protected override IEnumerable <Claim> GetClaims(BankIdGetSessionResponse loginResult)
        {
            var personalIdentityNumber = SwedishPersonalIdentityNumber.Parse(loginResult.UserAttributes.PersonalIdentityNumber);
            var claims = new List <Claim>
            {
                new Claim(GrandIdClaimTypes.Subject, personalIdentityNumber.To12DigitString()),

                new Claim(GrandIdClaimTypes.Name, loginResult.UserAttributes.Name),
                new Claim(GrandIdClaimTypes.FamilyName, loginResult.UserAttributes.Surname),
                new Claim(GrandIdClaimTypes.GivenName, loginResult.UserAttributes.GivenName),

                new Claim(GrandIdClaimTypes.SwedishPersonalIdentityNumber, personalIdentityNumber.To10DigitString())
            };

            if (Options.IssueGenderClaim)
            {
                var jwtGender = JwtSerializer.GetGender(personalIdentityNumber.GetGenderHint());
                if (!string.IsNullOrEmpty(jwtGender))
                {
                    claims.Add(new Claim(GrandIdClaimTypes.Gender, jwtGender));
                }
            }

            if (Options.IssueBirthdateClaim)
            {
                var jwtBirthdate = JwtSerializer.GetBirthdate(personalIdentityNumber.GetDateOfBirthHint());
                claims.Add(new Claim(GrandIdClaimTypes.Birthdate, jwtBirthdate));
            }

            return(claims);
        }
        private void AddOptionalClaims(List <Claim> claims, SwedishPersonalIdentityNumber personalIdentityNumber, DateTimeOffset?expiresUtc)
        {
            if (expiresUtc.HasValue)
            {
                claims.Add(new Claim(BankIdClaimTypes.Expires, JwtSerializer.GetExpires(expiresUtc.Value)));
            }

            if (Options.IssueAuthenticationMethodClaim)
            {
                claims.Add(new Claim(BankIdClaimTypes.AuthenticationMethod, Options.AuthenticationMethodName));
            }

            if (Options.IssueIdentityProviderClaim)
            {
                claims.Add(new Claim(BankIdClaimTypes.IdentityProvider, Options.IdentityProviderName));
            }

            if (Options.IssueGenderClaim)
            {
                var jwtGender = JwtSerializer.GetGender(personalIdentityNumber.GetGenderHint());
                if (!string.IsNullOrEmpty(jwtGender))
                {
                    claims.Add(new Claim(BankIdClaimTypes.Gender, jwtGender));
                }
            }

            if (Options.IssueBirthdateClaim)
            {
                var jwtBirthdate = JwtSerializer.GetBirthdate(personalIdentityNumber.GetDateOfBirthHint());
                claims.Add(new Claim(BankIdClaimTypes.Birthdate, jwtBirthdate));
            }
        }
        public void HMACSHA512_2Iterations()
        {
            var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 2, SALT);
            var payload    = new Dictionary <string, string>()
            {
                { "test", "test" }
            };

            var jwt = serializer.Serialize(payload);

            payload = serializer.Deserialize(jwt);

            Assert.True(payload.ContainsKey("test"));
            Assert.Equal("test", payload["test"]);
        }
        public void DifferentAlgorithmsProduceDifferentTokens()
        {
            var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 1, SALT);
            var payload    = new Dictionary <string, string>()
            {
                { "test", "test" }
            };

            var jwt512 = serializer.Serialize(payload);

            serializer.Algorithm = JwtHashAlgorithm.HMACSHA256;

            var jwt256 = serializer.Serialize(payload);

            Assert.NotEqual(jwt512, jwt256);
        }
        public void TamperingCausesTamperingException()
        {
            var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 2, SALT);
            var payload    = new Dictionary <string, string>()
            {
                { "test", "test" }
            };

            var jwt = serializer.Serialize(payload);

            jwt = jwt + "test";

            var e = Assert.Throws <TamperingException>(() => serializer.Deserialize(jwt));

            Assert.Equal("JWT shows signs of tampering.", e.Message);
        }
        public void DifferentPayloadsProduceDifferentTokens()
        {
            var serializer = new JwtSerializer(JwtHashAlgorithm.HMACSHA512, 1, SALT);
            var payload    = new Dictionary <string, string>()
            {
                { "test", "test" }
            };

            var jwt1 = serializer.Serialize(payload);

            payload.Add("test2", "test2");

            var jwt2 = serializer.Serialize(payload);

            Assert.NotEqual(jwt1, jwt2);
        }
Exemple #7
0
        private IEnumerable <Claim> GetBaseClaims(DateTimeOffset?expiresUtc)
        {
            var claims = new List <Claim>();

            if (expiresUtc.HasValue)
            {
                claims.Add(new Claim(GrandIdClaimTypes.Expires, JwtSerializer.GetExpires(expiresUtc.Value)));
            }

            if (Options.IssueAuthenticationMethodClaim)
            {
                claims.Add(new Claim(GrandIdClaimTypes.AuthenticationMethod, Options.AuthenticationMethodName));
            }

            if (Options.IssueIdentityProviderClaim)
            {
                claims.Add(new Claim(GrandIdClaimTypes.IdentityProvider, Options.IdentityProviderName));
            }

            return(claims);
        }