C# (CSharp) ICoreSettings.GetSigningCertificate Examples

Example #1

File: TokenValidator.cs Project: onebeatconsumer/Thinktecture.IdentityServer.v3

        protected virtual Task <TokenValidationResult> ValidateJwtAccessTokenAsync(string jwt)
        {
            var handler = new JwtSecurityTokenHandler();

            handler.Configuration = new SecurityTokenHandlerConfiguration();
            handler.Configuration.CertificateValidationMode = X509CertificateValidationMode.None;
            handler.Configuration.CertificateValidator      = X509CertificateValidator.None;

            var parameters = new TokenValidationParameters
            {
                ValidIssuer     = _settings.GetIssuerUri(),
                SigningToken    = new X509SecurityToken(_settings.GetSigningCertificate()),
                AllowedAudience = string.Format(Constants.AccessTokenAudience, _settings.GetIssuerUri())
            };

            try
            {
                var id = handler.ValidateToken(jwt, parameters);

                return(Task.FromResult(new TokenValidationResult
                {
                    Claims = id.Claims
                }));
            }
            catch (Exception ex)
            {
                _logger.ErrorFormat("JWT token validation error: {0}", ex.ToString());

                return(Task.FromResult(new TokenValidationResult
                {
                    IsError = true,
                    Error = Constants.ProtectedResourceErrors.InvalidToken
                }));
            }
        }

Example #2

File: DefaultTokenService.cs Project: onebeatconsumer/Thinktecture.IdentityServer.v3

        public virtual async Task <string> CreateSecurityTokenAsync(Token token)
        {
            if (token.Type == Constants.TokenTypes.AccessToken)
            {
                if (token.Client.AccessTokenType == AccessTokenType.JWT)
                {
                    return(CreateJsonWebToken(
                               token,
                               new X509SigningCredentials(_settings.GetSigningCertificate())));
                }
                else
                {
                    var handle = Guid.NewGuid().ToString("N");
                    await _tokenHandles.StoreAsync(handle, token);

                    return(handle);
                }
            }

            if (token.Type == Constants.TokenTypes.IdentityToken)
            {
                SigningCredentials credentials;
                if (token.Client.IdentityTokenSigningKeyType == SigningKeyTypes.ClientSecret)
                {
                    credentials = new HmacSigningCredentials(token.Client.ClientSecret);
                }
                else
                {
                    credentials = new X509SigningCredentials(_settings.GetSigningCertificate());
                }

                return(CreateJsonWebToken(token, credentials));
            }

            throw new InvalidOperationException("Invalid token type.");
        }

Example #3

File: DiscoveryEndpointController.cs Project: onebeatconsumer/Thinktecture.IdentityServer.v3

        public dynamic GetKeyData()
        {
            var cert       = _settings.GetSigningCertificate();
            var cert64     = Convert.ToBase64String(cert.RawData);
            var thumbprint = Base64Url.Encode(cert.GetCertHash());

            var key = new
            {
                kty = "RSA",
                use = "sig",
                kid = thumbprint,
                x5t = thumbprint,
                x5c = new string[] { cert64 }
            };

            return(new { keys = new[] { key } });
        }