Ejemplo n.º 1
0
        static void Main()
        {
            // This sample demonstrates how to validate a token that may come form different issuers.
            // This is common if you have to support multiple Authorization Servers.
            var keyIssuer1        = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
            var keyIssuer2        = SymmetricJwk.FromBase64Url("9dobXhxMWH9PoLsKRdv1qp0bEqJm4YNd8JRaTxes8i4R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
            var keyIssuer3        = SymmetricJwk.FromBase64Url("lh2TJcMdPyNLhfNp0nYLAFM_R0UEXVoZ9N7ife4ZT-A");
            var policyMultiIssuer = new TokenValidationPolicyBuilder()
                                    .RequireSignature("https://idp1.example.com/", keyIssuer1, SignatureAlgorithm.HS256)
                                    .RequireSignature("https://idp2.example.com/", keyIssuer2, SignatureAlgorithm.HS512)
                                    .RequireSignature("https://idp3.example.com/", keyIssuer3, SignatureAlgorithm.HS256)
                                    .RequireAudience("F6964636C69656E745")
                                    .Build();

            var token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAzLmV4YW1wbGUuY29tLyIsImF1ZCI6IkY2OTY0NjM2QzY5NjU2RTc0NSJ9.a6RiTht8kyTDL9SZVX9kUye7dJL9YSZxJPbAyaaw3QE";

            // Try to read the token with the different policies
            if (Jwt.TryParse(token, policyMultiIssuer, out var jwt))
            {
                Console.WriteLine($"The token is issued by '{jwt.Payload["iss"].GetString()}':");
                Console.WriteLine(jwt);

                jwt.Dispose();
            }
            else
            {
                Console.WriteLine("Failed to read the token.");
                Console.WriteLine("  Reason: " + jwt.Error.Status);
                jwt.Dispose();
            }
        }
Ejemplo n.º 2
0
        static void Main()
        {
            // Creates a symmetric key defined for the 'HS256' algorithm
            var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");

            // Creates a JWS descriptor with all its properties
            var descriptor = new JwsDescriptor()
            {
                SigningKey     = key,
                Algorithm      = SignatureAlgorithm.HmacSha256,
                IssuedAt       = DateTime.UtcNow,
                ExpirationTime = DateTime.UtcNow.AddHours(1),
                Issuer         = "https://idp.example.com/",
                Audience       = "636C69656E745F6964"
            };

            // Generates the UTF-8 string representation of the JWT
            var writer = new JwtWriter();
            var token  = writer.WriteTokenString(descriptor);

            Console.WriteLine("The JWT is:");
            Console.WriteLine(descriptor);
            Console.WriteLine();
            Console.WriteLine("Its compact form is:");
            Console.WriteLine(token);
        }
Ejemplo n.º 3
0
        protected override async Task ExecuteAsync(CancellationToken stoppingToken)
        {
            while (!stoppingToken.IsCancellationRequested)
            {
                var descriptor = new SecEventDescriptor(SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU"), SignatureAlgorithm.HS256)
                {
                    Payload = new JwtPayload
                    {
                        { "iss", "https://client.example.com" },
                        { "iat", EpochTime.UtcNow },
                        { "jti", Guid.NewGuid().ToString("N") },
                        { "aud", new[] { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } },
                        { "events", new JsonObject
                          {
                              { "urn:ietf:params:scim:event:create", new JsonObject
                                {
                                    { "ref", "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9" },
                                    { "attributes", new object[] { "id", "name", "userName", "password", "emails" } }
                                } }
                          } }
                    }
                };

                await _client.SendAuditTrailAsync(descriptor);
            }
        }
Ejemplo n.º 4
0

        
Ejemplo n.º 5
0
        static async Task Main()
        {
            var client = new AuditTrailClient("https://example.com", "api", new TokenClientOptions {
            });

            var descriptor = new SecEventDescriptor(SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU"), SignatureAlgorithm.HS256)
            {
                Payload = new JwtPayload
                {
                    { "iss", "https://client.example.com" },
                    { "iat", EpochTime.UtcNow },
                    { "jti", "4d3559ec67504aaba65d40b0363faad8" },
                    { "aud", new[] { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } },
                    { "events", new JsonObject
                      {
                          { "urn:ietf:params:scim:event:create", new JsonObject
                                {
                                    { "ref", "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9" },
                                    { "attributes", new object[] { "id", "name", "userName", "password", "emails" } }
                                } }
                      } }
                }
            };

            var result = await client.SendAuditTrailAsync(descriptor);

            Console.WriteLine(result.Status);
        }
Ejemplo n.º 6
0
        static void Main()
        {
            // Initializes the shared secret as a symmetric key of 256 bits
            var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");

            // Defines the validation policy:
            // - Require the issuer "https://idp.example.com/", with the predefined key, with the signature algorithm HS256
            // - Require the audience "636C69656E745F6964"
            var policy = new TokenValidationPolicyBuilder()
                         .RequireSignature("https://idp.example.com/", key, SignatureAlgorithm.HS256)
                         .RequireAudience("636C69656E745F6964")
                         .Build();

            // Try to parse the JWT. Its return false
            if (Jwt.TryParse("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vIiwiYXVkIjoiNjM2QzY5NjU2RTc0NUY2OTY0In0.YrrT1Ddp1ampsDd2GwYZoTz_bUnLt_h--f16wsWBedk", policy, out Jwt jwt))
            {
                Console.WriteLine("The token is " + jwt);
            }
            else
            {
                Console.WriteLine("Failed to read the token. Error: " + Environment.NewLine + jwt.Error);
            }

            // Do not forget to dispose the Jwt, or you may suffer of GC impacts
            jwt.Dispose();
        }
Ejemplo n.º 7
0
        static void Main()
        {
            // Creates a symmetric key defined for the 'HS256' algorithm
            var signatureKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");

            // Creates a symmetric key for encryption
            var decryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");

            var policy = new TokenValidationPolicyBuilder()
                         .RequireSignature("https://idp.example.com/", signatureKey, SignatureAlgorithm.HS256)
                         .RequireAudience("636C69656E745F6964")
                         .WithDecryptionKey(decryptionKey)
                         .Build();

            var result = Jwt.TryParse("eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWFOTlpaMXBtREFXSWYzYkg3MFg2V3FfbldzUXhuMjFMUngza1daMG5MYyIsImN0eSI6IkpXVCJ9.PU18XXVByiJLE53zkg1m-SzjZXUdRYkl0X20JtsMKXW54RHn3fcK_w.Bu1SPUTuntwvPfwXTj1OhQ.OuCl09TjUMJk80GdY4n5r6HUnH21dWwT1BAbbvPJg75p_AfMvVNmaQ3dahrSmCkuCI5EF34ynE_qUBAuMH9bcplUWS9GDKJfGugEZgkciWORv5RzXvAAokpElpuaiV09SdBmaepi4FAXvTP4axJUWuOXt2MvjnlwbIXlVqUX9Lha1NnsseBLTjfCclhV0pQEKjnncqjuqTcxmqTqAsxZA1v8RJV_FbzBdVBWwQ-qrjYbsrqtsK13XazZEGwAHU7fJT1vlaBdlni6aTQIlwE7JuLA--6hRM9mr7NZ4SlihCFBLjW-DZ2QoQBd6XeFNGKMnNgUP0t6mYihPlmh1eC0BivPaTtCKf4CH6lrq42_17s.ajGQE7r5eAd9z8a-8mmq2g", policy, out var jwt);

            if (result)
            {
                Console.WriteLine("The token is " + jwt);
            }
            else
            {
                Console.WriteLine("Failed to read the token. Reason: " + Environment.NewLine + jwt.Error.Status);
            }

            jwt.Dispose();
        }
Ejemplo n.º 8
0
        private static void ReadSymmetricKeyFromBase64Url()
        {
            // The SymmetricJwk.FromBase64Url method accept a Base64-URL encoded string as input
            var b64SymmetricKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");

            b64SymmetricKey.Kid = "B64";
            Console.WriteLine("JWK from Base64-URL:");
            Console.WriteLine(b64SymmetricKey);
            Console.WriteLine();
        }
        public async Task TryStoreToken_ValidToken_SinkOk_ReturnsSuccess()
        {
            var key = SymmetricJwk.FromBase64Url("YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE", false);

            key.Kid = JsonEncodedText.Encode("key1");
            var options = CreateOptions(key);
            var service = new AuditTrailHubService(new TestEventSink(response: true), options);

            var response = await service.TryStoreAuditTrail(new ReadOnlySequence <byte>(ValidToken), out var error);

            Assert.True(response);
            Assert.Null(error);
        }
        public async Task TryStoreToken_BadKey_ReturnsInvalidKey()
        {
            var key = SymmetricJwk.FromBase64Url(new string('b', 16));

            key.Kid = JsonEncodedText.Encode("bad key");
            var options  = CreateOptions(key);
            var service  = new AuditTrailHubService(new TestEventSink(response: false), options);
            var response = await service.TryStoreAuditTrail(new ReadOnlySequence <byte>(ValidToken), out var error);

            Assert.False(response);
            Assert.Equal(JsonEncodedText.Encode("invalid_key"), error !.Code);
            Assert.Null(error.Description);
        }
        public async Task TryStoreToken_ValidToken_SinkDown_ReturnsErrorResponse()
        {
            var key = SymmetricJwk.FromBase64Url("YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE", false);

            key.Kid = JsonEncodedText.Encode("key1");
            var options = CreateOptions(key);
            var service = new AuditTrailHubService(new TestEventSink(response: false), options);

            var response = await service.TryStoreAuditTrail(new ReadOnlySequence <byte>(ValidToken), out var error);

            Assert.False(response);
            Assert.False(error !.Code.EncodedUtf8Bytes.IsEmpty);
            Assert.Null(error.Description);
        }
Ejemplo n.º 12
0
        public void Rfc7516_Decrypt()
        {
            Jwk    encryptionKey = SymmetricJwk.FromBase64Url("GawgguFyGrWKav7AX4VKUg");
            string token         = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.U0m_YmjN04DJvceFICbCVQ";

            var policy = new TokenValidationPolicyBuilder()
                         .WithDecryptionKey(encryptionKey)
                         .IgnoreSignatureByDefault()
                         .Build();

            var result = Jwt.TryParse(token, policy, out var jwt);

            Assert.True(result);
            Assert.Equal("Live long and prosper.", jwt.Plaintext);
            jwt.Dispose();
        }
Ejemplo n.º 13
0
        static void Main()
        {
            // This sample demonstrates how to validate a token that may come form different issuers.
            // This is common if you have to support multiple Authorization Servers.
            var keyIssuer1    = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
            var policyIssuer1 = new TokenValidationPolicyBuilder()
                                .RequireSignature(keyIssuer1, SignatureAlgorithm.HmacSha256)
                                .RequireAudience("636C69656E745F6964")
                                .RequireIssuer("https://idp1.example.com/")
                                .Build();

            var keyIssuer2    = SymmetricJwk.FromBase64Url("9dobXhxMWH9PoLsKRdv1qp0bEqJm4YNd8JRaTxes8i4");
            var policyIssuer2 = new TokenValidationPolicyBuilder()
                                .RequireSignature(keyIssuer2, SignatureAlgorithm.HmacSha256)
                                .RequireAudience("9656E745F6964636C6")
                                .RequireIssuer("https://idp2.example.com/")
                                .Build();

            var keyIssuer3    = new SymmetricJwk("lh2TJcMdPyNLhfNp0nYLAFM_R0UEXVoZ9N7ife4ZT-A");
            var policyIssuer3 = new TokenValidationPolicyBuilder()
                                .RequireSignature(keyIssuer3, SignatureAlgorithm.HmacSha256)
                                .RequireAudience("F6964636C69656E745")
                                .RequireIssuer("https://idp3.example.com/")
                                .Build();

            var policies = new[] { policyIssuer1, policyIssuer2, policyIssuer3 };

            var reader = new JwtReader();
            var token  = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAzLmV4YW1wbGUuY29tLyIsImF1ZCI6IkY2OTY0NjM2QzY5NjU2RTc0NSJ9.a6RiTht8kyTDL9SZVX9kUye7dJL9YSZxJPbAyaaw3QE";

            for (int i = 0; i < policies.Length; i++)
            {
                // Try to read the token with the different policies
                var result = reader.TryReadToken(token, policies[i]);
                if (result.Succedeed)
                {
                    Console.WriteLine($"The token is issued by '{result.Token.Issuer}':");
                    Console.WriteLine(result.Token);
                    break;
                }

                Console.WriteLine($"Failed to read the token for the issuer '{policies[i].RequiredIssuer}'.");
                Console.WriteLine("  Reason: " + result.Status);
            }
        }
Ejemplo n.º 14
0
        static void Main()
        {
            // Creates a symmetric key for encryption
            var encryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");

            // Creates a JWE descriptor with all its properties
            var descriptor = new PlaintextJweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
            {
                Payload = "Life long and prosper."
            };

            // Generates the UTF-8 string representation of the JWT
            var writer = new JwtWriter();
            var token  = writer.WriteTokenString(descriptor);

            Console.WriteLine("The JWT is:");
            Console.WriteLine(descriptor);
            Console.WriteLine();
            Console.WriteLine("Its compact form is:");
            Console.WriteLine(token);
        }
Ejemplo n.º 15
0
        static void Main()
        {
            var key    = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
            var policy = new TokenValidationPolicyBuilder()
                         .RequireSignature(key, SignatureAlgorithm.HmacSha256)
                         .RequireAudience("636C69656E745F6964")
                         .RequireIssuer("https://idp.example.com/")
                         .Build();

            var reader = new JwtReader();
            var result = reader.TryReadToken("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vIiwiYXVkIjoiNjM2QzY5NjU2RTc0NUY2OTY0In0.YrrT1Ddp1ampsDd2GwYZoTz_bUnLt_h--f16wsWBedk", policy);

            if (result.Succedeed)
            {
                Console.WriteLine("The token is " + result.Token);
            }
            else
            {
                Console.WriteLine("Failed to read the token. Reason: " + Environment.NewLine + result.Status);
            }
        }
Ejemplo n.º 16
0
        static void Main()
        {
            // Creates a symmetric key for encryption
            var encryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");

            // Creates a JWE descriptor with all its properties
            var payload    = new byte[] { 76, 105, 102, 101, 32, 108, 111, 110, 103, 32, 97, 110, 100, 32, 112, 114, 111, 115, 112, 101, 114, 46 };
            var descriptor = new BinaryJweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
            {
                Payload = payload
            };

            // Generates the UTF-8 string representation of the JWT
            var writer = new JwtWriter();
            var token  = writer.WriteTokenString(descriptor);

            Console.WriteLine("The JWT is:");
            Console.WriteLine(descriptor);
            Console.WriteLine();
            Console.WriteLine("Its compact form is:");
            Console.WriteLine(token);
        }
Ejemplo n.º 17
0
        static void Main()
        {
            // Creates a symmetric key defined for the 'HS256' algorithm
            var signingKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");

            // Creates a SecEvent descriptor with all its properties
            var descriptor = new SecEventDescriptor(signingKey, SignatureAlgorithm.HS256)
            {
                Payload = new JwtPayload
                {
                    { JwtClaimNames.Iss, "https://idp.example.com/" },
                    { JwtClaimNames.Jti, "756E69717565206964656E746966696572" },
                    { JwtClaimNames.Iat, 1508184845 },
                    { JwtClaimNames.Aud, "636C69656E745F6964" },
                    { SecEventClaimNames.Toe, EpochTime.UtcNow },
                    { SecEventClaimNames.Txn, "6964656E74" },
                    { SecEventClaimNames.Events, new JsonObject
                      {
                          new AccountDisabledSecEvent
                          {
                              { SecEvent.SubjectAttribute, new EmailSubjectIdentifier("*****@*****.**") },
                              { AccountDisabledSecEvent.ReasonAttribute, "hijacking" },
                              { "custom_attribute", "hello world" }
                          }
                      } }
                }
            };

            // Generates the UTF-8 string representation of the JWT
            var writer = new JwtWriter();
            var token  = writer.WriteTokenString(descriptor);

            Console.WriteLine("The JWT is:");
            Console.WriteLine(descriptor);
            Console.WriteLine();
            Console.WriteLine("Its compact form is:");
            Console.WriteLine(token);
        }
Ejemplo n.º 18
0
        public void ConfigureServices(IServiceCollection services)
        {
            var ecdsa = ECDsa.Create();

            ecdsa.GenerateKey(ECCurve.NamedCurves.nistP256);
            services.AddAuditTrailHub("636C69656E745F6964")
            .RegisterClient(new AuditTrailHubRegistration("m2m", SignatureAlgorithm.HS256, SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU")))
            .AddMongoDBStorage("mongodb://localhost")
            .AddMongoDBMerkleTree(SupportedHashAlgorithm.Sha256, ecdsa.ExportParameters(true));

            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(o =>
            {
                o.Authority = Configuration["authentication:authority"];
                o.Audience  = Configuration["authentication:audience"];
            });
        }
Ejemplo n.º 19
0
        static void Main()
        {
            // Creates a symmetric key defined for the 'HS256' algorithm
            var signingKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");

            // Creates a JWS descriptor with all its properties
            var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256)
            {
                Payload = new JwtPayload
                {
                    // You can use predefined claims
                    { JwtClaimNames.Iat, EpochTime.UtcNow },
                    { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
                    { JwtClaimNames.Iss, "https://idp.example.com/" },
                    { JwtClaimNames.Aud, "636C69656E745F6964" },

                    // Or use custom claims
                    { "value", "ABCEDF" }
                }
            };

            // Adds another claim
            descriptor.Payload.Add("ClaimName", new JsonObject
            {
                { "stuff1", "xyz789" },
                { "stuff2", "abc123" },
                {
                    "subObject", new JsonObject
                    {
                        { "prop1", "abc123" },
                        { "prop2", "xyz789" }
                    }
                },
                {
                    "Modules", new []
                    {
                        new JsonObject
                        {
                            { "name", "module1" },
                            { "prop1", "abc123" },
                            { "prop2", "xyz789" }
                        },
                        new JsonObject
                        {
                            { "name", "module2" },
                            { "prop1", "abc123" },
                            { "prop2", "xyz789" }
                        }
                    }
                }
            });


            // Adds anonymous object
            descriptor.Payload.Add("ClaimName_anonymous_type", new
            {
                stuff1    = "xyz789",
                stuff2    = "abc123",
                subObject = new
                {
                    prop1 = "abc123",
                    prop2 = "xyz789"
                },
                Modules = new[]
                {
                    new {
                        name  = "module1",
                        prop1 = "abc123",
                        prop2 = "xyz789"
                    },
                    new {
                        name  = "module2",
                        prop1 = "abc123",
                        prop2 = "xyz789"
                    }
                }
            });

            // Generates the UTF-8 string representation of the JWT
            var writer = new JwtWriter();
            var token  = writer.WriteTokenString(descriptor);

            Console.WriteLine("The JWT is:");
            Console.WriteLine(descriptor);
            Console.WriteLine();
            Console.WriteLine("Its compact form is:");
            Console.WriteLine(token);
        }
Ejemplo n.º 20
0
 public SymmetricJwk CreateEncryptionKey()
 {
     return(SymmetricJwk.FromBase64Url("vXOB3TzeAzoTy2gaiiraLA", KeyManagementAlgorithm.A128KW));
 }
Ejemplo n.º 21
0
 public SymmetricJwk CreateSigningKey()
 {
     return(SymmetricJwk.FromBase64Url("1ZwTfcBMuxcCltXX5b7rVw", SignatureAlgorithm.HS256));
 }
Ejemplo n.º 22
0
        private void NewConnectionHandler()
        {
            var server = new TcpListener(ip, port);

            server.Start();

            var policy = new TokenValidationPolicyBuilder()
                         .RequireSignature(SymmetricJwk.FromBase64Url(confWebSocket.JwsKey), SignatureAlgorithm.HmacSha512)
                         .RequireIssuer("Leierkasten Backend")
                         .Build();
            var reader = new JwtReader();

            while (running)
            {
                TcpClient client;
                if (server.Pending())
                {
                    client = server.AcceptTcpClient();
                }
                else
                {
                    Thread.Sleep(100);
                    continue;
                }

                var stream = client.GetStream();
                stream.WriteTimeout = 10;

                while (client.Available < 3)
                {
                    Thread.Sleep(100);
                }

                var bytes = new byte[client.Available];
                stream.Read(bytes, 0, bytes.Length);

                // This is a textual request, decode it
                var request = Encoding.UTF8.GetString(bytes);

                // Check if this is a websocket handshake. If no, skip.
                if (!new Regex("^GET").IsMatch(request))
                {
                    Log.Warn("Denied websocket because client used wrong method.");
                    stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
                    continue;
                }

                const string eol  = "\r\n";
                const string guid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";

                // HTML headers are case insensitive
                var match = new Regex("Sec-WebSocket-Key: (.*)", RegexOptions.IgnoreCase).Match(request);
                if (!match.Success)
                {
                    Log.Warn("Sec-WebSocket-Key was not found in request.");
                    Log.Trace("Request was (base64-encoded): " + Convert.ToBase64String(Encoding.ASCII.GetBytes(request)));
                    stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
                    continue;
                }

                if (match.Groups.Count != 2)
                {
                    InvalidMatchNumber(match, stream);
                    continue;
                }
                string key             = match.Groups[1].Value.Trim();
                byte[] hashedAcceptKey = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(key + guid));
                string base64AcceptKey = Convert.ToBase64String(hashedAcceptKey);

                Log.Trace("Received Sec-WebSocket-Key: " + key);
                if (Log.IsTraceEnabled)
                {
                    StringBuilder hex = new StringBuilder(hashedAcceptKey.Length * 2);
                    foreach (byte b in hashedAcceptKey)
                    {
                        hex.AppendFormat("{0:x2}", b);
                    }
                    Log.Trace("Hashed Sec-WebSocket-Key: " + hex);
                }

                Log.Trace("Base64 if Sec-WebSocket-Key Hash: " + base64AcceptKey);
                string responseStr = "HTTP/1.1 101 Switching Protocols" + eol
                                     + "Connection: Upgrade" + eol
                                     + "Upgrade: websocket" + eol
                                     + "Sec-WebSocket-Accept: " + base64AcceptKey + eol + eol;
                byte[] response = Encoding.UTF8.GetBytes(responseStr);

                // Get cookie
                match = new Regex("lk-session=([^;\r\n]*)", RegexOptions.IgnoreCase).Match(request);
                if (!match.Success)
                {
                    Log.Warn("Denied websocket because session cookie is missing.");
                    stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
                    continue;
                }

                if (match.Groups.Count != 2)
                {
                    InvalidMatchNumber(match, stream);
                    continue;
                }

                // Validate session cookie of user
                var sessionCookie = match.Groups[1].ToString();
                var result        = reader.TryReadToken(sessionCookie, policy);
                if (!result.Succedeed)
                {
                    Log.Warn($"Denied websocket because JWS token could not be validated: {result.ErrorHeader}, {result.ErrorClaim}.");
                    stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
                    continue;
                }

                if (result.Token?.Payload == null)
                {
                    Log.Warn("Denied websocket because JWS token payload is empty.");
                    stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
                    continue;
                }

                var uid = JsonConvert.DeserializeObject <Dictionary <string, string> >(result.Token.Payload.ToString())["uid"];

                // Send handshake response
                stream.Write(response, 0, response.Length);

                // Start handler for the connection
                var handler = new WebSocketConnection(client, uid);

                if (!ConnectedClients.TryAdd(clientCounter++, handler))
                {
                    handler.Stop();
                }
                else
                {
                    OnClientConnected?.Invoke(this, new ClientConnectedEventArgs(handler));
                }
            }

            server.Stop();
        }
Ejemplo n.º 23
0
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuditTrailHub("636C69656E745F6964")
            .RegisterClient(new AuditTrailHubRegistration("m2m", SignatureAlgorithm.HS256, SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU")))
            .AddFileSystemStorage();

            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(o =>
            {
                o.Authority = Configuration["authentication:authority"];
                o.Audience  = Configuration["authentication:audience"];
            });
        }