Beispiel #1
0
        /// <summary>
        /// Method that returns the IDToken decoding the JWT.
        /// </summary>
        /// <param name="OPKeys">The OP keys.</param>
        /// <param name="ClientSecret">The client secret (to be used as key).</param>
        /// <param name="RPKeys">The RP keys.</param>
        /// <returns>The IdToken as an object.</returns>
        public OIDCIdToken GetIdToken(List <OIDCKey> OPKeys = null, string ClientSecret = null, List <OIDCKey> RPKeys = null)
        {
            string jsonToken = CheckSignatureAndDecryptJWT(IdToken, OPKeys, ClientSecret, RPKeys);
            Dictionary <string, object> o = Deserializer.DeserializeFromJson <Dictionary <string, object> >(jsonToken);
            OIDCIdToken idToken           = new OIDCIdToken();

            idToken.DeserializeFromDictionary(o);

            return(idToken);
        }
        private Dictionary<string, object> PerformSelfIssuedAuthentication(OIDCAuthorizationRequestMessage requestMessage, X509Certificate2 certificate)
        {
            OIDCIdToken idToken = new OIDCIdToken();
            idToken.Iss = "https://self-issued.me";
            idToken.Sub = Convert.ToBase64String(Encoding.UTF8.GetBytes(certificate.Thumbprint));
            idToken.Aud = new List<string>() { requestMessage.RedirectUri };
            idToken.Nonce = requestMessage.Nonce;
            idToken.Exp = DateTime.MaxValue;
            idToken.Iat = DateTime.MaxValue;
            idToken.SubJkw = KeyManager.GetOIDCKey(certificate, "RSA", "AQAB", "sig");

            if (requestMessage.Scope.Contains(MessageScope.Profile))
            {
                idToken.GivenName = "Myself";
                idToken.FamilyName = "User";
                idToken.Name = idToken.GivenName + " " + idToken.FamilyName;
            }

            if (requestMessage.Scope.Contains(MessageScope.Email))
            {
                idToken.Email = "*****@*****.**";
            }

            if (requestMessage.Scope.Contains(MessageScope.Address))
            {
                idToken.Address = new OIDCAddress();
                idToken.Address.Country = "Italy";
                idToken.Address.PostalCode = "20100";
                idToken.Address.StreetAddress = "Via Test, 1";
                idToken.Address.Locality = "Milano";
            }

            if (requestMessage.Scope.Contains(MessageScope.Phone))
            {
                idToken.PhoneNumber = "0";
            }

            idToken.Validate();

            Dictionary<string, object> responseMessage = new Dictionary<string, object>();
            responseMessage["id_token"] = JWT.Encode(idToken.SerializeToJsonString(), null, JwsAlgorithm.none);
            responseMessage["state"] = requestMessage.State;

            return responseMessage;
        }
        /// <summary>
        /// Method that returns the IDToken decoding the JWT.
        /// </summary>
        /// <param name="OPKeys">The OP keys.</param>
        /// <param name="ClientSecret">The client secret (to be used as key).</param>
        /// <param name="RPKeys">The RP keys.</param>
        /// <returns>The IdToken as an object.</returns>
        public OIDCIdToken GetIdToken(List<OIDCKey> OPKeys = null, string ClientSecret = null, List<OIDCKey> RPKeys = null)
        {
            string jsonToken = CheckSignatureAndDecryptJWT(IdToken, OPKeys, ClientSecret, RPKeys);
            Dictionary<string, object> o = Deserializer.DeserializeFromJson<Dictionary<string, object>>(jsonToken);
            OIDCIdToken idToken = new OIDCIdToken();
            idToken.DeserializeFromDictionary(o);

            return idToken;
        }
        /// <summary>
        /// Method that validates the IdToken with specific rules
        /// </summary>
        /// <param name="idToken"></param>
        /// <param name="clientInformation"></param>
        /// <param name="providerMetadata"></param>
        /// <param name="nonce"></param>
        public void ValidateIdToken(OIDCIdToken idToken, OIDCClientInformation clientInformation, string Issuer, string Nonce)
        {
            if (idToken.Iss.Trim('/') != Issuer.Trim('/'))
            {
                throw new OIDCException("Wrong issuer for the token.");
            }

            if (Issuer != "https://self-issued.me" && !idToken.Aud.Contains(clientInformation.ClientId))
            {
                throw new OIDCException("Intended audience of the token does not include client_id.");
            }

            if (idToken.Aud.Count > 1 && idToken.Azp == null)
            {
                throw new OIDCException("Multiple audience but no authorized party specified.");
            }

            if (idToken.Azp != null && idToken.Azp != clientInformation.ClientId)
            {
                throw new OIDCException("The authorized party does not match client_id.");
            }

            if (idToken.Exp < DateTime.UtcNow - new TimeSpan(0, 10, 0))
            {
                throw new OIDCException("The token is expired.");
            }

            if (idToken.Iat < DateTime.Now - new TimeSpan(24, 0, 0))
            {
                throw new OIDCException("The token has ben issued more than a day ago.");
            }

            if (Nonce != null && idToken.Nonce != Nonce)
            {
                throw new OIDCException("Wrong nonce value in token.");
            }
        }
 public static string successPage(string authCode, string accessToken, OIDCIdToken idToken, OIDCUserInfoResponseMessage userInfoResponse)
 {
     string stringIdToken = idToken.serializeToJsonString();
     string userInfoString = userInfoResponse.serializeToJsonString();
     String successPage = File.ReadAllText(Path.Combine(Client.ROOT_PATH, "success_page.html"));
     return String.Format(successPage, authCode, accessToken, stringIdToken, userInfoString);
 }