public async Task <string> GenerateIdTokenAsync(Client client, JwsPayload jwsPayload) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (jwsPayload == null) { throw new ArgumentNullException(nameof(jwsPayload)); } var signedResponseAlg = client.GetIdTokenSignedResponseAlg(); var encryptResponseAlg = client.GetIdTokenEncryptedResponseAlg(); var encryptResponseEnc = client.GetIdTokenEncryptedResponseEnc(); if (signedResponseAlg == null) { signedResponseAlg = JwsAlg.RS256; } var idToken = await _jwtGenerator.SignAsync(jwsPayload, signedResponseAlg.Value); if (encryptResponseAlg == null) { return(idToken); } if (encryptResponseEnc == null) { encryptResponseEnc = JweEnc.A128CBC_HS256; } return(await _jwtGenerator.EncryptAsync(idToken, encryptResponseAlg.Value, encryptResponseEnc.Value)); }
public async Task When_Encrypt_Jws_Then_Jwe_Is_Returned() { // ARRANGE InitializeMockObjects(); var client = FakeOpenIdAssets.GetClients().First(); client.IdTokenEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5; var serializedRsa = string.Empty; using (var provider = new RSACryptoServiceProvider()) { serializedRsa = provider.ToXmlString(true); }; var jsonWebKey = new JsonWebKey { Alg = AllAlg.RSA1_5, KeyOps = new[] { KeyOperations.Encrypt, KeyOperations.Decrypt }, Kid = "3", Kty = KeyType.RSA, Use = Use.Enc, SerializedKey = serializedRsa, }; var jws = "jws"; ICollection <JsonWebKey> jwks = new List <JsonWebKey> { jsonWebKey }; _jsonWebKeyRepositoryStub.Setup(j => j.GetByAlgorithmAsync(It.IsAny <Use>(), It.IsAny <AllAlg>(), It.IsAny <KeyOperations[]>())) .Returns(Task.FromResult(jwks)); _clientRepositoryStub.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())).Returns(Task.FromResult(client)); // ACT var jwe = await _jwtGenerator.EncryptAsync(jws, JweAlg.RSA1_5, JweEnc.A128CBC_HS256); // ASSERT Assert.NotEmpty(jwe); }
public async Task <UserInfoResult> Execute(string accessToken) { if (string.IsNullOrWhiteSpace(accessToken)) { throw new ArgumentNullException(nameof(accessToken)); } // Check if the access token is still valid otherwise raise an authorization exception. GrantedTokenValidationResult valResult; if (!((valResult = await _grantedTokenValidator.CheckAccessTokenAsync(accessToken)).IsValid)) { throw new AuthorizationException(valResult.MessageErrorCode, valResult.MessageErrorDescription); } var grantedToken = await _tokenStore.GetAccessToken(accessToken); var client = await _clientRepository.GetClientByIdAsync(grantedToken.ClientId); if (client == null) { throw new IdentityServerException(ErrorCodes.InvalidToken, string.Format(ErrorDescriptions.TheClientIdDoesntExist, grantedToken.ClientId)); } var signedResponseAlg = client.GetUserInfoSignedResponseAlg(); var userInformationPayload = grantedToken.UserInfoPayLoad; if (userInformationPayload == null) { throw new IdentityServerException(ErrorCodes.InvalidToken, ErrorDescriptions.TheTokenIsNotAValidResourceOwnerToken); } if (signedResponseAlg == null || signedResponseAlg.Value == JwsAlg.none) { var objectResult = new ObjectResult(grantedToken.UserInfoPayLoad) { StatusCode = (int)HttpStatusCode.OK }; objectResult.ContentTypes.Add(new MediaTypeHeaderValue("application/json")); objectResult.Formatters.Add(new JsonOutputFormatter(new JsonSerializerSettings(), ArrayPool <char> .Shared)); return(new UserInfoResult { Content = objectResult }); } var jwt = await _jwtGenerator.SignAsync(userInformationPayload, signedResponseAlg.Value); var encryptedResponseAlg = client.GetUserInfoEncryptedResponseAlg(); var encryptedResponseEnc = client.GetUserInfoEncryptedResponseEnc(); if (encryptedResponseAlg != null) { if (encryptedResponseEnc == null) { encryptedResponseEnc = JweEnc.A128CBC_HS256; } jwt = await _jwtGenerator.EncryptAsync(jwt, encryptedResponseAlg.Value, encryptedResponseEnc.Value); } return(new UserInfoResult { Content = new ContentResult { Content = jwt, StatusCode = (int)HttpStatusCode.OK, ContentType = "application/jwt", } }); }