public void SignedHttpRequestValidationContext()
{
var httpRequestData = new HttpRequestData();
var signedHttpRequest = SignedHttpRequestTestUtils.CreateDefaultSignedHttpRequestToken(SignedHttpRequestTestUtils.DefaultSignedHttpRequestPayload.ToString()).EncodedToken;
var tokenValidationParameters = SignedHttpRequestTestUtils.DefaultTokenValidationParameters;
var validationParameters = new SignedHttpRequestValidationParameters();
var callContext = new CallContext();
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null, validationParameters, callContext));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null, (SignedHttpRequestValidationParameters)null));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(null, httpRequestData, null, (CallContext)null));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null, validationParameters, callContext));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null, (SignedHttpRequestValidationParameters)null));
Assert.Throws <ArgumentNullException>("signedHttpRequest", () => new SignedHttpRequestValidationContext(string.Empty, httpRequestData, null, (CallContext)null));
Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null, validationParameters, callContext));
Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null));
Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null, (SignedHttpRequestValidationParameters)null));
Assert.Throws <ArgumentNullException>("httpRequestData", () => new SignedHttpRequestValidationContext(signedHttpRequest, null, null, (CallContext)null));
Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null, validationParameters, callContext));
Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null));
Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null, (SignedHttpRequestValidationParameters)null));
Assert.Throws <ArgumentNullException>("accessTokenValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, null, (CallContext)null));
Assert.Throws <ArgumentNullException>("signedHttpRequestValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, (SignedHttpRequestValidationParameters)null));
Assert.Throws <ArgumentNullException>("signedHttpRequestValidationParameters", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, null, callContext));
Assert.Throws <ArgumentNullException>("callContext", () => new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, validationParameters, null));
// no exceptions
var signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters);
Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData);
Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest);
Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters);
Assert.NotNull(signedHttpRequestDescriptor.SignedHttpRequestValidationParameters);
Assert.NotNull(signedHttpRequestDescriptor.CallContext);
signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, callContext);
Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData);
Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest);
Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters);
Assert.Equal(callContext, signedHttpRequestDescriptor.CallContext);
Assert.NotNull(signedHttpRequestDescriptor.SignedHttpRequestValidationParameters);
signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, validationParameters);
Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData);
Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest);
Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters);
Assert.Equal(validationParameters, signedHttpRequestDescriptor.SignedHttpRequestValidationParameters);
Assert.NotNull(signedHttpRequestDescriptor.CallContext);
signedHttpRequestDescriptor = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, tokenValidationParameters, validationParameters, callContext);
Assert.Equal(httpRequestData, signedHttpRequestDescriptor.HttpRequestData);
Assert.Equal(signedHttpRequest, signedHttpRequestDescriptor.SignedHttpRequest);
Assert.Equal(tokenValidationParameters, signedHttpRequestDescriptor.AccessTokenValidationParameters);
Assert.Equal(validationParameters, signedHttpRequestDescriptor.SignedHttpRequestValidationParameters);
Assert.Equal(callContext, signedHttpRequestDescriptor.CallContext);
}
public async Task Roundtrips(RoundtripSignedHttpRequestTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.Roundtrips", theoryData);
try
{
var handler = new SignedHttpRequestHandler();
var signedHttpRequestDescriptor = new SignedHttpRequestDescriptor(theoryData.AccessToken, theoryData.HttpRequestData, theoryData.SigningCredentials, theoryData.SignedHttpRequestCreationParameters);
signedHttpRequestDescriptor.CnfClaimValue = theoryData.CnfClaimValue;
var signedHttpRequest = handler.CreateSignedHttpRequest(signedHttpRequestDescriptor);
var cryptoProviderFactory = signedHttpRequestDescriptor.SigningCredentials.CryptoProviderFactory ?? signedHttpRequestDescriptor.SigningCredentials.Key.CryptoProviderFactory;
if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider(
signedHttpRequestDescriptor.SigningCredentials.Key,
signedHttpRequestDescriptor.SigningCredentials.Algorithm,
signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(),
true,
out _))
{
context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Signing), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm));
}
var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, theoryData.HttpRequestData, theoryData.TokenValidationParameters, theoryData.SignedHttpRequestValidationParameters);
var result = await handler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false);
if (cryptoProviderFactory.CryptoProviderCache.TryGetSignatureProvider(
signedHttpRequestDescriptor.SigningCredentials.Key,
signedHttpRequestDescriptor.SigningCredentials.Algorithm,
signedHttpRequestDescriptor.SigningCredentials.Key is AsymmetricSecurityKey ? typeof(AsymmetricSignatureProvider).ToString() : typeof(SymmetricSignatureProvider).ToString(),
false,
out _))
{
context.Diffs.Add(LogHelper.FormatInvariant("SignedHttpRequest cached SignatureProvider (Validate), Key: '{0}', Algorithm: '{1}'", signedHttpRequestDescriptor.SigningCredentials.Key, signedHttpRequestDescriptor.SigningCredentials.Algorithm));
}
IdentityComparer.AreBoolsEqual(result.IsValid, theoryData.IsValid, context);
if (result.Exception != null)
{
throw result.Exception;
}
Assert.NotNull(result);
Assert.NotNull(result.SignedHttpRequest);
Assert.NotNull(result.ValidatedSignedHttpRequest);
Assert.NotNull(result.AccessTokenValidationResult);
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
internal override SecurityKey ResolvePopKeyFromJwk(string jwk, SignedHttpRequestValidationContext signedHttpRequestValidationContext)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("trackResolvePopKeyFromJwk"))
{
signedHttpRequestValidationContext.CallContext.PropertyBag["trackResolvePopKeyFromJwk"] = true;
return(null);
}
return(base.ResolvePopKeyFromJwk(jwk, signedHttpRequestValidationContext));
}
internal override void ValidateBClaim(JsonWebToken signedHttpRequest, SignedHttpRequestValidationContext signedHttpRequestValidationContext)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("onlyTrack_ValidateBClaimCall"))
{
signedHttpRequestValidationContext.CallContext.PropertyBag["onlyTrack_ValidateBClaimCall"] = true;
}
else
{
base.ValidateBClaim(signedHttpRequest, signedHttpRequestValidationContext);
}
}
internal override async Task <TokenValidationResult> ValidateAccessTokenAsync(string accessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockValidateAccessTokenAsync_returnInvalidResult"))
{
return(new TokenValidationResult()
{
IsValid = false,
Exception = new SecurityTokenValidationException()
});
}
else
{
return(await base.ValidateAccessTokenAsync(accessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
}
internal override async Task <SecurityKey> ResolvePopKeyAsync(JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyAsync_returnValidKey"))
{
return(SignedHttpRequestTestUtils.DefaultSigningCredentials.Key);
}
else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyAsync_returnInvalidKey"))
{
return(KeyingMaterial.RsaSecurityKey1);
}
else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyAsync_returnNullKey"))
{
return(null);
}
else
{
return(await base.ResolvePopKeyAsync(signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
}
internal override async Task <SecurityKey> ValidateSignatureAsync(JsonWebToken signedHttpRequest, SecurityKey popKey, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockValidateSignedHttpRequestSignatureAsync"))
{
return(SignedHttpRequestTestUtils.DefaultSigningCredentials.Key);
}
else
{
return(await base.ValidateSignatureAsync(signedHttpRequest, popKey, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
}
internal override async Task <SecurityKey> ResolvePopKeyFromKeyIdentifierAsync(string kid, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("trackResolvePopKeyFromKid"))
{
signedHttpRequestValidationContext.CallContext.PropertyBag["trackResolvePopKeyFromKid"] = true;
return(null);
}
return(await base.ResolvePopKeyFromKeyIdentifierAsync(kid, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
public SecurityKey ResolvePopKeyFromJwkPublic(string jwk, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext)
{
return(ResolvePopKeyFromJwk(jwk, signedHttpRequestValidationContext));
}
internal async Task <SecurityKey> ResolvePopKeyFromCnfClaimPublicAsync(JObject confirmationClaim, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
return(await ResolvePopKeyFromCnfClaimAsync(confirmationClaim, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
internal JObject GetCnfClaimValuePublic(JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext)
{
return(GetCnfClaimValue(signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext));
}
public void ValidateBClaimPublic(JsonWebToken jwtSignedHttpRequest, SignedHttpRequestValidationContext signedHttpRequestValidationContext)
{
ValidateBClaim(jwtSignedHttpRequest, signedHttpRequestValidationContext);
}
public async Task <SecurityKey> ValidateSignaturePublicAsync(JsonWebToken signedHttpRequest, SecurityKey popKey, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
return(await ValidateSignatureAsync(signedHttpRequest, popKey, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
public async Task <SecurityToken> ValidateSignedHttpRequestPayloadPublicAsync(SecurityToken signedHttpRequest, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
return(await ValidateSignedHttpRequestPayloadAsync(signedHttpRequest, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
internal override JObject GetCnfClaimValue(JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext)
{
if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJwk"))
{
return(SignedHttpRequestTestUtils.DefaultCnfJwk);
}
else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJwe"))
{
return(SignedHttpRequestTestUtils.DefaultCnfJwe);
}
else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJku"))
{
return(SignedHttpRequestTestUtils.DefaultJku);
}
else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnJkuKid"))
{
return(SignedHttpRequestTestUtils.DefaultJkuKid);
}
else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnKid"))
{
return(SignedHttpRequestTestUtils.DefaultKid);
}
else if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetCnfClaimValue_returnCustom"))
{
return(JObject.Parse("{\"custom\": 1}"));
}
else
{
return(base.GetCnfClaimValue(signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext));
}
}
internal async Task <SecurityKey> ResolvePopKeyFromJkuPublicAsync(string jkuSetUrl, JObject cnf, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
return(await ResolvePopKeyFromJkuAsync(jkuSetUrl, cnf, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
internal override async Task <SecurityKey> ResolvePopKeyFromCnfClaimAsync(JObject confirmationClaim, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext?.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockResolvePopKeyFromCnfClaimAsync_returnRsa"))
{
return(signedHttpRequestValidationContext.CallContext.PropertyBag["mockResolvePopKeyFromCnfClaimAsync_returnRsa"] as RsaSecurityKey);
}
else
{
return(await base.ResolvePopKeyFromCnfClaimAsync(confirmationClaim, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
}
public async Task <IList <SecurityKey> > GetPopKeysFromJkuPublicAsync(string jkuSetUrl, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
return(await GetPopKeysFromJkuAsync(jkuSetUrl, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
internal override async Task <SecurityKey> ResolvePopKeyFromJkuAsync(string jkuSetUrl, JObject cnf, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("trackResolvePopKeyFromJku"))
{
signedHttpRequestValidationContext.CallContext.PropertyBag["trackResolvePopKeyFromJku"] = true;
return(null);
}
return(await base.ResolvePopKeyFromJkuAsync(jkuSetUrl, cnf, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
public async Task <SecurityKey> ResolvePopKeyFromKeyIdentifierPublicAsync(string kid, JsonWebToken signedHttpRequest, JsonWebToken validatedAccessToken, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
return(await ResolvePopKeyFromKeyIdentifierAsync(kid, signedHttpRequest, validatedAccessToken, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
internal override async Task <IList <SecurityKey> > GetPopKeysFromJkuAsync(string jkuSetUrl, SignedHttpRequestValidationContext signedHttpRequestValidationContext, CancellationToken cancellationToken)
{
if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_return0Keys"))
{
return(new List <SecurityKey>());
}
else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_returnNull"))
{
return(null);
}
else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_return2Keys"))
{
return(new List <SecurityKey>()
{
SignedHttpRequestTestUtils.DefaultEncryptingCredentials.Key,
SignedHttpRequestTestUtils.DefaultSigningCredentials.Key,
});
}
else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_return1Key"))
{
return(new List <SecurityKey>()
{
SignedHttpRequestTestUtils.DefaultSigningCredentials.Key
});
}
else if (signedHttpRequestValidationContext.CallContext.PropertyBag != null && signedHttpRequestValidationContext.CallContext.PropertyBag.ContainsKey("mockGetPopKeysFromJkuAsync_returnWrongKey"))
{
return(new List <SecurityKey>()
{
SignedHttpRequestTestUtils.DefaultEncryptingCredentials.Key
});
}
return(await base.GetPopKeysFromJkuAsync(jkuSetUrl, signedHttpRequestValidationContext, cancellationToken).ConfigureAwait(false));
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
try
{
// Give application opportunity to find from a different location, adjust, or reject token
var messageReceivedContext = new SignedHttpRequestMessageReceivedContext(Context, Scheme, Options);
// event can set the token
//await Events.MessageReceived(messageReceivedContext);
if (messageReceivedContext.Result != null)
{
return(messageReceivedContext.Result);
}
// If application retrieved token from somewhere else, use that.
string signedHttpRequest = messageReceivedContext.Token;
if (string.IsNullOrEmpty(signedHttpRequest))
{
string authorization = Request.Headers[HeaderNames.Authorization];
// If no authorization header found, nothing to process further
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.NoResult());
}
if (authorization.StartsWith(SignedHttpRequestConstants.AuthorizationHeaderSchemeName, StringComparison.OrdinalIgnoreCase))
{
signedHttpRequest = authorization.Substring((SignedHttpRequestConstants.AuthorizationHeaderSchemeName + " ").Length).Trim();
}
// If no token found, no further work possible
if (string.IsNullOrEmpty(signedHttpRequest))
{
return(AuthenticateResult.NoResult());
}
}
if (_configuration == null && Options.ConfigurationManager != null)
{
_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
}
var validationParameters = Options.AccessTokenValidationParameters.Clone();
if (_configuration != null)
{
var issuers = new[] { _configuration.Issuer };
validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(issuers) ?? issuers;
validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys)
?? _configuration.SigningKeys;
}
var signedHttpRequestHandler = new SignedHttpRequestHandler();
Request.EnableBuffering();
byte[] body = null;
// Only extract the body if it will be validated.
if (Options.SignedHttpRequestValidationParameters.ValidateB)
{
using (var ms = new MemoryStream(2048))
{
await Request.Body.CopyToAsync(ms);
body = ms.ToArray(); // returns base64 encoded string JSON result
}
}
Request.Body.Position = 0;
Dictionary <string, IEnumerable <string> > headers = new Dictionary <string, IEnumerable <string> >();
// Only extract the headers if they will be validated.
if (Options.SignedHttpRequestValidationParameters.ValidateH)
{
foreach (var keyValuePair in Request.Headers)
{
headers.Add(keyValuePair.Key, keyValuePair.Value.AsEnumerable());
}
}
var httpRequestData = new HttpRequestData()
{
Method = Request.Method,
Uri = new Uri(UriHelper.GetEncodedUrl(Request)),
Body = body,
Headers = headers
};
var signedHttpRequestValidationContext = new SignedHttpRequestValidationContext(signedHttpRequest, httpRequestData, validationParameters, Options.SignedHttpRequestValidationParameters);
SignedHttpRequestValidationResult signedHttpRequestValidationResult = null;
signedHttpRequestValidationResult = await signedHttpRequestHandler.ValidateSignedHttpRequestAsync(signedHttpRequestValidationContext, CancellationToken.None).ConfigureAwait(false);
if (!signedHttpRequestValidationResult.IsValid)
{
Logger.TokenValidationFailed(signedHttpRequestValidationResult.Exception);
// Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null &&
signedHttpRequestValidationResult.Exception is SecurityTokenSignatureKeyNotFoundException)
{
Options.ConfigurationManager.RequestRefresh();
}
var authenticationFailedContext = new SignedHttpRequestAuthenticationFailedContext(Context, Scheme, Options)
{
Exception = signedHttpRequestValidationResult.Exception
};
//await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
return(AuthenticateResult.Fail(authenticationFailedContext.Exception));
}
Logger.TokenValidationSucceeded();
var principal = new ClaimsPrincipal(signedHttpRequestValidationResult.AccessTokenValidationResult.ClaimsIdentity);
Request.HttpContext.Items[typeof(SignedHttpRequestValidationResult)] = signedHttpRequestValidationResult;
var tokenValidatedContext = new SignedHttpRequestValidatedContext(Context, Scheme, Options)
{
Principal = principal,
SignedHttpRequestValidationResult = signedHttpRequestValidationResult,
};
//await Events.TokenValidated(tokenValidatedContext);
if (tokenValidatedContext.Result != null)
{
return(tokenValidatedContext.Result);
}
tokenValidatedContext.Success();
return(tokenValidatedContext.Result);
}
catch (Exception ex)
{
Logger.ErrorProcessingMessage(ex);
var authenticationFailedContext = new SignedHttpRequestAuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex
};
//await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
throw;
}
}
