/// <summary>
/// Creates the JWT header
/// </summary>
/// <param name="token">The token.</param>
/// <param name="credential">The credentials.</param>
/// <returns>The JWT header</returns>
protected virtual Task<JwtHeader> CreateHeaderAsync(Token token, SecurityKey key)
{
JwtHeader header = null;
header = new JwtHeader(new SigningCredentials(key, "RS256"));
return Task.FromResult(header);
}
public JwtTokenGenerator(SecurityKey key)
{
_key = key;
}
public static SigningCredentials CreateSigningCredential(SecurityKey securityKey)
{
return(new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha512Signature));
}
public static SigningCredentials CreateSigningCredentials(SecurityKey securityKey) //KULLANICAĞIMIZ ANAHTARI YOLLUYORUZ BURDA.
{
return(new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha512Signature)); //KULLANICAĞIMIZ ANAHTARI VE HANGİ ALGORİTMAYI KULLANCAĞIMIZI VERİYORUZ burda
}
public bool IsSupportedAlgorithmPublic(SecurityKey key, string algorithm)
{
IsSupportedAlgorithmCalled = true;
return(base.IsSupportedAlgorithm(key, algorithm));
}
public byte[] GetKeyBytesPublic(SecurityKey key)
{
GetKeyBytesCalled = true;
return(base.GetKeyBytes(key));
}
protected override SymmetricAlgorithm GetSymmetricAlgorithm(SecurityKey key, string algorithm)
{
GetSymmetricAlgorithmCalled = true;
return(base.GetSymmetricAlgorithm(key, algorithm));
}
public override SignatureProvider CreateForVerifying(SecurityKey key, string algorithm)
{
return(SymmetricSignatureProviderForVerifying);
}
public override SignatureProvider CreateForSigning(SecurityKey key, string algorithm)
{
return(null);
}
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key)
{
key = SecurityKey;
return(true);
}
public SetReturnSecurityTokenResolver(SecurityToken token, SecurityKey key)
{
SecurityKey = key;
SecurityToken = token;
}
public static SigningCredentials CreateSigningCredentials(SecurityKey securityKey) //Credential :bir sisteme girebilmek için elimizde olanlardır.(Kullanıcı Adı Parola)
{
return(new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha512Signature)); //Anahtar olarak securityKeyi kullan,Şifreleme olarak güvenlik algoritmalarından da HmacSha512Signature yi kullan
}
internal TokenJWTBuilder AddSecurityKey(SecurityKey securityKey)
{
this.securityKey = securityKey;
return(this);
}
public SignatureProviderTheoryData(string testId, string signingAlgorithm, string verifyAlgorithm, SecurityKey signingKey, SecurityKey verifyKey, EE expectedException = null)
{
SigningAlgorithm = signingAlgorithm;
VerifyAlgorithm = verifyAlgorithm;
SigningKey = signingKey;
VerifyKey = verifyKey;
ExpectedException = expectedException ?? EE.NoExceptionExpected;
TestId = testId;
}
public CryptoProviderFactoryTheoryData(string testId, string algorithm, SecurityKey signingKey, SecurityKey verifyKey, EE expectedException = null)
{
SigningAlgorithm = algorithm;
SigningKey = signingKey;
VerifyKey = verifyKey;
ExpectedException = expectedException ?? EE.NoExceptionExpected;
TestId = testId;
}
public void ValidateKeySizePublic(SecurityKey key, string algorithm)
{
ValidateKeySizeCalled = true;
base.ValidateKeySize(key, algorithm);
}
internal void GetSignatureAlgorithmAndKey(SecurityToken token, out string signatureAlgorithm, out SecurityKey key, out XmlDictionaryString signatureAlgorithmDictionaryString)
{
ReadOnlyCollection <SecurityKey> keys = token.SecurityKeys;
if (keys == null || keys.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SigningTokenHasNoKeys, token)));
}
for (int i = 0; i < keys.Count; i++)
{
if (keys[i].IsSupportedAlgorithm(this.DefaultSymmetricSignatureAlgorithm))
{
signatureAlgorithm = this.DefaultSymmetricSignatureAlgorithm;
signatureAlgorithmDictionaryString = this.DefaultSymmetricSignatureAlgorithmDictionaryString;
key = keys[i];
return;
}
else if (keys[i].IsSupportedAlgorithm(this.DefaultAsymmetricSignatureAlgorithm))
{
signatureAlgorithm = this.DefaultAsymmetricSignatureAlgorithm;
signatureAlgorithmDictionaryString = this.DefaultAsymmetricSignatureAlgorithmDictionaryString;
key = keys[i];
return;
}
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.Format(SR.SigningTokenHasNoKeysSupportingTheAlgorithmSuite, token, this)));
}
public DerivedKeyWrapProvider(SecurityKey key, string algorithm)
: base(key, algorithm)
{
}
protected override bool TryResolveSecurityKeyCore(SecurityKeyIdentifierClause keyIdentifierClause, out SecurityKey key)
{
key = null;
SecurityToken token = null;
if (base.TryResolveToken(keyIdentifierClause, out token) &&
(token.SecurityKeys.Count > 0))
{
key = token.SecurityKeys[0];
return(true);
}
return(false);
}
protected override byte[] GetKeyBytes(SecurityKey key)
{
GetKeyBytesCalled = true;
return(base.GetKeyBytes(key));
}
private void InitializeHmac()
{
securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.HmacSecretKey));
signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
}
protected override bool IsSupportedAlgorithm(SecurityKey key, string algorithm)
{
IsSupportedAlgorithmCalled = true;
return(base.IsSupportedAlgorithm(key, algorithm));
}
public static SigningCredentials CreateSigningCredentials(SecurityKey securityKey)
{
//hashlerken ve doğrularken kullandığımız "HMACSHA512" Cryptography classını kullandığımızı belirtmek için böyle bir class yazdık
return(new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha512Signature));
}
public static SigningCredentials CreateSigningCredentials(SecurityKey security) //Signing=imzalama
{ //securitykey yi ve algoritmamızı belirleriz bu kısımda(Hangi şifreleme algoritması=HmacSha512Signature)
return(new SigningCredentials(security, SecurityAlgorithms.HmacSha512Signature));
}
public static void AddTokenValidation(this IServiceCollection services, string issuer, string audience, SecurityKey signingKey)
{
services.Configure <JwtIssuerOptions>(options =>
{
options.Issuer = issuer;
options.Audience = audience;
options.SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
});
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
RequireExpirationTime = false,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
services.AddAuthentication(
options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(
options =>
{
options.ClaimsIssuer = issuer;
options.TokenValidationParameters = tokenValidationParameters;
options.SaveToken = true;
});
}
internal WrappedKeySecurityToken(string id, byte[] keyToWrap, string wrappingAlgorithm, XmlDictionaryString wrappingAlgorithmDictionaryString, SecurityToken wrappingToken, SecurityKeyIdentifier wrappingTokenReference, byte[] wrappedKey, SecurityKey wrappingSecurityKey)
: this(id, keyToWrap, wrappingAlgorithm, wrappingAlgorithmDictionaryString)
{
WrappingToken = wrappingToken ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(wrappingToken));
WrappingTokenReference = wrappingTokenReference;
if (wrappedKey == null)
{
_wrappedKey = SecurityUtils.EncryptKey(wrappingToken, wrappingAlgorithm, keyToWrap);
}
else
{
_wrappedKey = wrappedKey;
}
WrappingSecurityKey = wrappingSecurityKey;
_serializeCarriedKeyName = true;
}
public JwtTokenService(SecurityKey signingKey)
{
SigningKey = signingKey;
}
public JwtTokenBuilder AddSecurityKey(SecurityKey securityKey)
{
this.securityKey = securityKey;
return(this);
}
public RsaSignatureProvider(SecurityKey key, string algorithm, HashAlgorithmName hashAlgorithm, RSASignaturePadding signaturePadding, ILogger <RsaSignatureProvider> logger)
: base(key, algorithm)
{
if (key is RsaSecurityKey rsa)
{
if (rsa.Rsa != null && rsa.PrivateKeyStatus == PrivateKeyStatus.Unknown)
{
try
{
rsa.Rsa.SignData(Encoding.UTF8.GetBytes(nameof(RsaSignatureProvider)), hashAlgorithm, signaturePadding);
_rsaPrivateKey = rsa.Rsa;
}
catch
{
_rsaPublicKey = rsa.Rsa;
}
}
if (rsa.PrivateKeyStatus == PrivateKeyStatus.Exists)
{
if (rsa.Rsa != null)
{
_rsaPrivateKey = rsa.Rsa;
}
else
{
_rsaPrivateKey = new RSACryptoServiceProvider();
_rsaPrivateKey.ImportParameters(rsa.Parameters);
}
}
if (rsa.PrivateKeyStatus == PrivateKeyStatus.DoesNotExist)
{
if (rsa.Rsa != null)
{
_rsaPublicKey = rsa.Rsa;
}
else
{
_rsaPublicKey = new RSACryptoServiceProvider();
_rsaPublicKey.ImportParameters(rsa.Parameters);
}
}
}
if (key is X509SecurityKey x509)
{
if (x509.Certificate.HasPrivateKey)
{
_rsaPrivateKey = x509.Certificate.GetRSAPrivateKey();
}
_rsaPublicKey = x509.Certificate.GetRSAPublicKey();
}
if (_rsaPublicKey == null && _rsaPrivateKey == null)
{
throw new ArgumentException("Could not get RSA instance from SecurityKey", nameof(key));
}
_logger = logger;
HashAlgorithm = hashAlgorithm;
SignaturePadding = signaturePadding;
}
public virtual Task <TokenValidationResult> ValidateJwtAsync(string jwt, string audience, SecurityKey signingKey, bool validateLifetime = true)
{
var handler = new JwtSecurityTokenHandler
{
Configuration =
new SecurityTokenHandlerConfiguration
{
CertificateValidationMode = X509CertificateValidationMode.None,
CertificateValidator = X509CertificateValidator.None
}
};
var parameters = new TokenValidationParameters
{
ValidIssuer = _options.IssuerUri,
IssuerSigningKey = signingKey,
ValidateLifetime = validateLifetime,
ValidAudience = audience
};
try
{
SecurityToken jwtToken;
var id = handler.ValidateToken(jwt, parameters, out jwtToken);
// if access token contains an ID, log it
var jwtId = id.FindFirst(Constants.ClaimTypes.JwtId);
if (jwtId != null)
{
_log.JwtId = jwtId.Value;
}
return(Task.FromResult(new TokenValidationResult
{
Claims = id.Claims,
Jwt = jwt
}));
}
catch (Exception ex)
{
Logger.ErrorException("JWT token validation error", ex);
return(Task.FromResult(Invalid(Constants.ProtectedResourceErrors.InvalidToken)));
}
}
protected override void ValidateKeySize(SecurityKey key, string algorithm)
{
ValidateKeySizeCalled = true;
base.ValidateKeySize(key, algorithm);
}
