public Sign ( IClientAssertionCertificate credential ) : ClientAssertion | ||
credential | IClientAssertionCertificate | |
Résultat | ClientAssertion |
public IDictionary <string, string> ToParameters() { IDictionary <string, string> parameters = new Dictionary <string, string>(); if (this.ClientId != null) { parameters[OAuth2Parameter.ClientId] = this.ClientId; } if (this.Credential != null) { if (!string.IsNullOrEmpty(this.Credential.Secret)) { parameters[OAuth2Parameter.ClientSecret] = this.Credential.Secret; } else { ClientAssertion clientAssertion = this.Credential.ClientAssertion; if (clientAssertion == null || this.Credential.ValidTo != 0) { bool assertionNearExpiry = (this.Credential.ValidTo <= JsonWebToken.ConvertToTimeT(DateTime.UtcNow + TimeSpan.FromMinutes( Constants.ExpirationMarginInMinutes))); if (assertionNearExpiry) { JsonWebToken jwtToken = new JsonWebToken(this.ClientId, this.Authority.SelfSignedJwtAudience); clientAssertion = jwtToken.Sign(this.Credential.Certificate); this.Credential.ValidTo = jwtToken.Payload.ValidTo; this.Credential.ClientAssertion = clientAssertion; } } parameters[OAuth2Parameter.ClientAssertionType] = clientAssertion.AssertionType; parameters[OAuth2Parameter.ClientAssertion] = clientAssertion.Assertion; } } else if (this.Assertion != null) { parameters[OAuth2Parameter.ClientAssertionType] = this.Assertion.AssertionType; parameters[OAuth2Parameter.ClientAssertion] = this.Assertion.Assertion; } return(parameters); }
public void AddConfidentialClientParameters( OAuth2Client oAuth2Client, ICoreLogger logger, ICryptographyManager cryptographyManager, string clientId, Authority authority, bool sendX5C) { using (logger.LogMethodDuration()) { switch (AuthenticationType) { case ConfidentialClientAuthenticationType.ClientCertificate: string tokenEndpoint = authority.GetTokenEndpoint(); var jwtToken2 = new JsonWebToken( cryptographyManager, clientId, tokenEndpoint); string assertion2 = jwtToken2.Sign(this, sendX5C); oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer); oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion2); break; case ConfidentialClientAuthenticationType.ClientCertificateWithClaims: tokenEndpoint = authority.GetTokenEndpoint(); var jwtToken = new JsonWebToken( cryptographyManager, clientId, tokenEndpoint, ClaimsToSign, AppendDefaultClaims); string assertion = jwtToken.Sign(this, sendX5C); oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer); oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion); break; case ConfidentialClientAuthenticationType.ClientSecret: oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientSecret, Secret); break; case ConfidentialClientAuthenticationType.SignedClientAssertion: oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer); oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, SignedAssertion); break; case ConfidentialClientAuthenticationType.SignedClientAssertionDelegate: oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer); oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, SignedAssertionDelegate.Invoke()); break; default: throw new NotImplementedException(); } } }
public void AddToParameters(IDictionary<string, string> parameters) { if (this.ClientId != null) { parameters[OAuthParameter.ClientId] = this.ClientId; } if (this.Credential != null) { if (!string.IsNullOrEmpty(this.Credential.Secret)) { parameters[OAuthParameter.ClientSecret] = this.Credential.Secret; } else { ClientAssertion clientAssertion = this.Credential.ClientAssertion; if (clientAssertion == null || this.Credential.ValidTo != 0) { bool assertionNearExpiry = (this.Credential.ValidTo <= JsonWebToken.ConvertToTimeT(DateTime.UtcNow + TimeSpan.FromMinutes( Constant.ExpirationMarginInMinutes))); if (assertionNearExpiry) { JsonWebToken jwtToken = new JsonWebToken(this.ClientId, this.Authenticator.SelfSignedJwtAudience); clientAssertion = jwtToken.Sign(this.Credential.Certificate); this.Credential.ValidTo = jwtToken.Payload.ValidTo; this.Credential.ClientAssertion = clientAssertion; } } parameters[OAuthParameter.ClientAssertionType] = clientAssertion.AssertionType; parameters[OAuthParameter.ClientAssertion] = clientAssertion.Assertion; } } else if (this.Assertion != null) { parameters[OAuthParameter.ClientAssertionType] = this.Assertion.AssertionType; parameters[OAuthParameter.ClientAssertion] = this.Assertion.Assertion; } }