Beispiel #1
0
 /// <summary>
 /// Branca specification-level token generation
 /// </summary>
 /// <param name="payload">The payload to be encrypted into the Branca token</param>
 /// <param name="timestamp">The timestamp included in the Branca token (iat: issued at)</param>
 /// <param name="key">32-byte private key used to encrypt and decrypt the Branca token</param>
 /// <returns>Base62 encoded Branca Token</returns>
 public virtual string CreateToken(string payload, DateTimeOffset timestamp, byte[] key)
 => CreateToken(payload, BrancaToken.GetBrancaTimestamp(timestamp), key);
Beispiel #2
0
        public override TokenValidationResult ValidateToken(string token, TokenValidationParameters validationParameters)
        {
            if (string.IsNullOrWhiteSpace(token))
            {
                return new TokenValidationResult {
                           Exception = new ArgumentNullException(nameof(token))
                }
            }
            ;
            if (validationParameters == null)
            {
                return new TokenValidationResult {
                           Exception = new ArgumentNullException(nameof(validationParameters))
                }
            }
            ;
            if (!CanReadToken(token))
            {
                return new TokenValidationResult {
                           Exception = new SecurityTokenException("Unable to read token")
                }
            }
            ;

            // get decryption keys
            var securityKeys = GetBrancaDecryptionKeys(token, validationParameters);

            BrancaToken decryptedToken = null;

            foreach (var securityKey in securityKeys)
            {
                try
                {
                    decryptedToken = DecryptToken(token, securityKey.Key);
                    if (decryptedToken != null)
                    {
                        break;
                    }
                }
                catch (Exception)
                {
                    // ignored
                }
            }

            if (decryptedToken == null)
            {
                return new TokenValidationResult {
                           Exception = new SecurityTokenDecryptionFailedException("Unable to decrypt token")
                }
            }
            ;

            BrancaSecurityToken brancaToken;

            try
            {
                brancaToken = new BrancaSecurityToken(decryptedToken);
            }
            catch (Exception e)
            {
                return(new TokenValidationResult {
                    Exception = e
                });
            }

            var innerValidationResult = ValidateTokenPayload(brancaToken, validationParameters);

            if (!innerValidationResult.IsValid)
            {
                return(innerValidationResult);
            }

            var identity = innerValidationResult.ClaimsIdentity;

            if (validationParameters.SaveSigninToken)
            {
                identity.BootstrapContext = token;
            }

            return(new TokenValidationResult
            {
                SecurityToken = brancaToken,
                ClaimsIdentity = identity,
                IsValid = true
            });
        }
Beispiel #3
0
 public BrancaSecurityToken(BrancaToken token) : base(token.Payload)
 {
     IssuedAt = token.Timestamp;
 }