public void JwtSecurityKeyIdentifyier_Extensibility()
{
string clauseName = "kid";
string keyId = Issuers.GotJwt;
NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause(clauseName, keyId);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(clause);
SigningCredentials signingCredentials = new SigningCredentials(KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest, keyIdentifier);
JwtHeader jwtHeader = new JwtHeader(signingCredentials);
SecurityKeyIdentifier ski = jwtHeader.SigningKeyIdentifier;
Assert.IsFalse(ski.Count != 1, "ski.Count != 1 ");
NamedKeySecurityKeyIdentifierClause clauseOut = ski.Find <NamedKeySecurityKeyIdentifierClause>();
Assert.IsFalse(clauseOut == null, "NamedKeySecurityKeyIdentifierClause not found");
Assert.IsFalse(clauseOut.Name != clauseName, "clauseOut.Id != clauseId");
Assert.IsFalse(clauseOut.KeyIdentifier != keyId, "clauseOut.KeyIdentifier != keyId");
NamedKeySecurityToken NamedKeySecurityToken = new NamedKeySecurityToken(clauseName, new SecurityKey[] { KeyingMaterial.SymmetricSecurityKey_256 });
Assert.IsFalse(!NamedKeySecurityToken.MatchesKeyIdentifierClause(clause), "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed");
List <SecurityKey> list = new List <SecurityKey>()
{
KeyingMaterial.SymmetricSecurityKey_256
};
Dictionary <string, IList <SecurityKey> > keys = new Dictionary <string, IList <SecurityKey> >()
{
{ "kid", list },
};
NamedKeyIssuerTokenResolver nkitr = new NamedKeyIssuerTokenResolver(keys: keys);
SecurityKey sk = nkitr.ResolveSecurityKey(clause);
Assert.IsFalse(sk == null, "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed");
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken jwt = handler.CreateToken(issuer: Issuers.GotJwt, signingCredentials: signingCredentials) as JwtSecurityToken;
handler.Configuration = new SecurityTokenHandlerConfiguration()
{
IssuerTokenResolver = new NamedKeyIssuerTokenResolver(keys: keys),
AudienceRestriction = new AudienceRestriction(AudienceUriMode.Never),
IssuerNameRegistry = new SetNameIssuerNameRegistry("http://GotJwt.com"),
};
handler.ValidateToken(jwt);
}
public void NamedKeySecurityKeyIdentifierClause_Extensibility()
{
string clauseName = "kid";
string keyId = Issuers.GotJwt;
NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause(clauseName, keyId);
SecurityKeyIdentifier keyIdentifier = new SecurityKeyIdentifier(clause);
SigningCredentials signingCredentials = new SigningCredentials(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest, keyIdentifier);
JwtHeader jwtHeader = new JwtHeader(signingCredentials);
SecurityKeyIdentifier ski = jwtHeader.SigningKeyIdentifier;
Assert.AreEqual(ski.Count, 1, "ski.Count != 1 ");
NamedKeySecurityKeyIdentifierClause clauseOut = ski.Find <NamedKeySecurityKeyIdentifierClause>();
Assert.IsNotNull(clauseOut, "NamedKeySecurityKeyIdentifierClause not found");
Assert.AreEqual(clauseOut.Name, clauseName, "clauseOut.Id != clauseId");
Assert.AreEqual(clauseOut.Id, keyId, "clauseOut.KeyIdentifier != keyId");
NamedKeySecurityToken NamedKeySecurityToken = new NamedKeySecurityToken(clauseName, keyId, new SecurityKey[] { KeyingMaterial.DefaultSymmetricSecurityKey_256 });
Assert.IsTrue(NamedKeySecurityToken.MatchesKeyIdentifierClause(clause), "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed");
List <SecurityKey> list = new List <SecurityKey>()
{
KeyingMaterial.DefaultSymmetricSecurityKey_256
};
Dictionary <string, IList <SecurityKey> > keys = new Dictionary <string, IList <SecurityKey> >()
{
{ "kid", list },
};
NamedKeyIssuerTokenResolver nkitr = new NamedKeyIssuerTokenResolver(keys: keys);
SecurityKey sk = nkitr.ResolveSecurityKey(clause);
Assert.IsNotNull(sk, "NamedKeySecurityToken.MatchesKeyIdentifierClause( clause ), failed");
}
public static SecurityKey Resolve(string token, SecurityToken securityToken, SecurityKeyIdentifier keyIdentifier, TokenValidationParameters validationParameters)
{
try
{
var kid = keyIdentifier.Find <NamedKeySecurityKeyIdentifierClause>().Id;
SecurityKey key;
if (keyStore.TryGetValue(kid, out key))
{
Trace.TraceInformation($"Resolved issuer signing key for {keyIdentifier.ToLongString()}");
return(key);
}
else
{
Trace.TraceWarning($"Failed to resolve issuer signing key for {keyIdentifier.ToLongString()}");
}
}
catch (Exception ex)
{
Trace.TraceError($"Exception raised while resolving issuer signing key for {keyIdentifier.ToLongString()}: {ex}");
}
return(null);
}
