void certselect() { X509Certificate2 certSelected = null; X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine); System.IdentityModel.Tokens.X509SecurityToken securityToken; x509Store.Open(OpenFlags.ReadOnly); X509Certificate2Collection col = x509Store.Certificates; X509Certificate2Collection sel = X509Certificate2UI.SelectFromCollection(col, "Velg sertifikat", "Velg sertifikat som du skal signere med:", X509SelectionFlag.SingleSelection); RSACryptoServiceProvider csp = null; String stringToBeSigned = "Dags tekst som skal signeres!"; if (sel.Count > 0) { X509Certificate2Enumerator en = sel.GetEnumerator(); en.MoveNext(); certSelected = en.Current; //trenger vi denne? securityToken = new System.IdentityModel.Tokens.X509SecurityToken(certSelected); // se her for XML: https://msdn.microsoft.com/en-us/library/ms229745(v=vs.110).aspx // Key info: https://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.keyinfox509data(v=vs.90).aspx SignedXml signedXml = new SignedXml(); KeyInfo keyInfo = new KeyInfo(); keyInfo.AddClause(new KeyInfoX509Data(certSelected)); if (certSelected.HasPrivateKey == true) { // signer med privat nøkkel textBox1.Text += "Dette sertifikatet har privat nøkkel"; csp = (RSACryptoServiceProvider)certSelected.PrivateKey; SignXmlFile("orig.xml", "signed.xml", csp, certSelected); // SHA1Managed sha1 = new SHA1Managed(); // UnicodeEncoding encoding = new UnicodeEncoding(); //byte[] data = encoding.GetBytes(stringToBeSigned); //byte[] hash = sha1.ComputeHash(data); // Sign the hash // byte[] signature = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")); } else { // Signer med offentlig nøkkel } } x509Store.Close(); }
private ClaimsIdentityCollection ValidateTokenCore(System.IdentityModel.Tokens.SecurityToken token, bool isActorToken) { JsonWebSecurityToken jsonWebSecurityToken = token as JsonWebSecurityToken; if (jsonWebSecurityToken == null) { return(base.ValidateToken(token)); } if (base.Configuration == null) { throw new System.InvalidOperationException("No configuration."); } if (base.Configuration.IssuerNameRegistry == null) { throw new System.InvalidOperationException("No issuername registry configured."); } this.ValidateLifetime(jsonWebSecurityToken); this.ValidateAudience(jsonWebSecurityToken); System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = jsonWebSecurityToken.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken; if (x509SecurityToken != null) { base.Configuration.CertificateValidator.Validate(x509SecurityToken.Certificate); } ClaimsIdentityCollection claimsIdentityCollection = new ClaimsIdentityCollection(); ClaimsIdentity claimsIdentity = new ClaimsIdentity("Federation"); if (!isActorToken && jsonWebSecurityToken.ActorToken != null) { ValidateActorTokenForAppOnly(jsonWebSecurityToken.ActorToken); ClaimsIdentityCollection claimsIdentityCollection2 = this.ValidateActorToken(jsonWebSecurityToken.ActorToken); if (claimsIdentityCollection2.Count > 1) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Actor has multiple identities."); } claimsIdentity.Actor = claimsIdentityCollection2[0]; } string issuerName = this.GetIssuerName(jsonWebSecurityToken); foreach (JsonWebTokenClaim current in jsonWebSecurityToken.Claims) { if (claimsIdentity.Actor == null || !System.StringComparer.Ordinal.Equals("actortoken", current.ClaimType)) { string text = current.Value; if (text == null) { text = "NULL"; } claimsIdentity.Claims.Add(new Claim(current.ClaimType, text, "http://www.w3.org/2001/XMLSchema#string", issuerName)); } } if (!isActorToken && base.Configuration.SaveBootstrapTokens) { claimsIdentity.BootstrapToken = token; } claimsIdentityCollection.Add(claimsIdentity); return(claimsIdentityCollection); }
public virtual System.Collections.Generic.IDictionary <string, string> CreateHeaderClaims() { System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal); dictionary.Add("typ", "JWT"); if (this.SigningCredentials != null) { if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256") == 0) { Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials x509SigningCredentials = this.SigningCredentials as Microsoft.IdentityModel.SecurityTokenService.X509SigningCredentials; if (x509SigningCredentials == null) { throw new System.InvalidOperationException("JWT token is not valid. RSA signature requires X509SigningCredentials"); } dictionary.Add("alg", "RS256"); dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SigningCredentials.Certificate.GetCertHash())); } else if (System.StringComparer.Ordinal.Compare(this.SigningCredentials.SignatureAlgorithm, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256") == 0) { dictionary.Add("alg", "HS256"); } } else if (this.IssuerToken != null) { System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = this.IssuerToken as System.IdentityModel.Tokens.X509SecurityToken; if (x509SecurityToken != null) { dictionary.Add("alg", "RS256"); dictionary.Add("x5t", Base64UrlEncoder.Encode(x509SecurityToken.Certificate.GetCertHash())); } else if (this.IssuerToken is BinarySecretSecurityToken) { dictionary.Add("alg", "HS256"); } } else { dictionary.Add("alg", "none"); } return(dictionary); }
protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken) { Utility.VerifyNonNullArgument("signingToken", signingToken); bool flag = false; System.IdentityModel.Tokens.SecurityToken result = null; if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal)) { System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken; if (x509SecurityToken == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature."); } System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider; if (rSACryptoServiceProvider == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm."); } using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider)) { flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature)); if (flag) { result = signingToken; } goto IL_133; } } if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal)) { byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput); byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature); using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator()) { while (enumerator.MoveNext()) { System.IdentityModel.Tokens.SecurityKey current = enumerator.Current; System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey; if (symmetricSecurityKey != null) { using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey)) { flag = symmetricSignatureProvider.Verify(bytes, signature2); if (flag) { result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey()); break; } } } } goto IL_133; } } throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm."); IL_133: if (!flag) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature."); } return(result); }