public TokenHandler(SharePointConfiguration configuration)
{
_clientId = configuration.ClientId;
_issuerId = string.IsNullOrEmpty(configuration.IssuerId) ? _clientId : configuration.IssuerId;
_hostedAppHostNameOverride = configuration.HostedAppHostNameOverride;
_hostedAppHostName = configuration.HostedAppHostName;
_clientSecret = configuration.ClientSecret;
_secondaryClientSecret = configuration.SecondaryClientSecret;
_realm = configuration.Realm;
_serviceNamespace = configuration.Realm;
var clientSigningCertificatePath = configuration.ClientSigningCertificatePath;
var clientSigningCertificatePassword = configuration.ClientSigningCertificatePassword;
var clientCertificate = (string.IsNullOrEmpty(clientSigningCertificatePath) || string.IsNullOrEmpty(clientSigningCertificatePassword)) ? null : new X509Certificate2(clientSigningCertificatePath, clientSigningCertificatePassword);
_signingCredentials = (clientCertificate == null)
? null
: new X509SigningCredentials(clientCertificate, SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.Sha256Digest);
}
public TokenHandler(SharePointConfiguration configuration)
{
_clientId = configuration.ClientId;
_issuerId = string.IsNullOrEmpty(configuration.IssuerId) ? _clientId : configuration.IssuerId;
_hostedAppHostNameOverride = configuration.HostedAppHostNameOverride;
_hostedAppHostName = configuration.HostedAppHostName;
_clientSecret = configuration.ClientSecret;
_secondaryClientSecret = configuration.SecondaryClientSecret;
_realm = configuration.Realm;
_serviceNamespace = configuration.Realm;
var clientSigningCertificatePath = configuration.ClientSigningCertificatePath;
var clientSigningCertificatePassword = configuration.ClientSigningCertificatePassword;
var clientCertificate = (string.IsNullOrEmpty(clientSigningCertificatePath) || string.IsNullOrEmpty(clientSigningCertificatePassword)) ? null : new X509Certificate2(clientSigningCertificatePath, clientSigningCertificatePassword);
_signingCredentials = (clientCertificate == null)
? null
: new X509SigningCredentials(clientCertificate, SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.Sha256Digest);
}
public virtual System.Collections.Generic.IDictionary <string, string> CreateHeaderClaims()
{
System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal);
dictionary.Add("typ", "JWT");
if (this.SigningCredentials != null)
{
if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") == 0)
{
Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials x509SigningCredentials = this.SigningCredentials as Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials;
if (x509SigningCredentials == null)
{
throw new System.InvalidOperationException("JWT token is not valid. RSA signature requires X509SigningCredentials");
}
dictionary.Add("alg", "RS256");
dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SigningCredentials.Certificate.GetCertHash()));
}
else if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256") == 0)
{
dictionary.Add("alg", "HS256");
}
}
else if (this.IssuerToken != null)
{
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = this.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken != null)
{
dictionary.Add("alg", "RS256");
dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SecurityToken.Certificate.GetCertHash()));
}
else if (this.IssuerToken is BinarySecretSecurityToken)
{
dictionary.Add("alg", "HS256");
}
}
else
{
dictionary.Add("alg", "none");
}
return(dictionary);
}
