public IKeySelectorResult select(KeyInfo keyInfo, Purpose purpose, AlgorithmMethod method, XMLCryptoContext context)
{
if (null == keyInfo)
{
throw new Exception("no ds:KeyInfo present");
}
List <XMLStructure> keyInfoContent = keyInfo.Content;
certChain.Clear();
foreach (XMLStructure keyInfoStructure in keyInfoContent)
{
if (!(keyInfoStructure is X509Data))
{
continue;
}
X509Data x509Data = (X509Data)keyInfoStructure;
List <Object> x509DataList = x509Data.Content;
foreach (Object x509DataObject in x509DataList)
{
if (!(x509DataObject is X509Certificate))
{
continue;
}
X509Certificate certificate = (X509Certificate)x509DataObject;
certChain.Add(certificate);
}
}
if (certChain.Count == 0)
{
throw new Exception("No key found!");
}
return(this);
}
public override KeySelectorResult select(javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo,
Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
{//throws KeySelectorException {
return(new IAC_KeySelectorResult(this));
}
/// <summary>
/// Creates an instance of <see cref="System.Security.Cryptography.HMAC"/> based on <see cref="AlgorithmMethod"/>.)
/// </summary>
/// <param name="method">Algorithm method.</param>
/// <param name="key">Key used to instanciate the <see cref="System.Security.Cryptography.HMAC"/> algorithm class.</param>
/// <returns>A new instance of <see cref="System.Security.Cryptography.HMAC"/>.</returns>
private HMAC CreateAlgorithm(AlgorithmMethod method, byte[] key)
{
switch (method)
{
case AlgorithmMethod.HS256: return(new HMACSHA256(key));
case AlgorithmMethod.HS384: return(new HMACSHA384(key));
default: return(new HMACSHA512(key));
}
}
/// <summary>
/// Creates a JWT token in the format of {header}.{claims}.{signature}.
/// </summary>
/// <param name="claims">User claims, also known as token payload information.</param>
/// <param name="method">Algoritm method to be used.</param>
/// <param name="key">The key used to sign the token.</param>
/// <param name="expirationTime">The <see cref="RegisteredClaims.ExpirationTime"/>.</param>
/// <returns>JWT token in the format of {header}.{claims}.{signature}.</returns>
public string CreateToken(byte[] key, Dictionary <string, object> claims, AlgorithmMethod method, DateTime?expirationTime)
{
if (claims == null)
{
claims = new Dictionary <string, object>();
}
var header = new Dictionary <string, string>()
{
{ "alg", method.ToString() },
{ "typ", "JWT" }
};
IncludeExpirationTime(claims, expirationTime);
var encodedHeader = _base64Url.Encode(GetBytes(JsonConvert.SerializeObject(header)));
var encodedPayload = _base64Url.Encode(GetBytes(JsonConvert.SerializeObject(claims)));
var encodedSignature = CreateSignature(method, key, encodedHeader, encodedPayload);
return($"{encodedHeader}.{encodedPayload}.{encodedSignature}");
}
/// <summary>
/// Finds the gcd of two or more numbers and measures the search time.
/// </summary>
/// <param name="method">Find gcd algorithm.</param>
/// <param name="workTimeMilliseconds">Spended time.</param>
/// <param name="num1">First integer.</param>
/// <param name="num2">Second integer.</param>
/// <param name="numbers">Additional integers.</param>
/// <returns></returns>
protected static int GetGCD(AlgorithmMethod method, out double workTimeMilliseconds, params int[] numbers)
{
numbers = RemoveZeros(numbers);
var watcher = new Stopwatch();
var gcd = 0;
watcher.Start();
if (numbers.Length == 0)
{
gcd = 0;
}
else
{
gcd = Math.Abs(method(numbers));
}
watcher.Stop();
workTimeMilliseconds = watcher.ElapsedMilliseconds;
return(gcd);
}
/**
* Attempts to find a key that satisfies the specified constraints.
*
* @param keyInfo a <code>KeyInfo</code> (may be <code>null</code>)
* @param purpose the key's purpose ({@link Purpose#SIGN},
* {@link Purpose#VERIFY}, {@link Purpose#ENCRYPT}, or
* {@link Purpose#DECRYPT})
* @param method the algorithm method that this key is to be used for.
* Only keys that are compatible with the algorithm and meet the
* constraints of the specified algorithm should be returned.
* @param context an <code>XMLCryptoContext</code> that may contain
* useful information for finding an appropriate key. If this key
* selector supports resolving {@link RetrievalMethod} types, the
* context's <code>baseURI</code> and <code>dereferencer</code>
* parameters (if specified) should be used by the selector to
* resolve and dereference the URI.
* @return the result of the key selector
* @throws KeySelectorException if an exceptional condition occurs while
* attempting to find a key. Note that an inability to find a key is not
* considered an exception (<code>null</code> should be
* returned in that case). However, an error condition (ex: network
* communications failure) that prevented the <code>KeySelector</code>
* from finding a potential key should be considered an exception.
* @throws ClassCastException if the data type of <code>method</code>
* is not supported by this key selector
*/
public abstract KeySelectorResult select(javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo, Purpose purpose,
AlgorithmMethod method, XMLCryptoContext context)
;// throws KeySelectorException;
/// <summary>
/// Creates a valid signature based on the algorithm, key, header and claims/payload.
/// </summary>
/// <param name="method">Algorith used to calculate the signature hash.</param>
/// <param name="key">Key used to hash the signature.</param>
/// <param name="encodedHeader">Encoded JWT header.</param>
/// <param name="encodedClaims">Encoded JWT payload or claims.</param>
/// <returns></returns>
private string CreateSignature(AlgorithmMethod method, byte[] key, string encodedHeader, string encodedClaims)
{
return(_base64Url.Encode(CreateAlgorithm(method, key).ComputeHash(GetBytes($"{encodedHeader}.{encodedClaims}"))));
}
/// <summary>
/// Creates a JWT token in the format of {header}.{claims}.{signature}.
/// </summary>
/// <param name="key">The key used to sign the token.</param>
/// <param name="claims">User claims, also known as token payload information.</param>
/// <param name="method">Algoritm method to be used.</param>
/// <returns>JWT token in the format of {header}.{claims}.{signature}.</returns>
public string CreateToken(byte[] key, Dictionary <string, object> claims, AlgorithmMethod method)
{
return(CreateToken(key, claims, method, null));
}
/// <summary>
/// Creates a JWT token in the format of {header}.{claims}.{signature}.
/// </summary>
/// <param name="key">The key used to sign the token.</param>
/// <param name="method">Algoritm method to be used.</param>
/// <returns>JWT token in the format of {header}.{claims}.{signature}.</returns>
public string CreateToken(byte[] key, AlgorithmMethod method)
{
return(CreateToken(key, null, method, null));
}
/**
* Attempts to find a key that satisfies the specified constraints.
*
* @param keyInfo a <code>KeyInfo</code> (may be <code>null</code>)
* @param purpose the key's purpose ({@link Purpose#SIGN},
* {@link Purpose#VERIFY}, {@link Purpose#ENCRYPT}, or
* {@link Purpose#DECRYPT})
* @param method the algorithm method that this key is to be used for.
* Only keys that are compatible with the algorithm and meet the
* constraints of the specified algorithm should be returned.
* @param context an <code>XMLCryptoContext</code> that may contain
* useful information for finding an appropriate key. If this key
* selector supports resolving {@link RetrievalMethod} types, the
* context's <code>baseURI</code> and <code>dereferencer</code>
* parameters (if specified) should be used by the selector to
* resolve and dereference the URI.
* @return the result of the key selector
* @throws KeySelectorException if an exceptional condition occurs while
* attempting to find a key. Note that an inability to find a key is not
* considered an exception (<code>null</code> should be
* returned in that case). However, an error condition (ex: network
* communications failure) that prevented the <code>KeySelector</code>
* from finding a potential key should be considered an exception.
* @throws ClassCastException if the data type of <code>method</code>
* is not supported by this key selector
*/
public abstract KeySelectorResult select(javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo, Purpose purpose,
AlgorithmMethod method, XMLCryptoContext context);
public override KeySelectorResult select(javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo,
Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
{
//throws KeySelectorException {
return new IAC_KeySelectorResult(this);
}