/// <summary>
        /// Generate a JWT with the provided information and sign it with the given secret.
        /// </summary>
        /// <param name="algorithm">The encryption type - default:HS256</param>
        /// <returns>Signed JWT authorizing the grants configured on this object</returns>
        public string ToJWT(JwtHashAlgorithm algorithm = JwtHashAlgorithm.HS256)
        {
            var headers = new Dictionary <string, object>();

            headers.Add("cty", "twilio-fpa;v=1");

            int now = ConvertToUnixTimestamp(DateTime.UtcNow);

            var grantPayload = new Dictionary <string, object>();

            if (this.Identity != null)
            {
                grantPayload.Add("identity", this.Identity);
            }

            foreach (IGrant grant in this.Grants)
            {
                grantPayload.Add(grant.GetGrantKey(), grant.GetPayload());
            }

            var payload = new Dictionary <string, object>();

            payload.Add("jti", String.Format("{0}-{1}", _signingKeySid, now));
            payload.Add("iss", _signingKeySid);
            payload.Add("sub", _accountSid);
            payload.Add("exp", now + Ttl);
            payload.Add("grants", grantPayload);

            if (this.Nbf != null)
            {
                payload.Add("nbf", this.Nbf);
            }

            return(JsonWebToken.Encode(headers, payload, _secret, algorithm));
        }
        /// <summary>
        /// Generate a JWT with the provided information and sign it with the given secret.
        /// </summary>
        /// <param name="algorithm">The encryption type - default:HS256</param>
        /// <returns>Signed JWT authorizing the grants configured on this object</returns>
        public string ToJwt(JwtHashAlgorithm algorithm = JwtHashAlgorithm.HS256)
        {
            var headers = new Dictionary <string, object> {
                { "cty", "twilio-fpa;v=1" }
            };
            var now = ConvertToUnixTimestamp(DateTime.UtcNow);

            var grantPayload = new Dictionary <string, object>();

            if (Identity != null)
            {
                grantPayload.Add("identity", Identity);
            }

            foreach (var grant in Grants)
            {
                grantPayload.Add(grant.GetGrantKey(), grant.GetPayload());
            }

            var payload = new Dictionary <string, object>
            {
                { "jti", $"{_signingKeySid}-{now}" },
                { "iss", _signingKeySid },
                { "sub", _accountSid },
                { "exp", now + Ttl },
                { "grants", grantPayload }
            };

            if (Nbf != null)
            {
                payload.Add("nbf", Nbf);
            }

            return(JsonWebToken.Encode(headers, payload, _secret, algorithm));
        }
Exemple #3
0
        /// <summary>
        /// JWT
        /// </summary>
        /// <param name="payload">载体(有效信息)</param>
        /// <param name="keyBytes">盐</param>
        /// <param name="algorithm">加密算法</param>
        /// <returns></returns>
        public static string Encode(object payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
        {
            var segments = new List <string>();

            ///jWT head 默认有2部分构成
            var header = new { alg = algorithm.ToString(), typ = "JWT" };

            byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));

            byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None));

            // JWT有三部分组成 分别是 head.payload.signature

            //1.将头部信息编码构成JWT的第一部分
            segments.Add(headerBytes.Base64UrlEncode());

            //2.将payload信息编码构成JWT的第二部分
            segments.Add(payloadBytes.Base64UrlEncode());

            //3.把base64后的头部信息跟base64后的paylod用.连接成字符串用于构成jwt的第三部分
            var stringToSign = string.Join(".", segments.ToArray());
            var bytesToSign  = Encoding.UTF8.GetBytes(stringToSign);

            //4. 根据head中的加密方式再加上盐(key)进行加密获得 jwt的第三部分 signature
            byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
            segments.Add(signature.Base64UrlEncode());

            //5.把这三部分用 . 拼接成字符串 就是最终的jwt信息了
            return(string.Join(".", segments.ToArray()));
        }
Exemple #4
0
        public void RefreshToken_Basic(JwtHashAlgorithm alg, string secretBase64)
        {
            var container = TestContainerBuilder.GetContainer(builder =>
            {
                builder.RegisterType <SymmetricKeyTokenGenerator>()
                .Keyed <ITokenGenerator>(JwtHashAlgorithm.HS256)
                .SingleInstance();
                builder.RegisterType <AsymmetricKeyPairTokenGenerator>()
                .Keyed <ITokenGenerator>(JwtHashAlgorithm.RS256)
                .SingleInstance();
            });

            var tokenGenerator = container.ResolveKeyed <ITokenGenerator>(alg);

            var issueTime    = DateTime.UtcNow;
            var userId       = 165;
            var tid          = 111;
            var secret       = Convert.FromBase64String(secretBase64);
            var refreshToken = new JsonWebToken().Encode(new
            {
                typ = "refresh_token",
                sub = $"{userId}",
                tid = $"{tid}",
                exp = new DateTimeOffset(issueTime.AddHours(8)).ToUnixTimeSeconds(),
                iat = new DateTimeOffset(issueTime).ToUnixTimeSeconds(),
                iss = "issuer",
                aud = "*"
            }, secret, alg);

            var refreshToken2 = tokenGenerator.GenerateRefreshToken(tid, issueTime, userId);

            Assert.Equal(refreshToken, refreshToken2);
        }
        private static string Encode(object payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
        {
            var segments = new List <string>();
            var header   = new
            {
                alg = algorithm.ToString(), typ = "JWT"
            };

            byte[] headerBytes  = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
            byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None));

            //计算A
            segments.Add(Base64UrlEncode(headerBytes));
            //计算B
            segments.Add(Base64UrlEncode(payloadBytes));

            var stringToSign = string.Join(".", segments.ToArray());

            var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

            //利用A和B计算C
            byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
            segments.Add(Base64UrlEncode(signature));

            return(string.Join(".", segments.ToArray()));
        }
Exemple #6
0
            public static string Encode(object payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
            {
                var segments = new List <string>();
                var header   = new { alg = algorithm.ToString(), typ = "JWT" };

                //byte[] headerBytes = Encoding.UTF8.GetBytes(JsonSerializer.Serialize(header));

                //byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonSerializer.Serialize(payload));
                //byte[] payloadBytes = Encoding.UTF8.GetBytes(@"{"iss":"*****@*****.**","scope":"https://www.googleapis.com/auth/prediction","aud":"https://accounts.google.com/o/oauth2/token","exp":1328554385,"iat":1328550785}");


                byte[] headerBytes  = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
                byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None));
                //byte[] payloadBytes = Encoding.UTF8.GetBytes(@"{"iss":"*****@*****.**","scope":"https://www.googleapis.com/auth/prediction","aud":"https://accounts.google.com/o/oauth2/token","exp":1328554385,"iat":1328550785}");

                segments.Add(Base64UrlEncode(headerBytes));
                segments.Add(Base64UrlEncode(payloadBytes));

                var stringToSign = string.Join(".", segments.ToArray());

                var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

                byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
                segments.Add(Base64UrlEncode(signature));

                return(string.Join(".", segments.ToArray()));
            }
Exemple #7
0
 /// <summary>
 /// This constructor sets the secret and the audience for the handler.
 /// </summary>
 /// <param name="id">The identifier.</param>
 /// <param name="algo">The hash algorithm to be used.</param>
 /// <param name="base64Secret">The secret byte array as a base64 string.</param>
 /// <param name="audience">The audience. This is compared when the token is received and validated.
 /// By default it is set to 'comms'</param>
 public JwtTokenAuthenticationHandler(string id, JwtHashAlgorithm algo, string base64Secret, string audience = "comms")
     : base(id, nameof(JwtTokenAuthenticationHandler))
 {
     mAlgorithm = algo;
     mSecret    = Convert.FromBase64String(base64Secret);
     mAudience  = audience;
 }
Exemple #8
0
        private static byte[] ComputeHash(JwtHashAlgorithm algorithm, byte[] key, byte[] value)
        {
            HashAlgorithm hashAlgorithm;

            switch (algorithm)
            {
            case JwtHashAlgorithm.HS256:
                hashAlgorithm = new HMACSHA256(key);
                break;

            case JwtHashAlgorithm.HS384:
                hashAlgorithm = new HMACSHA384(key);
                break;

            case JwtHashAlgorithm.HS512:
                hashAlgorithm = new HMACSHA512(key);
                break;

            default:
                throw new Exception($"Unsupported hash algorithm: '{algorithm}'.");
            }

            using (hashAlgorithm)
            {
                return(hashAlgorithm.ComputeHash(value));
            }
        }
        public static string Encode(T payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
        {
            var segments = new List <string>();

            using (var s = new MemoryStream())
                using (var w = new StreamWriter(s))
                {
                    // add header
                    var header = new JwtHeader {
                        Algorithm = algorithm.ToString(), Type = "JWT"
                    };
                    //var headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
                    _headerSerializer.Serialize(w, header); var headerBytes = s.ToArray();
                    segments.Add(Base64UrlEncode(headerBytes));
                    // add payload
                    //var payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None));
                    //var payloadBytes = Encoding.UTF8.GetBytes(@"{"iss":"*****@*****.**","scope":"https://www.googleapis.com/auth/prediction","aud":"https://accounts.google.com/o/oauth2/token","exp":1328554385,"iat":1328550785}");
                    s.SetLength(0); _payloadSerializer.Serialize(w, payload); var payloadBytes = s.ToArray();
                    segments.Add(Base64UrlEncode(payloadBytes));
                }
            // add signature
            var stringToSign = string.Join(".", segments.ToArray());
            var bytesToSign  = Encoding.UTF8.GetBytes(stringToSign);
            var signature    = HashAlgorithms[algorithm](keyBytes, bytesToSign);

            segments.Add(Base64UrlEncode(signature));
            return(string.Join(".", segments.ToArray()));
        }
Exemple #10
0
 /// <summary>
 /// This constructor sets the secret and the audience for the handler.
 /// </summary>
 /// <param name="id">The identifier.</param>
 /// <param name="algo">The hash algorithm to be used.</param>
 /// <param name="secret">The secret byte array.</param>
 /// <param name="audience">The audience. This is compared when the token is received and validated.
 /// By default it is set to 'comms'</param>
 public JwtTokenAuthenticationHandler(string id, JwtHashAlgorithm algo, byte[] secret, string audience = "comms")
     : base(id, nameof(JwtTokenAuthenticationHandler))
 {
     mAlgorithm = algo;
     mSecret    = secret;
     mAudience  = audience;
 }
        /// <summary>
        /// This method adds the Jwt authentication handler to the Microservice.
        /// </summary>
        /// <typeparam name="P">The pipeline type.</typeparam>
        /// <param name="pipeline">The pipeline.</param>
        /// <param name="identifier">The encryption type identifier.
        /// This is will be used when assigning the handler to a channel or collector.</param>
        /// <param name="algo">The HMAC algorithm.</param>
        /// <param name="secret">This is the byte array used for the HMAC secret.</param>
        /// <param name="audience">This is the audience value generated for the token and used for validation when a token is received.</param>
        /// <param name="action">The action on the handler.</param>
        /// <returns>The pipeline.</returns>
        public static P AddAuthenticationHandlerJwtToken <P>(this P pipeline
                                                             , string identifier
                                                             , JwtHashAlgorithm algo
                                                             , byte[] secret
                                                             , string audience = "comms"
                                                             , Action <IAuthenticationHandler> action = null)
            where P : IPipeline
        {
            if (algo == JwtHashAlgorithm.None)
            {
                throw new ArgumentOutOfRangeException("JwtHashAlgorithm.None is not supported.");
            }

            if (secret == null || secret.Length == 0)
            {
                throw new ArgumentNullException($"secret cannot be null or empty for {nameof(AddJwtTokenAuthenticationHandler)}");
            }

            var handler = new JwtTokenAuthenticationHandler(algo, secret, audience: audience);

            action?.Invoke(handler);

            pipeline.Service.Security.RegisterAuthenticationHandler(identifier, handler);

            return(pipeline);
        }
        /// <summary>
        /// This method adds the Jwt authentication handler to the Microservice.
        /// </summary>
        /// <typeparam name="P">The pipeline type.</typeparam>
        /// <param name="pipeline">The pipeline.</param>
        /// <param name="identifier">The encryption type identifier.
        /// This is will be used when assigning the handler to a channel or collector.</param>
        /// <param name="algo">The HMAC algorithm.</param>
        /// <param name="base64Secret">This is the base64 encoded byte array used for the HMAC secret.</param>
        /// <param name="action">The action on the handler.</param>
        /// <returns>The pipeline.</returns>
        public static P AddJwtTokenAuthenticationHandler <P>(this P pipeline
                                                             , string identifier
                                                             , JwtHashAlgorithm algo
                                                             , string base64Secret
                                                             , Action <IAuthenticationHandler> action = null)
            where P : IPipeline
        {
            if (algo == JwtHashAlgorithm.None)
            {
                throw new ArgumentOutOfRangeException("JwtHashAlgorithm.None is not supported.");
            }

            if (string.IsNullOrEmpty(base64Secret))
            {
                throw new ArgumentNullException($"base64Secret cannot be null or empty for {nameof(AddJwtTokenAuthenticationHandler)}");
            }

            var handler = new JwtTokenAuthenticationHandler(algo, base64Secret);

            action?.Invoke(handler);

            pipeline.Service.Security.RegisterAuthenticationHandler(identifier, handler);

            return(pipeline);
        }
        /// <summary>
        /// This method adds the Jwt authentication handler to the Microservice.
        /// </summary>
        /// <typeparam name="P">The pipeline type.</typeparam>
        /// <param name="pipeline">The pipeline.</param>
        /// <param name="identifier">The encryption type identifier.
        /// This is will be used when assigning the handler to a channel or collector.</param>
        /// <param name="algo">The HMAC algorithm.</param>
        /// <param name="secretSetter">This is the fucntion to return the base64 encoded secret from configuration.</param>
        /// <param name="action">The action on the handler.</param>
        /// <returns>The pipeline.</returns>
        public static P AddJwtTokenAuthenticationHandler <P>(this P pipeline
                                                             , string identifier
                                                             , JwtHashAlgorithm algo
                                                             , Func <IEnvironmentConfiguration, string> secretSetter
                                                             , Action <IAuthenticationHandler> action = null)
            where P : IPipeline
        {
            if (algo == JwtHashAlgorithm.None)
            {
                throw new ArgumentOutOfRangeException("JwtHashAlgorithm.None is not supported.");
            }

            if (secretSetter == null)
            {
                throw new ArgumentNullException($"secretSetter cannot be null or empty for {nameof(AddJwtTokenAuthenticationHandler)}");
            }

            byte[] bySecret = null;
            try
            {
                bySecret = Convert.FromBase64String(secretSetter(pipeline.Configuration));
            }
            catch (Exception ex)
            {
                throw new AuthenticationHandlerInvalidSecretException(ex);
            }

            var handler = new JwtTokenAuthenticationHandler(algo, bySecret);

            action?.Invoke(handler);

            pipeline.Service.Security.RegisterAuthenticationHandler(identifier, handler);

            return(pipeline);
        }
Exemple #14
0
        public static string Encode(object payload, string key, JwtHashAlgorithm algorithm)
        {
            var segments = new List <string>();
            var header   = new { typ = "JWT", alg = algorithm.ToString() };

            JsonSerializerSettings jsonSettings = new JsonSerializerSettings();

            jsonSettings.NullValueHandling    = NullValueHandling.Ignore;
            jsonSettings.DefaultValueHandling = DefaultValueHandling.Ignore;

            byte[] headerBytes  = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Formatting.None));
            byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Formatting.None, jsonSettings));

            segments.Add(Base64UrlEncode(headerBytes));
            segments.Add(Base64UrlEncode(payloadBytes));

            var stringToSign = string.Join(".", segments.ToArray());

            var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);
            var keyBytes    = Encoding.UTF8.GetBytes(key);

            byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
            segments.Add(Base64UrlEncode(signature));

            return(string.Join(".", segments.ToArray()));
        }
Exemple #15
0
        /// <summary>
        /// Generate a JWT with the provided information and sign it with the given secret.
        /// </summary>
        /// <param name="algorithm">The encryption type - default:HS256</param>
        /// <returns>Signed JWT authorizing the grants configured on this object</returns>
        public string ToJWT(JwtHashAlgorithm algorithm=JwtHashAlgorithm.HS256)
        {
            var headers = new Dictionary<string, object>();
            headers.Add("cty", "twilio-fpa;v=1");

            int now = ConvertToUnixTimestamp(DateTime.UtcNow);

            var grantPayload = new Dictionary<string, object>();
            if (this.Identity != null)
            {
                grantPayload.Add("identity", this.Identity);
            }

            foreach (IGrant grant in this.Grants)
            {
                Console.Write(grant.GetGrantKey());
                grantPayload.Add(grant.GetGrantKey(), grant.GetPayload());
            }

            var payload = new Dictionary<string, object>();
            payload.Add("jti", String.Format("{0}-{1}", _signingKeySid, now));
            payload.Add("iss", _signingKeySid);
            payload.Add("sub", _accountSid);
            payload.Add("exp", now + Ttl);
            payload.Add("grants", grantPayload);

            if (this.Nbf != null)
            {
                payload.Add("nbf", this.Nbf);
            }

            return JsonWebToken.Encode(headers, payload, _secret, algorithm);
        }
        /// <inheritdoc />
        public override IJwtAlgorithm Create(JwtHashAlgorithm algorithm)
        {
            switch (algorithm)
            {
            case JwtHashAlgorithm.RS256:
                return(new RS256Algorithm(_certFactory()));

            default:
                throw new NotSupportedException($"For algorithm {Enum.GetName(typeof(JwtHashAlgorithm), algorithm)} please use the appropriate factory by implementing {nameof(IAlgorithmFactory)}");
            }
        }
        /// <summary>
        /// This method signs the token and returns it using JWS Compact Serialization notation.
        /// </summary>
        /// <param name="key">The key.</param>
        /// <returns>Returns a compact serialization key.</returns>
        public string ToString(byte[] key)
        {
            JwtHashAlgorithm algo = Header.SupportedAlgorithm;

            string b64joseHeader   = JwtHelper.SafeBase64UrlEncode(Encoding.UTF8.GetBytes(Header.ToString()));
            string b64jwtClaimsSet = JwtHelper.SafeBase64UrlEncode(Encoding.UTF8.GetBytes(Claims.ToString()));

            string signature = JwtRoot.CalculateAuthSignature(algo, key, b64joseHeader, b64jwtClaimsSet);

            return($"{b64joseHeader}.{b64jwtClaimsSet}.{signature}");
        }
Exemple #18
0
        public JwtCodecService(byte[] key, JwtHashAlgorithm algorithm = JwtHashAlgorithm.HS256, Dictionary <string, object> extraHeaders = null)
        {
            if (key == null)
            {
                throw new ArgumentNullException(nameof(key));
            }

            this.key          = key;
            this.algorithm    = algorithm;
            this.extraHeaders = extraHeaders ?? new Dictionary <string, object>(0);
        }
        /// <summary>
        /// Encodes a token to JWT by using secret key + a given algorithm.
        /// </summary>
        /// <param name="algorithm">Algorithm used for encoding. Default value is HS512.</param>
        /// <returns></returns>
        public string ToTokenString(JwtHashAlgorithm algorithm = JwtHashAlgorithm.HS512)
        {
            ExpirationDate = DateTime.Now.AddMinutes((int)TokenExpiration);
            ExpirationTime = Math.Round((ExpirationDate - StarterDate).TotalSeconds);

            return(JsonWebToken.Encode(new Dictionary <string, object> {
                { "exp", ExpirationTime },
                { "Role", Role },
                { "Information", Information },
                { "TokenExpiration", TokenExpiration }
            }, TokenUtilities.TokenSecretKey, algorithm));
        }
Exemple #20
0
        private static HMAC GetHashFunction(JwtHashAlgorithm algorithm, byte[] key)
        {
            switch (algorithm)
            {
            case JwtHashAlgorithm.HS256: return(new HMACSHA256(key));

            case JwtHashAlgorithm.HS384: return(new HMACSHA384(key));

            case JwtHashAlgorithm.HS512: return(new HMACSHA512(key));

            default: throw new CryptographicException(Properties.Resources.InvalidJwtAlgorithm);
            }
        }
Exemple #21
0
        /// <inheritdoc />
        public override IJwtAlgorithm Create(JwtHashAlgorithm algorithm)
        {
            switch (algorithm)
            {
            case JwtHashAlgorithm.RS256:
                var certificate = _certFactory();
#if NETSTANDARD1_3
                return(new RS256Algorithm((RSACryptoServiceProvider)certificate.GetRSAPublicKey(), certificate.GetRSAPrivateKey()));
#else
                return(new RS256Algorithm((RSACryptoServiceProvider)certificate.PublicKey.Key, (RSA)certificate.PrivateKey));
#endif
            default:
                throw new NotSupportedException($"For algorithm {Enum.GetName(typeof(JwtHashAlgorithm), algorithm)} please use the appropriate factory by implementing {nameof(IAlgorithmFactory)}");
            }
        }
Exemple #22
0
        private static byte[] ComputeHash(JwtHashAlgorithm algorithm, byte[] key, byte[] value)
        {
            var hashAlgorithm = algorithm switch
            {
                JwtHashAlgorithm.HS256 => (HashAlgorithm) new HMACSHA256(key),
                JwtHashAlgorithm.HS384 => new HMACSHA384(key),
                JwtHashAlgorithm.HS512 => new HMACSHA512(key),
                _ => throw new Exception($"Unsupported hash algorithm: '{algorithm}'."),
            };

            using (hashAlgorithm)
            {
                return(hashAlgorithm.ComputeHash(value));
            }
        }
Exemple #23
0
        /// <summary>
        /// Creates an AlgorithmFactory using the provided
        /// algorithm name.
        /// </summary>
        /// <param name="algorithm">The name of the algorithm.</param>
        public IJwtAlgorithm Create(JwtHashAlgorithm algorithm)
        {
            switch (algorithm)
            {
            case JwtHashAlgorithm.HS256:
                return(new HMACSHA256Algorithm());

            case JwtHashAlgorithm.HS384:
                return(new HMACSHA384Algorithm());

            case JwtHashAlgorithm.HS512:
                return(new HMACSHA512Algorithm());

            default:
                throw new InvalidOperationException($"Algorithm {algorithm} is not supported.");
            }
        }
        /// <summary>
        /// This method returns the relevant hash algorithm based on the enum type.
        /// </summary>
        /// <param name="type">The supported algorithm enum.</param>
        /// <param name="key">The hash key,</param>
        /// <returns>Returns the relevant algorithm.</returns>
        public static HMAC GetAlgorithm(JwtHashAlgorithm type, byte[] key)
        {
            switch (type)
            {
            case JwtHashAlgorithm.HS256:
                return(new HMACSHA256(key));

            case JwtHashAlgorithm.HS384:
                return(new HMACSHA384(key));

            case JwtHashAlgorithm.HS512:
                return(new HMACSHA512(key));

            default:
                throw new JwtAlgorithmNotSupportedException(type.ToString());
            }
        }
        /// <summary>
        /// This method creates the necessary signature based on the header and claims passed.
        /// </summary>
        /// <param name="algo">The hash algorithm.</param>
        /// <param name="key">The hash key.</param>
        /// <param name="joseHeader">The base64 encoded header.</param>
        /// <param name="jwtClaimsSet">The base64 encoded claims set.</param>
        /// <returns>Returns the Base64 encoded header.</returns>
        public static string CalculateAuthSignature(JwtHashAlgorithm algo, byte[] key, string joseHeader, string jwtClaimsSet)
        {
            //Thanks to https://jwt.io/
            string sig = $"{joseHeader}.{jwtClaimsSet}";

            byte[] bySig = Encoding.UTF8.GetBytes(sig);

            string signature;

            using (var hashstring = GetAlgorithm(algo, key))
            {
                byte[] sha256Hash = hashstring.ComputeHash(bySig);

                signature = JwtHelper.SafeBase64UrlEncode(sha256Hash);
            }

            return(signature);
        }
        /// <summary>
        /// This method adds basic Jwt authentication to the web app
        /// </summary>
        /// <typeparam name="P">The web pipe type</typeparam>
        /// <param name="webpipe">The pipe.</param>
        /// <param name="algo">The supported HMAC algorithm</param>
        /// <param name="base64Secret">The base64secret</param>
        /// <param name="audience">The audience value to check.</param>
        /// <param name="action">The action to be called on the filter creation.</param>
        /// <param name="removeUnderlyingPrincipal">If this method is set to true, then the principal set from the underlying principal is cleared.</param>
        /// <returns>Returns the web pipe.</returns>
        public static P ApiAddJwtTokenAuthentication <P>(this P webpipe
                                                         , JwtHashAlgorithm algo
                                                         , string base64Secret
                                                         , string audience = "api"
                                                         , Action <IAuthenticationFilter> action = null
                                                         , bool removeUnderlyingPrincipal        = true
                                                         )
            where P : IPipelineWebApi
        {
            var policy = new JwtTokenVerificationPolicy
            {
                Algorithm  = algo
                , Audience = audience
                , Secret   = Convert.FromBase64String(base64Secret)
            };

            return(webpipe.ApiAddJwtTokenAuthentication(policy, action, removeUnderlyingPrincipal));
        }
        /// <summary>
        /// Creates a JWT given a payload, the signing key, and the algorithm to use.
        /// </summary>
        /// <param name="payload">An arbitrary payload (must be serializable to JSON via <see cref="System.Web.Script.Serialization.JavaScriptSerializer"/>).</param>
        /// <param name="key">The key bytes used to sign the token.</param>
        /// <param name="algorithm">The hash algorithm to use.</param>
        /// <returns>The generated JWT.</returns>
        public static string Encode(object payload, byte[] key, JwtHashAlgorithm algorithm)
        {
            var segments = new List<string>();
            var header = new { typ = "JWT", alg = algorithm.ToString() };

            byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header));
            byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload));

            segments.Add(Base64UrlEncode(headerBytes));
            segments.Add(Base64UrlEncode(payloadBytes));

            var stringToSign = string.Join(".", segments.ToArray());

            var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

            byte[] signature = HashAlgorithms[algorithm](key, bytesToSign);
            segments.Add(Base64UrlEncode(signature));

            return string.Join(".", segments.ToArray());
        }
        private bool JwtValidateIncoming(JwtRoot incoming, JwtHashAlgorithm algo, byte[] key)
        {
            if (incoming == null)
            {
                throw new ArgumentOutOfRangeException("Incoming token not set.");
            }

            if (key == null)
            {
                throw new ArgumentNullException("key", $"{nameof(JwtValidateIncoming)} - key cannot be null");
            }

            string b64joseHeader   = JwtHelper.SafeBase64UrlEncode(incoming.Raw[0]);
            string b64jwtClaimsSet = JwtHelper.SafeBase64UrlEncode(incoming.Raw[1]);

            var signed   = JwtRoot.CalculateAuthSignature(algo, key, b64joseHeader, b64jwtClaimsSet);
            var original = JwtHelper.SafeBase64UrlEncode(incoming.Raw[2]);

            return(original == signed);
        }
        /// <inheritdoc />
        public virtual IJwtAlgorithm Create(JwtHashAlgorithm algorithm)
        {
            switch (algorithm)
            {
            case JwtHashAlgorithm.HS256:
                return(new HMACSHA256Algorithm());

            case JwtHashAlgorithm.HS384:
                return(new HMACSHA384Algorithm());

            case JwtHashAlgorithm.HS512:
                return(new HMACSHA512Algorithm());

            case JwtHashAlgorithm.RS256:
                throw new NotSupportedException($"For algorithm {nameof(JwtHashAlgorithm.RS256)} please create custom factory by implementing {nameof(IAlgorithmFactory)}");

            default:
                throw new NotSupportedException($"Algorithm {algorithm} is not supported.");
            }
        }
Exemple #30
0
        /// <summary>
        /// Creates a JWT given a payload, the signing key, and the algorithm to use.
        /// </summary>
        /// <param name="payload">An arbitrary payload (must be serializable to JSON via <see cref="System.Web.Script.Serialization.JavaScriptSerializer"/>).</param>
        /// <param name="key">The key used to sign the token.</param>
        /// <param name="algorithm">The hash algorithm to use.</param>
        /// <returns>The generated JWT.</returns>
        public static string Encode(object payload, byte[] key, JwtHashAlgorithm algorithm)
        {
            var segments = new List <string>();
            var header   = new { typ = "JWT", alg = algorithm.ToString() };

            byte[] headerBytes  = Encoding.UTF8.GetBytes(jsonSerializer.Serialize(header));
            byte[] payloadBytes = Encoding.UTF8.GetBytes(jsonSerializer.Serialize(payload));

            segments.Add(Base64UrlEncode(headerBytes));
            segments.Add(Base64UrlEncode(payloadBytes));

            var stringToSign = string.Join(".", segments.ToArray());

            var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

            byte[] signature = HashAlgorithms[algorithm](key, bytesToSign);
            segments.Add(Base64UrlEncode(signature));

            return(string.Join(".", segments.ToArray()));
        }
        public static string Encode(object payload, byte[] key, JwtHashAlgorithm algorithm)
        {
            List <string> list = new List <string>();
            var           obj  = new
            {
                typ = "JWT",
                alg = algorithm.ToString()
            };

            byte[] bytes  = Encoding.UTF8.GetBytes(JsonWebToken.jsonSerializer.Serialize(obj));
            byte[] bytes2 = Encoding.UTF8.GetBytes(JsonWebToken.jsonSerializer.Serialize(payload));
            list.Add(JsonWebToken.Base64UrlEncode(bytes));
            list.Add(Base64UrlEncode(bytes2));
            string s = string.Join(".", list.ToArray());

            byte[] bytes3 = Encoding.UTF8.GetBytes(s);
            byte[] input  = HashAlgorithms[algorithm](key, bytes3);
            list.Add(JsonWebToken.Base64UrlEncode(input));
            return(string.Join(".", list.ToArray()));
        }
Exemple #32
0
        /// <summary>
        /// Encode Data and sign with Certificate
        /// </summary>
        /// <param name="payload"></param>
        /// <param name="keyBytes"></param>
        /// <param name="algorithm"></param>
        /// <returns></returns>
        public static string EncodeUsingCertificate(object payload, RSA keyBytes, JwtHashAlgorithm algorithm)
        {
            var segments = new List <string>();
            var header   = new { alg = algorithm.ToString(), typ = "JWT" };

            byte[] headerBytes  = Encoding.UTF8.GetBytes(new JavaScriptSerializer().Serialize(header));
            byte[] payloadBytes = Encoding.UTF8.GetBytes(new JavaScriptSerializer().Serialize(payload));

            segments.Add(Base64UrlEncode(headerBytes));
            segments.Add(Base64UrlEncode(payloadBytes));

            var stringToSign = string.Join(".", segments.ToArray());

            var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

            byte[] signature = HashAlgorithmsSigning[algorithm](keyBytes, bytesToSign);
            segments.Add(Base64UrlEncode(signature));

            return(string.Join(".", segments.ToArray()));
        }
        public static string Encode(object payload, byte[] keyBytes, JwtHashAlgorithm algorithm)
        {
            var segments = new List<string>();
              var header = new { alg = algorithm.ToString(), typ = "JWT" };

              byte[] headerBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header, Newtonsoft.Json.Formatting.None));
              byte[] payloadBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload, Newtonsoft.Json.Formatting.None));
              //byte[] payloadBytes = Encoding.UTF8.GetBytes(@"{"iss":"*****@*****.**","scope":"https://www.googleapis.com/auth/prediction","aud":"https://accounts.google.com/o/oauth2/token","exp":1328554385,"iat":1328550785}");

              segments.Add(Base64UrlEncode(headerBytes));
              segments.Add(Base64UrlEncode(payloadBytes));

              var stringToSign = string.Join(".", segments.ToArray());

              var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

              byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
              segments.Add(Base64UrlEncode(signature));

              return string.Join(".", segments.ToArray());
        }
 /// <summary>
 /// Creates a JWT given a payload, the signing key, and the algorithm to use.
 /// </summary>
 /// <param name="payload">An arbitrary payload (must be serializable to JSON via <see cref="System.Web.Script.Serialization.JavaScriptSerializer"/>).</param>
 /// <param name="key">The key used to sign the token.</param>
 /// <param name="algorithm">The hash algorithm to use.</param>
 /// <returns>The generated JWT.</returns>
 public static string Encode(object payload, string key, JwtHashAlgorithm algorithm)
 {
     return Encode(payload, Encoding.UTF8.GetBytes(key), algorithm);
 }
Exemple #35
0
 public JwtSerializer(JwtHashAlgorithm algorithm, int iterations, string salt)
 {
     Algorithm = algorithm;
     Iterations = iterations;
     Salt = salt;
 }
 public string Encode(object payload, string key, JwtHashAlgorithm algorithm)
 {
     return JsonWebToken.Encode(payload, key, algorithm);
 }