static void ReadMulticastFooter(int streamVersion, CKBinaryReader r, StreamLogType t, out string gId, out string mId, out int depth, out LogEntryType prevType, out DateTimeStamp prevTime) { if (streamVersion == 9) { gId = r.ReadString(); mId = r.ReadString(); depth = r.ReadNonNegativeSmallInt32(); Throw.CheckData(mId == GrandOutput.ExternalLogMonitorUniqueId || Base64UrlHelper.IsBase64UrlCharacters(mId)); } else { gId = GrandOutput.UnknownGrandOutputId; Debug.Assert(Guid.Empty.ToByteArray().Length == 16); mId = streamVersion < 8 ? new Guid(r.ReadBytes(16)).ToString() : r.ReadString(); depth = streamVersion < 6 ? r.ReadInt32() : r.ReadNonNegativeSmallInt32(); if (streamVersion >= 8) { Throw.CheckData(mId == GrandOutput.ExternalLogMonitorUniqueId || Base64UrlHelper.IsBase64UrlCharacters(mId)); } } Throw.CheckData(gId == GrandOutput.UnknownGrandOutputId || Base64UrlHelper.IsBase64UrlCharacters(gId)); Throw.CheckData(depth >= 0); prevType = LogEntryType.None; prevTime = DateTimeStamp.Unknown; if ((t & StreamLogType.IsPreviousKnown) != 0) { prevTime = new DateTimeStamp(DateTime.FromBinary(r.ReadInt64()), (t & StreamLogType.IsPreviousKnownHasUniquifier) != 0 ? r.ReadByte() : (Byte)0); prevType = (LogEntryType)r.ReadByte(); } }
public string EncodeCompact() { string ret = encoded_header + "."; if (encrypted_key != null) { ret += Base64UrlHelper.Encode(encrypted_key); } ret += "."; if (init_vector != null) { ret += Base64UrlHelper.Encode(init_vector); } ret += "."; if (ciphertext != null) { ret += Base64UrlHelper.Encode(ciphertext); } ret += "."; if (auth_tag != null) { ret += Base64UrlHelper.Encode(auth_tag); } return(ret); }
/// <summary> /// Encrypt SD data with exchange key. /// </summary> /// <param name="plaintextList"></param> /// <param name="cert">Exchange key</param> /// <returns></returns> public SecurityDomainRestoreData EncryptForRestore(PlaintextList plaintextList, X509Certificate2 cert) { try { SecurityDomainRestoreData securityDomainRestoreData = new SecurityDomainRestoreData(); securityDomainRestoreData.EncData.kdf = "sp108_kdf"; byte[] master_key = Utils.GetRandom(32); foreach (Plaintext p in plaintextList.list) { Datum datum = new Datum(); HMACSHA512 hmac = new HMACSHA512(); byte[] enc_key = KDF.sp800_108(master_key, p.tag, "", hmac, 512); datum.tag = p.tag; JWE jwe = new JWE(); jwe.Encrypt(enc_key, p.plaintext, "A256CBC-HS512", p.tag); datum.compact_jwe = jwe.EncodeCompact(); securityDomainRestoreData.EncData.data.Add(datum); } // Now go make the wrapped key JWE jwe_wrapped = new JWE(); jwe_wrapped.Encrypt(cert, master_key); securityDomainRestoreData.WrappedKey.enc_key = jwe_wrapped.EncodeCompact(); securityDomainRestoreData.WrappedKey.x5t_256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert)); return(securityDomainRestoreData); } catch (Exception ex) { throw new Exception("Failed to encrypt security domain data for restoring.", ex); } }
private string CreateJwk(RSAParameters rsaKeyInfo, out string keyId) { string modulus = Base64UrlHelper.Encode(rsaKeyInfo.Modulus); string exp = Base64UrlHelper.Encode(rsaKeyInfo.Exponent); SHA256 sha256 = SHA256.Create(); byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(modulus + exp)); StringBuilder hex = new StringBuilder(hash.Length * 2); for (int i = 0; i < hash.Length; ++i) { hex.AppendFormat("{0:x2}", hash[i]); } keyId = hex.ToString(); Dictionary <string, object> jwk = new Dictionary <string, object> { { "kty", "RSA" }, { "kid", keyId }, { "n", modulus }, { "e", exp } }; return(JsonConvert.SerializeObject(jwk)); }
public static string GetClaimsChallenge(HttpResponseMessage response) { return(ParseWwwAuthenticate(response)? .Where((p) => string.Equals(p.Item1, "claims", StringComparison.OrdinalIgnoreCase)) .Select(p => Base64UrlHelper.DecodeToString(p.Item2)) .FirstOrDefault()); }
public void LoadKey(KeyPath path) { CertKey certKey = new CertKey(); certKey.Load(path); string encodedThumbprint = Base64UrlHelper.Encode(certKey.GetThumbprint()); _keys.Add(encodedThumbprint, certKey); }
public void EncodeHeader() { string header_json = JsonConvert.SerializeObject( protected_header, Formatting.None, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }); encoded_header = Base64UrlHelper.Encode(header_json); }
public AcrToken(string token) { _token = token; string decodedToken = Base64UrlHelper.DecodeToString(_token.Split('.')[1]); int unixTimeSeconds = JsonDocument.Parse(decodedToken) .RootElement .EnumerateObject() .Where(p => p.Name == "exp") .Select(p => p.Value.GetInt32()) .First(); _exp = DateTimeOffset.FromUnixTimeSeconds(unixTimeSeconds).UtcDateTime; }
/// <summary> /// Initializes a new <see cref="RemoteIdentityOptions"/>. /// </summary> /// <param name="remoteDomainNameOverride">See <see cref="RemoteDomainNameOverride"/>.</param> /// <param name="remoteEnvironmentNameOverride">See <see cref="RemoteEnvironmentNameOverride"/>.</param> /// <param name="remotePartyNameOverride">See <see cref="RemotePartyNameOverride"/>.</param> public RemoteIdentityOptions(string?remoteDomainNameOverride = null, string?remoteEnvironmentNameOverride = null, string?remotePartyNameOverride = null) { Throw.CheckArgument(remoteDomainNameOverride == null || CoreApplicationIdentity.Builder.IsValidIdentifier(remoteDomainNameOverride)); Throw.CheckArgument(string.IsNullOrEmpty(remoteEnvironmentNameOverride) || CoreApplicationIdentity.Builder.IsValidIdentifier(remoteEnvironmentNameOverride)); Throw.CheckArgument(remotePartyNameOverride == null || Base64UrlHelper.IsBase64Url(remotePartyNameOverride)); RemoteDomainNameOverride = remoteDomainNameOverride; RemoteEnvironmentNameOverride = remoteEnvironmentNameOverride; RemotePartyNameOverride = remotePartyNameOverride; }
public JweDecode(string compact_jwe) { string[] parts = compact_jwe.Split('.'); if (parts.Length != 5) { throw new Exception("Malformed input"); } encoded_header = parts[0]; string header = Base64UrlHelper.DecodeToString(encoded_header); encrypted_key = Base64UrlHelper.DecodeToBytes(parts[1]); init_vector = Base64UrlHelper.DecodeToBytes(parts[2]); ciphertext = Base64UrlHelper.DecodeToBytes(parts[3]); auth_tag = Base64UrlHelper.DecodeToBytes(parts[4]); protected_header = JsonConvert.DeserializeObject <JWE_header>(header); }
public LocalParty(string domainName, string environmentName, string partyName, StandardKeysConfiguration keysConfiguration, IApplicationIdentityClock clock, IKeyStore?keyStore, TrustedPartyConfiguration?localConfiguration = null) : base(domainName, environmentName, partyName, localConfiguration) { Throw.CheckArgument(domainName != null && CoreApplicationIdentity.Builder.IsValidIdentifier(domainName)); Throw.CheckArgument(environmentName != null && (environmentName == "" || CoreApplicationIdentity.Builder.IsValidIdentifier(environmentName))); Throw.CheckArgument(partyName != null && Base64UrlHelper.IsBase64Url(partyName)); _keyExchangeRequired = new PerfectEventSender <KeyExchangeRequiredEventArgs>(); _remotes = new ConcurrentDictionary <string, RemoteParty>(); _exposed = _remotes.AsIReadOnlyDictionary <string, RemoteParty, IRemoteParty>(); KeyFactory = new KeyFactory(keysConfiguration, clock.Clock); KeyStore = keyStore; DomainName = domainName; EnvironmentName = environmentName; _appClock = clock; }
void SetX5t256(X509Certificate2 cert) { x5t_S256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert)); }
void SetX5t(X509Certificate2 cert) { x5t = Base64UrlHelper.Encode(ToByteArray(cert.Thumbprint)); }
void SetModulus(byte[] modulus) { n = Base64UrlHelper.Encode(modulus); }
void SetExponent(byte[] exp) { e = Base64UrlHelper.Encode(exp); }
public override void ExecuteCmdlet() { base.ExecuteCmdlet(); string resourceUrlOrId; if (ParameterSetName == KnownResourceNameParameterSet) { if (ResourceTypeName == null) { ResourceTypeName = SupportedResourceNames.Arm; } if (!SupportedResourceNames.ResourceNameMap.ContainsKey(ResourceTypeName)) { throw new ArgumentException(Properties.Resources.InvalidResourceTypeName.FormatInvariant(ResourceTypeName), nameof(ResourceTypeName)); } resourceUrlOrId = SupportedResourceNames.ResourceNameMap[ResourceTypeName]; } else { resourceUrlOrId = ResourceUrl; } IAzureContext context = DefaultContext; if (TenantId == null) { TenantId = context.Tenant?.Id; } IAccessToken accessToken = AzureSession.Instance.AuthenticationFactory.Authenticate( context.Account, context.Environment, TenantId, null, ShowDialog.Never, null, null, resourceUrlOrId); var result = new PSAccessToken() { Token = accessToken.AccessToken, TenantId = TenantId, UserId = accessToken.UserId, }; result.ExpiresOn = (accessToken as MsalAccessToken)?.ExpiresOn ?? result.ExpiresOn; if (result.ExpiresOn == default(DateTimeOffset)) { try { var tokenParts = accessToken.AccessToken.Split('.'); var decodedToken = Base64UrlHelper.DecodeToString(tokenParts[1]); var tokenDocument = JsonDocument.Parse(decodedToken); int expSeconds = tokenDocument.RootElement.EnumerateObject() .Where(p => p.Name == "exp") .Select(p => p.Value.GetInt32()) .First(); result.ExpiresOn = UnixEpoch.AddSeconds(expSeconds); } catch (Exception e)//Ignore exception if fails to parse exp from token { WriteDebug("Unable to parse exp in token: " + e.ToString()); } } WriteObject(result); }