protected override IEnumerable <Claim> GetClaims(BankIdGetSessionResponse loginResult)
{
var personalIdentityNumber = SwedishPersonalIdentityNumber.Parse(loginResult.UserAttributes.PersonalIdentityNumber);
var claims = new List <Claim>
{
new Claim(GrandIdClaimTypes.Subject, personalIdentityNumber.To12DigitString()),
new Claim(GrandIdClaimTypes.Name, loginResult.UserAttributes.Name),
new Claim(GrandIdClaimTypes.FamilyName, loginResult.UserAttributes.Surname),
new Claim(GrandIdClaimTypes.GivenName, loginResult.UserAttributes.GivenName),
new Claim(GrandIdClaimTypes.SwedishPersonalIdentityNumber, personalIdentityNumber.To10DigitString())
};
if (Options.IssueGenderClaim)
{
var jwtGender = JwtSerializer.GetGender(personalIdentityNumber.GetGenderHint());
if (!string.IsNullOrEmpty(jwtGender))
{
claims.Add(new Claim(GrandIdClaimTypes.Gender, jwtGender));
}
}
if (Options.IssueBirthdateClaim)
{
var jwtBirthdate = JwtSerializer.GetBirthdate(personalIdentityNumber.GetDateOfBirthHint());
claims.Add(new Claim(GrandIdClaimTypes.Birthdate, jwtBirthdate));
}
return(claims);
}
private void AddOptionalClaims(List <Claim> claims, SwedishPersonalIdentityNumber personalIdentityNumber, DateTimeOffset?expiresUtc)
{
if (expiresUtc.HasValue)
{
claims.Add(new Claim(BankIdClaimTypes.Expires, JwtSerializer.GetExpires(expiresUtc.Value)));
}
if (Options.IssueAuthenticationMethodClaim)
{
claims.Add(new Claim(BankIdClaimTypes.AuthenticationMethod, Options.AuthenticationMethodName));
}
if (Options.IssueIdentityProviderClaim)
{
claims.Add(new Claim(BankIdClaimTypes.IdentityProvider, Options.IdentityProviderName));
}
if (Options.IssueGenderClaim)
{
var jwtGender = JwtSerializer.GetGender(personalIdentityNumber.GetGenderHint());
if (!string.IsNullOrEmpty(jwtGender))
{
claims.Add(new Claim(BankIdClaimTypes.Gender, jwtGender));
}
}
if (Options.IssueBirthdateClaim)
{
var jwtBirthdate = JwtSerializer.GetBirthdate(personalIdentityNumber.GetDateOfBirthHint());
claims.Add(new Claim(BankIdClaimTypes.Birthdate, jwtBirthdate));
}
}
public void HMACSHA512_2Iterations()
{
var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 2, SALT);
var payload = new Dictionary <string, string>()
{
{ "test", "test" }
};
var jwt = serializer.Serialize(payload);
payload = serializer.Deserialize(jwt);
Assert.True(payload.ContainsKey("test"));
Assert.Equal("test", payload["test"]);
}
public void DifferentAlgorithmsProduceDifferentTokens()
{
var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 1, SALT);
var payload = new Dictionary <string, string>()
{
{ "test", "test" }
};
var jwt512 = serializer.Serialize(payload);
serializer.Algorithm = JwtHashAlgorithm.HMACSHA256;
var jwt256 = serializer.Serialize(payload);
Assert.NotEqual(jwt512, jwt256);
}
public void TamperingCausesTamperingException()
{
var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 2, SALT);
var payload = new Dictionary <string, string>()
{
{ "test", "test" }
};
var jwt = serializer.Serialize(payload);
jwt = jwt + "test";
var e = Assert.Throws <TamperingException>(() => serializer.Deserialize(jwt));
Assert.Equal("JWT shows signs of tampering.", e.Message);
}
public void DifferentPayloadsProduceDifferentTokens()
{
var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 1, SALT);
var payload = new Dictionary <string, string>()
{
{ "test", "test" }
};
var jwt1 = serializer.Serialize(payload);
payload.Add("test2", "test2");
var jwt2 = serializer.Serialize(payload);
Assert.NotEqual(jwt1, jwt2);
}
private IEnumerable <Claim> GetBaseClaims(DateTimeOffset?expiresUtc)
{
var claims = new List <Claim>();
if (expiresUtc.HasValue)
{
claims.Add(new Claim(GrandIdClaimTypes.Expires, JwtSerializer.GetExpires(expiresUtc.Value)));
}
if (Options.IssueAuthenticationMethodClaim)
{
claims.Add(new Claim(GrandIdClaimTypes.AuthenticationMethod, Options.AuthenticationMethodName));
}
if (Options.IssueIdentityProviderClaim)
{
claims.Add(new Claim(GrandIdClaimTypes.IdentityProvider, Options.IdentityProviderName));
}
return(claims);
}