private void Parse()
        {
            this.Claims = new NameValueCollection();

            if (RawToken.StartsWith("wrap_access_token="))
            {
                RawToken = RawToken.Replace("wrap_access_token=", "");
            }

            foreach (var rawNameValue in RawToken.Split(new[] { '&' }, StringSplitOptions.RemoveEmptyEntries))
            {
                if (rawNameValue.StartsWith("HMACSHA256="))
                {
                    continue;
                }

                var nameValue = rawNameValue.Split('=');

                if (nameValue.Length != 2)
                {
                    throw new InvalidSecurityTokenException(string.Format(
                                                                "Invalid token contains a name/value pair missing an = character: '{0}'", rawNameValue));
                }

                var key = HttpUtility.UrlDecode(nameValue[0]);

                if (this.Claims.AllKeys.Contains(key))
                {
                    throw new InvalidSecurityTokenException("Duplicated name token.");
                }

                var values = HttpUtility.UrlDecode(nameValue[1]);

                switch (key)
                {
                case Saml2Constants.Elements.Audience:
                    this.Audience = values;
                    break;

                case "ExpiresOn":
                    this.ExpiresOn = ulong.Parse(values).ToDateTimeFromEpoch();
                    break;

                case Saml2Constants.Elements.Issuer:
                    this.Issuer = values;
                    break;

                default:
                    foreach (var value in values.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
                    {
                        this.Claims.Add(key, value);
                    }
                    break;
                }
            }
        }
        public bool IsValidSignature(string signatureKey)
        {
            var result = false;

            const string separator = "&" + SwtConstants.HmacSha256 + "=";
            var          elements  = RawToken.Split(new string[] { separator }, StringSplitOptions.None);

            if (elements.Length == 2)
            {
                var validSignature = HttpUtility.UrlEncode(CalculateSignature(elements[0], signatureKey));
                result = string.Equals(validSignature, elements[1], StringComparison.InvariantCulture);
            }

            return(result);
        }
Beispiel #3
0
        private void ProcessToken()
        {
            string payload    = RawToken.Split('.') [1];
            var    bytes      = ParseBase64WithoutPadding(payload);
            var    json       = Encoding.ASCII.GetString(bytes);
            var    dictionary = JsonConvert.DeserializeObject <Dictionary <string, object> > (json);

            if (dictionary.TryGetValue("role", out object role))
            {
                Role = role.ToString();
            }
            if (dictionary.TryGetValue("exp", out object expiryInSeconds))
            {
                CalculateExpiry((Int64)expiryInSeconds);
            }
            if (dictionary.TryGetValue("nameid", out object id))
            {
                Id = Guid.Parse(id.ToString());
            }
        }