public void Encode_Decode(string enc, byte[] alg) { var writer = new JwtWriter(); var descriptor = new JweDescriptor(_bobKey, (KeyManagementAlgorithm)alg, (EncryptionAlgorithm)enc) { Payload = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256) { Payload = new JwtPayload { { "sub", "Alice" } } } }; var token = writer.WriteToken(descriptor); var policy = new TokenValidationPolicyBuilder() .RequireSignatureByDefault(_signingKey) .WithDecryptionKey(_bobKey) .Build(); var result = Jwt.TryParse(token, policy, out var jwt); Assert.True(result); Assert.True(jwt.Payload.TryGetClaim("sub", out var sub)); Assert.Equal("Alice", sub.GetString()); jwt.Dispose(); }
public string Transform(IConsole console, string data) { if (_password != null) { var alg = KeyManagementAlgorithm.Pbes2HS256A128KW; var enc = EncryptionAlgorithm.A128CbcHS256; console.Verbose( $@"Encrypting the JWK... Algorithm: {alg} Encryption algorithm: {enc} Password derivation iteration count: {_iterationCount} Password derivation salt size: {_saltSize} bits"); var encryptionKey = PasswordBasedJwk.FromPassphrase(_password, iterationCount: _iterationCount, saltSizeInBytes: _saltSize); var writer = new JwtWriter(); var descriptor = new PlaintextJweDescriptor(encryptionKey, alg, enc) { Payload = data }; console.Verbose("JWK encrypted."); return(writer.WriteTokenString(descriptor)); } return(data); }
public void Encode_Decode(EncryptionAlgorithm enc, KeyManagementAlgorithm alg) { var writer = new JwtWriter(); var encryptionKey = SelectKey(enc.Name, alg.Name); var descriptor = new JweDescriptor { EncryptionKey = encryptionKey, EncryptionAlgorithm = enc, Algorithm = alg, Payload = new JwsDescriptor { SigningKey = _signingKey, Algorithm = SignatureAlgorithm.HmacSha256, Subject = "Alice" } }; var token = writer.WriteToken(descriptor); var reader = new JwtReader(encryptionKey); var policy = new TokenValidationPolicyBuilder() .RequireSignature(_signingKey) .Build(); var result = reader.TryReadToken(token, policy); Assert.Equal(TokenValidationStatus.Success, result.Status); Assert.Equal("Alice", result.Token.Subject); }
public void Create() { var descriptor = new IdTokenDescriptor(); descriptor.Algorithm = SignatureAlgorithm.None; descriptor.Issuer = "http://server.example.com"; descriptor.Subject = "248289761001"; descriptor.Audience = "s6BhdRkqt3"; descriptor.Nonce = "n-0S6_WzA2Mj"; descriptor.ExpirationTime = EpochTime.ToDateTime(1311281970); descriptor.IssuedAt = EpochTime.ToDateTime(1311280970); descriptor.AddClaim(Encoding.UTF8.GetBytes("name"), "Jane Doe"); descriptor.GivenName = "Jane"; descriptor.FamilyName = "Doe"; descriptor.Gender = "female"; descriptor.Birthdate = "0000-10-31"; descriptor.Email = "*****@*****.**"; descriptor.Picture = "http://example.com/janedoe/me.jpg"; var writer = new JwtWriter(); var jwt = writer.WriteTokenString(descriptor); Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwiZXhwIjoxMzExMjgxOTcwLCJpYXQiOjEzMTEyODA5NzAsIm5hbWUiOiJKYW5lIERvZSIsImdpdmVuX25hbWUiOiJKYW5lIiwiZmFtaWx5X25hbWUiOiJEb2UiLCJnZW5kZXIiOiJmZW1hbGUiLCJiaXJ0aGRhdGUiOiIwMDAwLTEwLTMxIiwiZW1haWwiOiJqYW5lZG9lQGV4YW1wbGUuY29tIiwicGljdHVyZSI6Imh0dHA6Ly9leGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyJ9.", jwt); //Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOlx1MDAyZlx1MDAyZnNlcnZlci5leGFtcGxlLmNvbSIsInN1YiI6IjI0ODI4OTc2MTAwMSIsImF1ZCI6InM2QmhkUmtxdDMiLCJub25jZSI6Im4tMFM2X1d6QTJNaiIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwLCJuYW1lIjoiSmFuZSBEb2UiLCJnaXZlbl9uYW1lIjoiSmFuZSIsImZhbWlseV9uYW1lIjoiRG9lIiwiZ2VuZGVyIjoiZmVtYWxlIiwiYmlydGhkYXRlIjoiMDAwMC0xMC0zMSIsImVtYWlsIjoiamFuZWRvZUBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJodHRwOlx1MDAyZlx1MDAyZmV4YW1wbGUuY29tXHUwMDJmamFuZWRvZVx1MDAyZm1lLmpwZyJ9.", jwt); }
public void Create() { var descriptor = new IdTokenDescriptor(SignatureAlgorithm.None, Jwk.None) { Payload = new JwtPayload { { "iss", "http://server.example.com" }, { "sub", "248289761001" }, { "aud", "s6BhdRkqt3" }, { "nonce", "n-0S6_WzA2Mj" }, { "exp", 1311281970 }, { "iat", 1311280970 }, { "name", "Jane Doe" }, { "given_name", "Jane" }, { "family_name", "Doe" }, { "gender", "female" }, { "birthdate", "0000-10-31" }, { "email", "*****@*****.**" }, { "picture", "http://example.com/janedoe/me.jpg" } } }; var writer = new JwtWriter(); var jwt = writer.WriteTokenString(descriptor); Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwiZXhwIjoxMzExMjgxOTcwLCJpYXQiOjEzMTEyODA5NzAsIm5hbWUiOiJKYW5lIERvZSIsImdpdmVuX25hbWUiOiJKYW5lIiwiZmFtaWx5X25hbWUiOiJEb2UiLCJnZW5kZXIiOiJmZW1hbGUiLCJiaXJ0aGRhdGUiOiIwMDAwLTEwLTMxIiwiZW1haWwiOiJqYW5lZG9lQGV4YW1wbGUuY29tIiwicGljdHVyZSI6Imh0dHA6Ly9leGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyJ9.", jwt); //Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOlx1MDAyZlx1MDAyZnNlcnZlci5leGFtcGxlLmNvbSIsInN1YiI6IjI0ODI4OTc2MTAwMSIsImF1ZCI6InM2QmhkUmtxdDMiLCJub25jZSI6Im4tMFM2X1d6QTJNaiIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwLCJuYW1lIjoiSmFuZSBEb2UiLCJnaXZlbl9uYW1lIjoiSmFuZSIsImZhbWlseV9uYW1lIjoiRG9lIiwiZ2VuZGVyIjoiZmVtYWxlIiwiYmlydGhkYXRlIjoiMDAwMC0xMC0zMSIsImVtYWlsIjoiamFuZWRvZUBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJodHRwOlx1MDAyZlx1MDAyZmV4YW1wbGUuY29tXHUwMDJmamFuZWRvZVx1MDAyZm1lLmpwZyJ9.", jwt); }
private static JwsWrapper CreateDescriptor(SignatureAlgorithm algorithm) { var jwk = algorithm.Category switch { Cryptography.AlgorithmCategory.None => Jwk.None, Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm), Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm), Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm), _ => throw new InvalidOperationException() }; var descriptor = new JwsDescriptor(jwk, algorithm) { Payload = new JwtPayload { { JwtClaimNames.Iat, EpochTime.UtcNow }, { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" } } }; var policy = new TokenValidationPolicyBuilder() .RequireSignature("https://idp.example.com/", jwk, algorithm) .Build(); var writer = new JwtWriter(); return(new JwsWrapper(writer.WriteToken(descriptor), algorithm, policy)); } }
public void Encode_Decode(string alg) { var(signingKey, validationKey) = SelectKeys(alg); var writer = new JwtWriter(); var descriptor = new JwsDescriptor(signingKey, (SignatureAlgorithm)alg) { Payload = new JwtPayload { { "sub", "Alice" } } }; var token = writer.WriteTokenString(descriptor); var policy = new TokenValidationPolicyBuilder() .RequireSignatureByDefault(validationKey, (SignatureAlgorithm)alg) .Build(); var result = Jwt.TryParse(token, policy, out var jwt); Assert.True(result); Assert.True(jwt.Payload.TryGetClaim("sub", out var sub)); Assert.Equal("Alice", sub.GetString()); jwt.Dispose(); }
public void Write() { var descriptor = new SecurityEventTokenDescriptor { Type = "secevent+jwt", Algorithm = SignatureAlgorithm.None, Issuer = "https://scim.example.com", IssuedAt = EpochTime.ToDateTime(1458496404), JwtId = "4d3559ec67504aaba65d40b0363faad8", Audiences = new List <string> { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } }; var @event = new ScimCreateEvent { Ref = "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9", Attributes = { "id", "name", "userName", "password", "emails" } }; descriptor.AddEvent("urn:ietf:params:scim:event:create", @event); var writer = new JwtWriter(); var jwt = writer.WriteTokenString(descriptor); #if !NETSTANDARD2_0 Assert.Equal("eyJ0eXAiOiJzZWNldmVudCtqd3QiLCJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJpYXQiOjE0NTg0OTY0MDQsImp0aSI6IjRkMzU1OWVjNjc1MDRhYWJhNjVkNDBiMDM2M2ZhYWQ4IiwiYXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0ZlZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybjppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1MjFkOSIsImF0dHJpYnV0ZSI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxzIl19fX0.", jwt); #else Assert.Equal("eyJ0eXAiOiJzZWNldmVudFx1MDAyQmp3dCIsImFsZyI6Im5vbmUifQ.eyJpc3MiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJpYXQiOjE0NTg0OTY0MDQsImp0aSI6IjRkMzU1OWVjNjc1MDRhYWJhNjVkNDBiMDM2M2ZhYWQ4IiwiYXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0ZlZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybjppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1MjFkOSIsImF0dHJpYnV0ZSI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxzIl19fX0.", jwt); #endif }
protected string EncryptKey(IConsole console, JsonWebToken.Jwk key) { if (_password is null) { return(key.ToString()); } var alg = KeyManagementAlgorithm.Pbes2HS256A128KW; var enc = EncryptionAlgorithm.A128CbcHS256; console.Verbose( $@"Encrypting the JWK... Algorithm: {alg} Encryption algorithm: {enc} Password derivation iteration count: {_iterationCount} Password derivation salt size: {_saltSize} bits"); var encryptionKey = PasswordBasedJwk.FromPassphrase(_password, iterationCount: _iterationCount, saltSizeInBytes: _saltSize); var writer = new JwtWriter(); var descriptor = new JwkJweDescriptor(encryptionKey, alg, enc) { Payload = key }; var result = writer.WriteTokenString(descriptor); console.Verbose("JWK encrypted."); return(result); }
public void Write_Valid(string token) { var descriptor = _tokens.Descriptors[token]; JwtWriter writer = new JwtWriter(); var value = writer.WriteToken(descriptor); var policy = new TokenValidationPolicyBuilder() .WithDecryptionKeys(_keys.Jwks) .IgnoreSignatureByDefault() .Build(); var result = Jwt.TryParse(value, policy, out var jwt); Assert.True(result); if (!(descriptor is JwsDescriptor jwsPayload)) { if (!(descriptor is JweDescriptor jwePayload)) { throw new Xunit.Sdk.IsNotTypeException(typeof(JwtDescriptor), descriptor); } jwsPayload = jwePayload.Payload; } Assert.NotNull(jwsPayload); if (jwsPayload.Payload.Count > 0) { Assert.True(jwt.Payload.TryGetClaim("iat", out var iat)); Assert.True(jwt.Payload.TryGetClaim("exp", out var exp)); Assert.True(jwt.Payload.TryGetClaim("iss", out var iss)); Assert.True(jwt.Payload.TryGetClaim("aud", out var aud)); Assert.True(jwt.Payload.TryGetClaim("jti", out var jti)); } }
public void Compatible(EncryptionAlgorithm enc, KeyManagementAlgorithm alg) { var writer = new JwtWriter(); foreach (var encryptionKey in SelectEncryptionKey(enc.Name.ToString(), alg.Name.ToString())) { var descriptor = new JweDescriptor(encryptionKey, alg, enc) { Payload = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256) { Payload = new JwtPayload { { "sub", "Alice" } } } }; var token = writer.WriteToken(descriptor); var policy = new TokenValidationPolicyBuilder() .RequireSignatureByDefault(_signingKey) .WithDecryptionKeys(_keys.Jwks) .Build(); var result = Jwt.TryParse(token, policy, out var jwt); Assert.True(result); Assert.True(jwt.Payload.TryGetClaim("sub", out var sub)); Assert.Equal("Alice", sub.GetString()); jwt.Dispose(); } }
/// <summary> /// /// </summary> /// <param name="eventEndpoint"></param> public AuditTrailClient(string eventEndpoint, string scope, TokenClientOptions tokenClientOptions) { if (eventEndpoint is null) { throw new ArgumentNullException(nameof(eventEndpoint)); } if (scope is null) { throw new ArgumentNullException(nameof(scope)); } if (tokenClientOptions is null) { throw new ArgumentNullException(nameof(tokenClientOptions)); } _httpClient = new HttpClient(); _sink = new NullSink(); _logger = new ConsoleLogger <AuditTrailClient>(); _writer = new JwtWriter(); _store = new NullStore(); _options = new AuditTrailClientOptions { DeliveryEndpoint = eventEndpoint, AccessTokenScope = scope, TokenClientOptions = tokenClientOptions }; _accessTokenAcquirer = new DefaultAccessTokenAcquirer( new ConsoleLogger <DefaultAccessTokenAcquirer>(), new TokenClient(new HttpClient(), tokenClientOptions), Options.Create(_options)); }
public void Write_Success() { var descriptor = new SecEventDescriptor(Jwk.None, SignatureAlgorithm.None) { Payload = new JwtPayload { { "iss", "https://scim.example.com" }, { "iat", 1458496404 }, { "jti", "4d3559ec67504aaba65d40b0363faad8" }, { "aud", new [] { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } }, { "events", new JsonObject { { "urn:ietf:params:scim:event:create", new ScimCreateEvent { Ref = "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9", Attributes = { "id", "name", "userName", "password", "emails" } } } } } } }; var writer = new JwtWriter(); var jwt = writer.WriteTokenString(descriptor); AssertJwt.Equal("eyJhbGciOiJub25lIiwidHlwIjoic2VjZXZlbnQrand0In0.eyJpc3MiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJpYXQiOjE0NTg0OTY0MDQsImp0aSI6IjRkMzU1OWVjNjc1MDRhYWJhNjVkNDBiMDM2M2ZhYWQ4IiwiYXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0ZlZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybjppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1MjFkOSIsImF0dHJpYnV0ZXMiOlsiaWQiLCJuYW1lIiwidXNlck5hbWUiLCJwYXNzd29yZCIsImVtYWlscyJdfX19.", jwt); }
static void Main() { // Creates a symmetric key defined for the 'HS256' algorithm var signatureKey = new SymmetricJwk("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU"); // Creates a symmetric key for encryption var encryptionKey = new SymmetricJwk("R9MyWaEoyiMYViVWo8Fk4T"); // Creates a JWE descriptor with all its properties var descriptor = new JweDescriptor <JwsDescriptor>() { EncryptionKey = encryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, Algorithm = KeyManagementAlgorithm.Aes128KW, Payload = new JwsDescriptor { SigningKey = signatureKey, Algorithm = SignatureAlgorithm.HmacSha256, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = "https://idp.example.com/", Audience = "636C69656E745F6964" } }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
static void Main() { // Creates a symmetric key defined for the 'HS256' algorithm var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU"); // Creates a JWS descriptor with all its properties var descriptor = new JwsDescriptor() { SigningKey = key, Algorithm = SignatureAlgorithm.HmacSha256, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = "https://idp.example.com/", Audience = "636C69656E745F6964" }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
public void Write_Valid(string token) { var descriptor = _tokens.Descriptors[token]; JwtWriter writer = new JwtWriter(); var value = writer.WriteToken(descriptor); var reader = new JwtReader(_keys.Jwks); var result = reader.TryReadToken(value, TokenValidationPolicy.NoValidation); Assert.Equal(TokenValidationStatus.Success, result.Status); var jwt = result.Token; if (!(descriptor is JwsDescriptor jwsPayload)) { if (!(descriptor is JweDescriptor jwePayload)) { throw new Xunit.Sdk.IsNotTypeException(typeof(JwtDescriptor), descriptor); } jwsPayload = jwePayload.Payload; } Assert.NotNull(jwsPayload); Assert.Equal(jwsPayload.IssuedAt, jwt.IssuedAt); Assert.Equal(jwsPayload.ExpirationTime, jwt.ExpirationTime); Assert.Equal(jwsPayload.Issuer, jwt.Issuer); Assert.Equal(jwsPayload.Audiences?.FirstOrDefault(), jwt.Audiences?.FirstOrDefault()); Assert.Equal(jwsPayload.JwtId, jwt.Id); }
private static void Main() { Console.WriteLine("Starting..."); //var span = _jws.Span; var writer = new JwtWriter(); while (true) { //ParseSimpleJson(); //ParseComplexJson(); //Encode6(writer); Core(); Managed(); } }
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwtDescriptor descriptor, string?claim = null) { switch (status) { case TokenValidationStatus.SignatureKeyNotFound: descriptor.Header.Add(JwtHeaderParameterNames.Kid, "x"); break; case TokenValidationStatus.MissingEncryptionAlgorithm: descriptor.Header.Add(JwtHeaderParameterNames.Enc, (object)null !); break; } var token = descriptor; var writer = new JwtWriter(); writer.IgnoreTokenValidation = true; var jwt = writer.WriteTokenString(token); switch (status) { case TokenValidationStatus.MalformedToken: jwt = "/" + jwt.Substring(0, jwt.Length - 1); break; case TokenValidationStatus.InvalidSignature: var parts = jwt.Split('.'); parts[2] = new string(parts[2].Reverse().ToArray()); jwt = parts[0] + "." + parts[1] + "." + parts[2]; break; case TokenValidationStatus.MalformedSignature: jwt = jwt.Substring(0, jwt.Length - 2); break; case TokenValidationStatus.MissingSignature: parts = jwt.Split('.'); jwt = parts[0] + "." + parts[1] + "."; break; default: break; } return(new TokenState(jwt, status)); }
private static byte[] Encode6(JwtWriter writer) { JweDescriptor descriptor = new JweDescriptor(encryptionKey1, KeyManagementAlgorithm.Dir, EncryptionAlgorithm.A256Gcm) { Payload = new JwsDescriptor(signingKey3, SignatureAlgorithm.RS256) { Payload = new JwtPayload { { JwtClaimNames.Iat, 1500000000L }, { JwtClaimNames.Exp, 2000000000L }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" }, { JwtClaimNames.Sub, "*****@*****.**" }, { JwtClaimNames.Jti, "12345667890" } } } }; return(writer.WriteToken(descriptor)); }
public void Write_Success() { const string expectedToken = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwfQ."; var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None) { Payload = new JwtPayload { { "iss", "http://server.example.com" }, { "sub", "248289761001" }, { "aud", "s6BhdRkqt3" }, { "exp", 1311281970 }, { "iat", 1311280970 } } }; var writer = new JwtWriter(); var jwt = writer.WriteTokenString(descriptor); Assert.Equal(expectedToken, jwt); }
public void Encode_Decode_NotSupported() { var writer = new JwtWriter(); var descriptor = new JweDescriptor(Jwk.None, KeyManagementAlgorithm.Dir, new EncryptionAlgorithm(AlgorithmId.Undefined, "unsupported", 0, SignatureAlgorithm.None, 0, EncryptionType.NotSupported)) { Payload = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256) { Payload = new JwtPayload { { "sub", "Alice" } } } }; Assert.Throws <NotSupportedException>(() => { var token = writer.WriteToken(descriptor); }); }
public void Encode_Decode_NotSupported() { var writer = new JwtWriter(); var descriptor = new JweDescriptor { EncryptionAlgorithm = new EncryptionAlgorithm(-99, "unsupported", 0, SignatureAlgorithm.None, 0, EncryptionType.Undefined), Algorithm = KeyManagementAlgorithm.Direct, Payload = new JwsDescriptor { SigningKey = _signingKey, Algorithm = SignatureAlgorithm.HmacSha256, Subject = "Alice" } }; Assert.Throws <NotSupportedException>(() => { var token = writer.WriteToken(descriptor); }); }
public string GenerateToken(User user) { var descriptor = new JwsDescriptor { SigningKey = _key, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = _configuration["ISSUER"], Audience = _configuration["AUDIENCE"], Subject = user.Id, Algorithm = SignatureAlgorithm.RsaSha256 }; descriptor.AddClaim("https://hasura.io/jwt/claims", JsonSerializer.Serialize(new HasuraClaim { UserId = user.Id, DefaultRole = "user", Roles = new[] { "user" } })); var writer = new JwtWriter(); return(writer.WriteTokenString(descriptor)); }
public AuditTrailClient(HttpClient httpClient, IOptions <AuditTrailClientOptions> options, IAuditTrailSink sink, IAuditTrailStore store, ILogger <AuditTrailClient> logger, IAccessTokenAcquirer tokenAcquirer, IHostEnvironment?env = null) { if (options is null) { throw new ArgumentNullException(nameof(options)); } _httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient)); _sink = sink ?? throw new ArgumentNullException(nameof(sink)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _accessTokenAcquirer = tokenAcquirer ?? throw new ArgumentNullException(nameof(tokenAcquirer)); _store = store ?? throw new ArgumentNullException(nameof(store)); _env = env; _options = options.Value; if (_options.DeliveryEndpoint is null) { throw new ArgumentException("The delivery endpoint is not defined.", nameof(options)); } _writer = new JwtWriter(); }
static void Main() { // Creates a symmetric key for encryption var encryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T"); // Creates a JWE descriptor with all its properties var descriptor = new PlaintextJweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256) { Payload = "Life long and prosper." }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwtDescriptor descriptor) { switch (status) { case TokenValidationStatus.SignatureKeyNotFound: descriptor.Header.Replace(new JwtProperty(HeaderParameters.KidUtf8, (string)descriptor.Header[HeaderParameters.KidUtf8].Value + "x")); break; case TokenValidationStatus.MissingEncryptionAlgorithm: descriptor.Header.Replace(new JwtProperty(HeaderParameters.EncUtf8)); break; } var token = descriptor; var writer = new JwtWriter(); //writer.IgnoreTokenValidation = true; var jwt = writer.WriteTokenString(token); switch (status) { case TokenValidationStatus.MalformedToken: jwt = "/" + jwt.Substring(0, jwt.Length - 1); break; case TokenValidationStatus.InvalidSignature: var parts = jwt.Split('.'); parts[2] = new string(parts[2].Reverse().ToArray()); jwt = parts[0] + "." + parts[1] + "." + parts[2]; break; case TokenValidationStatus.MalformedSignature: jwt = jwt.Substring(0, jwt.Length - 2); break; case TokenValidationStatus.MissingSignature: parts = jwt.Split('.'); jwt = parts[0] + "." + parts[1] + "."; break; default: break; } return new TokenState(jwt, status); }
public void Write_Binary() { var data = new byte[256]; FillData(data); var key = new RsaJwk ( n: "sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw", e: "AQAB", d: "VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-rynq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-KyvjT1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ", p: "9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEPkrdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM", q: "uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-yBhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0", dp: "w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuvngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcraHawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs", dq: "o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU", qi: "eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlCtUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZB9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo" ) { Alg = KeyManagementAlgorithm.RsaPkcs1.Utf8Name }; var descriptor = new BinaryJweDescriptor(data); descriptor.EncryptionKey = key; descriptor.EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256; descriptor.Algorithm = KeyManagementAlgorithm.RsaPkcs1; JwtWriter writer = new JwtWriter(); var value = writer.WriteToken(descriptor); Assert.NotNull(value); var reader = new JwtReader(key); var result = reader.TryReadToken(value, TokenValidationPolicy.NoValidation); Assert.Equal(TokenValidationStatus.Success, result.Status); var jwt = result.Token; Assert.Equal(data, jwt.Binary); }
public void Write_Utf8ToEscape() { var plaintext = "Live long and prosper!€"; var descriptor = new PlaintextJweDescriptor(RsaKey, KeyManagementAlgorithm.Rsa1_5, EncryptionAlgorithm.A128CbcHS256); descriptor.Payload = plaintext; JwtWriter writer = new JwtWriter(); var value = writer.WriteToken(descriptor); var policy = new TokenValidationPolicyBuilder() .WithDecryptionKey(RsaKey) .IgnoreSignatureByDefault() .Build(); var result = Jwt.TryParse(value, policy, out var jwt); Assert.True(result); Assert.Equal(plaintext, jwt.Plaintext); }
static void Main() { // Creates a JWS descriptor with all its properties var descriptor = new JwsDescriptor() { Algorithm = SignatureAlgorithm.None, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = "https://idp.example.com/", Audience = "636C69656E745F6964" }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
public void Write_Utf8ToEscape() { var plaintext = "Live long and prosper!€"; var descriptor = new PlaintextJweDescriptor(plaintext); descriptor.EncryptionKey = RsaKey; descriptor.EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256; descriptor.Algorithm = KeyManagementAlgorithm.RsaPkcs1; JwtWriter writer = new JwtWriter(); var value = writer.WriteToken(descriptor); var reader = new JwtReader(RsaKey); var result = reader.TryReadToken(value, TokenValidationPolicy.NoValidation); Assert.Equal(TokenValidationStatus.Success, result.Status); var jwt = result.Token; Assert.Equal(plaintext, jwt.Plaintext); }