.UnSignAsync(It.IsAny <string>(),
                                                    It.IsAny <string>()))
            .Returns(Task.FromResult(jwsPayload));
            _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
            .Returns(() => Task.FromResult((Client)null));

            // ACT
            var result = await _clientAssertionAuthentication.AuthenticateClientWithPrivateKeyJwtAsync(instruction, null);

            // ASSERT
            Assert.Null(result.Client);
            Assert.True(result.ErrorMessage == ErrorDescriptions.TheClientIdPassedInJwtIsNotCorrect);
        }

Beispiel #15

Datei: ExtractRequestHelper.cs Projekt: simpleidserver/SimpleIdServer

        protected virtual void CheckRequestObject(JwsHeader header, JwsPayload jwsPayload, OpenIdClient openidClient, HandlerContext context)
        {
            if (jwsPayload == null)
            {
                throw new OAuthException(ErrorCodes.INVALID_REQUEST, OAuth.ErrorMessages.INVALID_JWS_REQUEST_PARAMETER);
            }

            if (!string.IsNullOrWhiteSpace(openidClient.RequestObjectSigningAlg) && header.Alg != openidClient.RequestObjectSigningAlg)
            {
                throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.INVALID_SIGNATURE_ALG);
            }

            if (!jwsPayload.ContainsKey(OAuth.DTOs.AuthorizationRequestParameters.ResponseType))
            {
                throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.MISSING_RESPONSE_TYPE_CLAIM);
            }

            if (!jwsPayload.ContainsKey(OAuth.DTOs.AuthorizationRequestParameters.ClientId))
            {
                throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.MISSING_CLIENT_ID_CLAIM);
            }

            if (!jwsPayload[OAuth.DTOs.AuthorizationRequestParameters.ResponseType].ToString().Split(' ').OrderBy(s => s).SequenceEqual(context.Request.RequestData.GetResponseTypesFromAuthorizationRequest().OrderBy(s => s)))
            {
                throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.INVALID_RESPONSE_TYPE_CLAIM);
            }

            if (jwsPayload[OAuth.DTOs.AuthorizationRequestParameters.ClientId].ToString() != context.Client.ClientId)
            {
                throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.INVALID_CLIENT_ID_CLAIM);
            }
        }

Beispiel #16

Datei: JwtGenerator.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task <JwsPayload> GenerateAccessToken(IEnumerable <string> audiences, IEnumerable <string> scopes, string issuerName)
        {
            if (audiences == null)
            {
                throw new ArgumentNullException(nameof(audiences));
            }

            if (scopes == null)
            {
                throw new ArgumentNullException(nameof(scopes));
            }

            var timeKeyValuePair = await GetExpirationAndIssuedTime();

            var expirationInSeconds = timeKeyValuePair.Key;
            var issuedAtTime        = timeKeyValuePair.Value;

            var jwsPayload = new JwsPayload();

            jwsPayload.Add(StandardClaimNames.Audiences, audiences);
            jwsPayload.Add(StandardClaimNames.Issuer, issuerName);
            jwsPayload.Add(StandardClaimNames.ExpirationTime, expirationInSeconds);
            jwsPayload.Add(StandardClaimNames.Iat, issuedAtTime);
            jwsPayload.Add(StandardClaimNames.Scopes, scopes);
            return(jwsPayload);
        }

Beispiel #17

Datei: PostIntrospectionAction.cs Projekt: crazyants/SimpleIdentityServer

        private static GrantedToken GetGrantedToken(JwsPayload jwsPayload)
        {
            if (jwsPayload == null)
            {
                throw new ArgumentNullException(nameof(jwsPayload));
            }

            var result = new GrantedToken
            {
                Scope          = jwsPayload.GetClaimValue(StandardClaimNames.Scopes),
                ClientId       = jwsPayload.GetClaimValue(StandardClaimNames.ClientId),
                ExpiresIn      = (int)jwsPayload.ExpirationTime,
                TokenType      = Constants.StandardTokenTypes.Bearer,
                IdTokenPayLoad = jwsPayload
            };

            var issuedAt = jwsPayload.GetDoubleClaim(StandardClaimNames.Iat);

            if (issuedAt != default(double))
            {
                result.CreateDateTime = issuedAt.UnixTimeStampToDateTime();
            }

            return(result);
        }

Beispiel #18

Datei: GenerateAuthorizationResponseFixture.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task When_Generating_AuthorizationResponse_With_AccessToken_And_ThereIs_A_GrantedToken_Then_Token_Is_Added_To_The_Parameters()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string idToken  = "idToken";
            const string clientId = "clientId";
            const string scope    = "openid";
            var          authorizationParameter = new AuthorizationParameter
            {
                ClientId = clientId,
                Scope    = scope
            };
            var grantedToken = new GrantedToken
            {
                AccessToken = Guid.NewGuid().ToString()
            };
            var actionResult = new ActionResult
            {
                RedirectInstruction = new RedirectInstruction()
            };
            var jwsPayload = new JwsPayload();

            _parameterParserHelperFake.Setup(p => p.ParseResponseTypes(It.IsAny <string>()))
            .Returns(new List <ResponseType>
            {
                ResponseType.token
            });
            _jwtGeneratorFake.Setup(
                j => j.GenerateIdTokenPayloadForScopesAsync(It.IsAny <IList <Claim> >(), It.IsAny <AuthorizationParameter>(), null, null))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(
                j => j.GenerateUserInfoPayloadForScopeAsync(It.IsAny <AuthorizationParameter>(), It.IsAny <IList <Claim> >()))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(j => j.EncryptAsync(It.IsAny <string>(), It.IsAny <JweAlg>(), It.IsAny <JweEnc>()))
            .Returns(Task.FromResult(idToken));
            _parameterParserHelperFake.Setup(p => p.ParseScopes(It.IsAny <string>()))
            .Returns(() => new List <string> {
                scope
            });
            _grantedTokenHelperStub.Setup(r => r.GetValidGrantedTokenAsync(It.IsAny <string>(),
                                                                           It.IsAny <string>(),
                                                                           It.IsAny <JwsPayload>(),
                                                                           It.IsAny <JwsPayload>()))
            .Returns(() => Task.FromResult(grantedToken));
            _resourceOwnerRepoStub.Setup(r => r.GetAsync(It.IsAny <string>())).Returns(Task.FromResult(new ResourceOwner
            {
                Claims = new List <Claim>
                {
                    new Claim("sub", "fake")
                }
            }));

            // ACT
            await _generateAuthorizationResponse.ExecuteAsync(actionResult, authorizationParameter, new Client(), null, "fake");

            // ASSERTS
            Assert.True(actionResult.RedirectInstruction.Parameters.Any(p => p.Name == Constants.StandardAuthorizationResponseNames.AccessTokenName));
            Assert.True(actionResult.RedirectInstruction.Parameters.Any(p => p.Value == grantedToken.AccessToken));
        }

Beispiel #19

        protected virtual async Task <JwsPayload> BuildIdToken(HandlerContext currentContext, JObject queryParameters, IEnumerable <string> requestedScopes, CancellationToken cancellationToken)
        {
            var openidClient = (OpenIdClient)currentContext.Client;
            var result       = new JwsPayload
            {
                { OAuthClaims.Audiences, new [] { openidClient.ClientId, currentContext.Request.IssuerName } },
                { OAuthClaims.Issuer, currentContext.Request.IssuerName },
                { OAuthClaims.Iat, DateTime.UtcNow.ConvertToUnixTimestamp() },
                { OAuthClaims.ExpirationTime, DateTime.UtcNow.AddSeconds(openidClient.TokenExpirationTimeInSeconds).ConvertToUnixTimestamp() },
                { OAuthClaims.Azp, openidClient.ClientId }
            };
            var maxAge             = queryParameters.GetMaxAgeFromAuthorizationRequest();
            var nonce              = queryParameters.GetNonceFromAuthorizationRequest();
            var acrValues          = queryParameters.GetAcrValuesFromAuthorizationRequest();
            var requestedClaims    = queryParameters.GetClaimsFromAuthorizationRequest();
            var subjectTypeBuilder = _subjectTypeBuilders.First(f => f.SubjectType == (string.IsNullOrWhiteSpace(openidClient.SubjectType) ? PublicSubjectTypeBuilder.SUBJECT_TYPE : openidClient.SubjectType));
            var subject            = await subjectTypeBuilder.Build(currentContext);

            string accessToken, code;

            if (currentContext.Response.TryGet(OAuth.DTOs.AuthorizationResponseParameters.AccessToken, out accessToken))
            {
                result.Add(OAuthClaims.AtHash, ComputeHash(accessToken));
            }

            if (currentContext.Response.TryGet(OAuth.DTOs.AuthorizationResponseParameters.Code, out code))
            {
                result.Add(OAuthClaims.CHash, ComputeHash(code));
            }

            if (maxAge != null)
            {
                result.Add(OAuthClaims.AuthenticationTime, currentContext.User.AuthenticationTime.Value.ConvertToUnixTimestamp());
            }

            if (!string.IsNullOrWhiteSpace(nonce))
            {
                result.Add(OAuthClaims.Nonce, nonce);
            }

            var defaultAcr = await _amrHelper.FetchDefaultAcr(acrValues, requestedClaims, openidClient, cancellationToken);

            if (defaultAcr != null)
            {
                result.Add(OAuthClaims.Amr, defaultAcr.AuthenticationMethodReferences);
                result.Add(OAuthClaims.Acr, defaultAcr.Name);
            }

            var scopes = openidClient.AllowedOpenIdScopes.Where(s => requestedScopes.Any(r => r == s.Name));

            EnrichWithScopeParameter(result, scopes, currentContext.User, subject);
            _claimsJwsPayloadEnricher.EnrichWithClaimsParameter(result, requestedClaims, currentContext.User, currentContext.User.AuthenticationTime);
            foreach (var claimsSource in _claimsSources)
            {
                await claimsSource.Enrich(result, openidClient).ConfigureAwait(false);
            }

            return(result);
        }

Beispiel #20

Datei: GrantedTokenHelper.cs Projekt: zarzayou/SimpleIdServer

        private static void AddExpirationAndIssueTime(JwsPayload jwsPayload, double validityPeriodsInSeconds)
        {
            var currentDateTime    = DateTime.UtcNow;
            var expirationDateTime = currentDateTime.AddSeconds(validityPeriodsInSeconds);

            jwsPayload.Add(OAuthClaims.Iat, currentDateTime.ConvertToUnixTimestamp());
            jwsPayload.Add(OAuthClaims.ExpirationTime, expirationDateTime.ConvertToUnixTimestamp());
        }

Beispiel #21

Datei: GrantedTokenHelper.cs Projekt: zarzayou/SimpleIdServer

        public void RefreshAccessToken(JwsPayload jwsPayload, double validityPeriodsInSeconds)
        {
            var currentDateTime    = DateTime.UtcNow;
            var expirationDateTime = currentDateTime.AddSeconds(validityPeriodsInSeconds);

            jwsPayload[OAuthClaims.Iat]            = currentDateTime.ConvertToUnixTimestamp();
            jwsPayload[OAuthClaims.ExpirationTime] = expirationDateTime.ConvertToUnixTimestamp();
        }

Beispiel #22

Datei: GenerateAuthorizationResponseFixture.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task When_Redirecting_To_Callback_And_There_Is_No_Response_Mode_Specified_Then_The_Response_Mode_Is_Set()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string idToken                = "idToken";
            const string clientId               = "clientId";
            const string scope                  = "scope";
            const string responseType           = "id_token";
            var          authorizationParameter = new AuthorizationParameter
            {
                ClientId     = clientId,
                Scope        = scope,
                ResponseType = responseType,
                ResponseMode = ResponseMode.None
            };
            var client = new Client
            {
                IdTokenEncryptedResponseAlg = SimpleIdServer.Core.Jwt.Constants.JweAlgNames.RSA1_5,
                IdTokenEncryptedResponseEnc = SimpleIdServer.Core.Jwt.Constants.JweEncNames.A128CBC_HS256,
                IdTokenSignedResponseAlg    = SimpleIdServer.Core.Jwt.Constants.JwsAlgNames.RS256
            };
            var actionResult = new ActionResult
            {
                RedirectInstruction = new RedirectInstruction(),
                Type = TypeActionResult.RedirectToCallBackUrl
            };
            var jwsPayload = new JwsPayload();

            _parameterParserHelperFake.Setup(p => p.ParseResponseTypes(It.IsAny <string>()))
            .Returns(new List <ResponseType>
            {
                ResponseType.id_token
            });
            _jwtGeneratorFake.Setup(
                j => j.GenerateIdTokenPayloadForScopesAsync(It.IsAny <IList <Claim> >(), It.IsAny <AuthorizationParameter>(), null, null))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(
                j => j.GenerateUserInfoPayloadForScopeAsync(It.IsAny <AuthorizationParameter>(), It.IsAny <IList <Claim> >()))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(j => j.EncryptAsync(It.IsAny <string>(), It.IsAny <JweAlg>(), It.IsAny <JweEnc>()))
            .Returns(Task.FromResult(idToken));
            _authorizationFlowHelperFake.Setup(
                a => a.GetAuthorizationFlow(It.IsAny <ICollection <ResponseType> >(), It.IsAny <string>()))
            .Returns(AuthorizationFlow.ImplicitFlow);
            _resourceOwnerRepoStub.Setup(r => r.GetAsync(It.IsAny <string>())).Returns(Task.FromResult(new ResourceOwner
            {
                Claims = new List <Claim>
                {
                    new Claim("sub", "fake")
                }
            }));

            // ACT
            await _generateAuthorizationResponse.ExecuteAsync(actionResult, authorizationParameter, new Client(), null, "fake");

            // ASSERT
            Assert.True(actionResult.RedirectInstruction.ResponseMode == ResponseMode.fragment);
        }

Beispiel #23

        private void FillInResourceOwnerClaimsByClaimsParameter(
            JwsPayload jwsPayload,
            List <ClaimParameter> claimParameters,
            ClaimsPrincipal claimsPrincipal,
            AuthorizationParameter authorizationParameter)
        {
            var state = authorizationParameter == null ? string.Empty : authorizationParameter.State;

            // 1. Fill-In the subject - set the subject as an essential claim
            if (claimParameters.All(c => c.Name != Jwt.Constants.StandardResourceOwnerClaimNames.Subject))
            {
                var essentialSubjectClaimParameter = new ClaimParameter
                {
                    Name       = Jwt.Constants.StandardResourceOwnerClaimNames.Subject,
                    Parameters = new Dictionary <string, object>
                    {
                        {
                            Constants.StandardClaimParameterValueNames.EssentialName,
                            true
                        }
                    }
                };

                claimParameters.Add(essentialSubjectClaimParameter);
            }

            // 2. Fill-In all the other resource owner claims
            if (claimParameters == null ||
                !claimParameters.Any())
            {
                return;
            }

            var resourceOwnerClaimParameters = claimParameters
                                               .Where(c => Jwt.Constants.AllStandardResourceOwnerClaimNames.Contains(c.Name))
                                               .ToList();

            if (resourceOwnerClaimParameters.Any())
            {
                var requestedClaimNames = resourceOwnerClaimParameters.Select(r => r.Name);
                var resourceOwnerClaims = GetClaims(requestedClaimNames, claimsPrincipal);
                foreach (var resourceOwnerClaimParameter in resourceOwnerClaimParameters)
                {
                    var resourceOwnerClaim      = resourceOwnerClaims.FirstOrDefault(c => c.Key == resourceOwnerClaimParameter.Name);
                    var resourceOwnerClaimValue = resourceOwnerClaim.Equals(default(KeyValuePair <string, string>)) ? string.Empty : resourceOwnerClaim.Value;
                    var isClaimValid            = ValidateClaimValue(resourceOwnerClaimValue, resourceOwnerClaimParameter);
                    if (!isClaimValid)
                    {
                        throw new IdentityServerExceptionWithState(ErrorCodes.InvalidGrant,
                                                                   string.Format(ErrorDescriptions.TheClaimIsNotValid, resourceOwnerClaimParameter.Name),
                                                                   state);
                    }

                    jwsPayload.Add(resourceOwnerClaim.Key, resourceOwnerClaim.Value);
                }
            }
        }

Beispiel #24

        public async Task <string> SignAsync(JwsPayload jwsPayload, JwsAlg alg)
        {
            var jsonWebKey = await GetJsonWebKey(
                alg.ToAllAlg(),
                KeyOperations.Sign,
                Use.Sig);

            return(_jwsGenerator.Generate(jwsPayload, alg, jsonWebKey));
        }

Beispiel #25

Datei: JwtBuilder.cs Projekt: slimjack/SimpleIdServer

        public async Task <string> Sign(JwsPayload jwsPayload, string jwsAlg)
        {
            var jsonWebKeys = await _jsonWebKeyRepository.FindJsonWebKeys(Usages.SIG, jwsAlg, new[]
            {
                KeyOperations.Sign
            });

            return(Sign(jwsPayload, jsonWebKeys.First()));
        }

Beispiel #26

        /// <summary>
        /// Try to get the value from the PAYLOAD.
        /// </summary>
        /// <param name="jwsPayload"></param>
        /// <param name="key"></param>
        /// <returns></returns>
        private static string TryGetKey(JwsPayload jwsPayload, string key)
        {
            if (!jwsPayload.ContainsKey(key))
            {
                return(string.Empty);
            }

            return(jwsPayload[key].ToString());
        }

Beispiel #27

Datei: JwtBuilder.cs Projekt: simpleidserver/SimpleIdServer

        public async Task <string> Sign(JwsPayload jwsPayload, string jwsAlg, CancellationToken cancellationToken)
        {
            var jsonWebKeys = await _jsonWebKeyRepository.FindJsonWebKeys(Usages.SIG, jwsAlg, new[]
            {
                KeyOperations.Sign
            }, cancellationToken);

            return(Sign(jwsPayload, jsonWebKeys.FirstOrDefault(), jwsAlg));
        }

Beispiel #28

Datei: JwsPayloadExtensions.cs Projekt: slimjack/SimpleIdServer

        public static IEnumerable <AuthorizationRequestClaimParameter> GetClaims(this JwsPayload jObj)
        {
            if (!jObj.ContainsKey(AuthorizationRequestParameters.Claims))
            {
                return(new AuthorizationRequestClaimParameter[0]);
            }

            return(((JObject)JsonConvert.DeserializeObject(jObj[AuthorizationRequestParameters.Claims].ToString())).GetClaims());
        }

Beispiel #29

        public async Task When_Passing_Jws_With_Algorithm_Other_Than_None_To_Unsign_And_Retrieve_Json_Web_Key_From_Uri_Then_Jwis_Is_Unsigned_And_Payload_Is_Returned()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string jws           = "jws";
            const string clientId      = "client_id";
            const string kid           = "1";
            var          jsonWebKeySet = new JsonWebKeySet();
            var          json          = jsonWebKeySet.SerializeWithDataContract();
            var          jsonWebKey    = new JsonWebKey
            {
                Kid           = kid,
                SerializedKey = "serialized_key"
            };
            var payLoad            = new JwsPayload();
            var jwsProtectedHeader = new JwsProtectedHeader
            {
                Alg = Jwt.Constants.JwsAlgNames.PS256,
                Kid = kid
            };
            var client = new Core.Common.Models.Client
            {
                ClientId = clientId,
                JwksUri  = "http://localhost"
            };
            var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.Accepted)
            {
                Content = new StringContent(json)
            };
            var jsonWebKeys = new List <JsonWebKey>
            {
                jsonWebKey
            };
            var handler        = new FakeHttpMessageHandler(httpResponseMessage);
            var httpClientFake = new HttpClient(handler);

            _jwsParserMock.Setup(j => j.GetHeader(It.IsAny <string>()))
            .Returns(jwsProtectedHeader);
            _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
            .Returns(Task.FromResult(client));
            _jwsParserMock.Setup(j => j.ValidateSignature(It.IsAny <string>(), It.IsAny <JsonWebKey>()))
            .Returns(payLoad);
            _httpClientFactoryMock.Setup(h => h.GetHttpClient())
            .Returns(httpClientFake);
            _jsonWebKeyConverterMock.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
            .Returns(jsonWebKeys);

            // ACT
            var result = await _jwtParser.UnSignAsync(jws, clientId);

            // ASSERT
            Assert.NotNull(result);
            _jwsParserMock.Verify(j => j.ValidateSignature(jws, jsonWebKey));
        }

Beispiel #30

Datei: GenerateAuthorizationResponseFixture.cs Projekt: lulzzz/SimpleIdserver.Core

        public async Task When_An_Authorization_Response_Is_Generated_Then_Events_Are_Logged()
        {
            // ARRANGE
            InitializeFakeObjects();
            const string idToken                = "idToken";
            const string clientId               = "clientId";
            const string scope                  = "scope";
            const string responseType           = "id_token";
            var          authorizationParameter = new AuthorizationParameter
            {
                ClientId     = clientId,
                Scope        = scope,
                ResponseType = responseType
            };
            var client = new Client
            {
                IdTokenEncryptedResponseAlg = SimpleIdServer.Core.Jwt.Constants.JweAlgNames.RSA1_5,
                IdTokenEncryptedResponseEnc = SimpleIdServer.Core.Jwt.Constants.JweEncNames.A128CBC_HS256,
                IdTokenSignedResponseAlg    = SimpleIdServer.Core.Jwt.Constants.JwsAlgNames.RS256
            };
            var actionResult = new ActionResult
            {
                RedirectInstruction = new RedirectInstruction()
            };
            var jwsPayload = new JwsPayload();

            _parameterParserHelperFake.Setup(p => p.ParseResponseTypes(It.IsAny <string>()))
            .Returns(new List <ResponseType>
            {
                ResponseType.id_token
            });
            _jwtGeneratorFake.Setup(
                j => j.GenerateIdTokenPayloadForScopesAsync(It.IsAny <IList <Claim> >(), It.IsAny <AuthorizationParameter>(), null, null))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(
                j => j.GenerateUserInfoPayloadForScopeAsync(It.IsAny <AuthorizationParameter>(), It.IsAny <IList <Claim> >()))
            .Returns(Task.FromResult(jwsPayload));
            _jwtGeneratorFake.Setup(j => j.EncryptAsync(It.IsAny <string>(), It.IsAny <JweAlg>(), It.IsAny <JweEnc>()))
            .Returns(Task.FromResult(idToken));
            _resourceOwnerRepoStub.Setup(r => r.GetAsync(It.IsAny <string>())).Returns(Task.FromResult(new ResourceOwner
            {
                Claims = new List <Claim>
                {
                    new Claim("sub", "fake")
                }
            }));

            // ACT
            await _generateAuthorizationResponse.ExecuteAsync(actionResult, authorizationParameter, new Client(), null, "fake");

            // ASSERT
            _oauthEventSource.Verify(s => s.StartGeneratingAuthorizationResponseToClient(clientId, responseType));
            _oauthEventSource.Verify(s => s.EndGeneratingAuthorizationResponseToClient(clientId, JsonConvert.SerializeObject(actionResult.RedirectInstruction.Parameters)));
        }