public async Task <AccessTokenResponseDto> GetAccessTokenAsync(AccessTokenRequestDto requestDto) { // discover endpoints from metadata var client = new HttpClient(); var disco = await client.GetDiscoveryDocumentAsync(_configuration["AuthServer:Authority"]); if (disco.IsError) { throw new System.Exception("Error"); } // request token var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest { Address = disco.TokenEndpoint, ClientId = _configuration["AuthServer:AppClientId"], ClientSecret = _configuration["AuthServer:AppClientSecret"], UserName = requestDto.UserNameOrEmailAddress, Password = requestDto.Password, Scope = _configuration["AuthServer:Scope"] }); if (tokenResponse.IsError) { throw new System.Exception("Error"); } return(new AccessTokenResponseDto() { AccessToken = tokenResponse.AccessToken, ExpiresIn = tokenResponse.ExpiresIn, RefreshToken = tokenResponse.RefreshToken, TokenType = tokenResponse.TokenType }); }
public async Task <bool> IsRequestValid(AccessTokenRequestDto request, Func <AccessTokenRequestDto, string> signatureCreator = null) { signatureCreator = signatureCreator ?? (accessTokenReq => { var baseString = System.Text.Encoding.UTF8.GetBytes($"{request.OAuthAccessTokenBase64String}:{request.Nonce}:{request.EndUserMobileIdentifier}"); return(Convert.ToBase64String(baseString)); }); var publicKey = await _publicKeyRepo.GetPublicKey(request.EndUserMobileIdentifier, request.DeviceType.ToString()); if (string.IsNullOrWhiteSpace(publicKey)) { return(false); } var rsaCrypto = new RSACryptoServiceProvider(Constants.Crypto.KeySizes); var rsaParam = rsaCrypto.ExportParameters(false); rsaCrypto.PublicKeyFromXmlString(publicKey); /*rsaParam.Modulus = Convert.FromBase64String(publicKey.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "")); * rsaCrypto.ImportParameters(rsaParam);*/ var dataToVerify = signatureCreator(request); return(rsaCrypto.VerifyData(Convert.FromBase64String(dataToVerify), SHA1.Create(), Convert.FromBase64String(request.Signature))); }
public async Task <GateKeeperAccessTokenDto> Create(AccessTokenRequestDto requestDto) { var signature = String.Empty; if (!await _requestValidator.IsRequestValid(requestDto)) { throw new ArgumentException("Invalid request"); } //Verify nonce if (await _nonceRepo.Any(requestDto.Nonce)) { throw new ArgumentException("Invalid request"); } //Create digitally signed gatekeeper access token var privateKey = (await _gateKeeperKeyRepo.GetPrivateAndPublicKey(Constants.GateKeeper.GateKeeperId, Constants.GateKeeper.EphemeralVersion)).Item1; var rsa = new RSACryptoServiceProvider(Constants.Crypto.KeySizes); rsa.FromXmlString(privateKey); byte[] baseString = System.Text.Encoding.UTF8.GetBytes($"{requestDto.OAuthAccessTokenBase64String}:{true}"); signature = Convert.ToBase64String(rsa.SignData(baseString, SHA1.Create())); TrackNonce(requestDto); return(new GateKeeperAccessTokenDto { OAuthAccessToken = requestDto.OAuthAccessTokenBase64String, Verified = true, Signature = signature }); }
public bool IsRequestValid(AccessTokenRequestDto request, RSACryptoServiceProvider rsa, Func <AccessTokenRequestDto, string> signatureCreator = null) { signatureCreator = signatureCreator ?? (accessTokenReq => { var baseString = System.Text.Encoding.UTF8.GetBytes($"{request.OAuthAccessTokenBase64String}:{request.Nonce}:{request.EndUserMobileIdentifier}"); return(Convert.ToBase64String(baseString)); }); var dataToVerify = signatureCreator(request); var result = rsa.VerifyData(Convert.FromBase64String(dataToVerify), "SHA1", Convert.FromBase64String(request.Signature)); return(result); }
public async Task Post([FromBody] AccessTokenRequestDto requestDto) { if (String.IsNullOrWhiteSpace(requestDto.EndUserMobileIdentifier) || String.IsNullOrWhiteSpace(requestDto.OAuthAccessTokenBase64String) || String.IsNullOrWhiteSpace(requestDto.Nonce) || String.IsNullOrWhiteSpace(requestDto.Signature)) { throw new ArgumentException("Invalid request"); } var result = await _accessTokenAgg.CreateParallel(requestDto); }
private Task TrackNonce(AccessTokenRequestDto requestDto) { return(_nonceRepo.Save(new NonceDto { Nonce = requestDto.Nonce, OAuthAccessTokenBase64String = requestDto.OAuthAccessTokenBase64String, Signature = requestDto.Signature }).ContinueWith(task => { if (task.IsCanceled || task.IsFaulted) { var ex = task.Exception; } })); }
public void Given_A_Valid_OAuth_AccessToken_Signed_Then_Validate_Return_True() { //arrange var rsa = CreateAndPublishKey(); var request = new AccessTokenRequestDto(); request.OAuthAccessTokenBase64String = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes("First-AccessToken")); request.DeviceType = DeviceType.AndroidPhone; request.EndUserMobileIdentifier = "yusbel_gmail_Android_TD_Spend"; request.Nonce = "garcia.diaz"; byte[] baseString = System.Text.Encoding.UTF8.GetBytes($"{request.OAuthAccessTokenBase64String}:{request.Nonce}:{request.EndUserMobileIdentifier}"); request.Signature = Convert.ToBase64String(rsa.SignData(baseString, SHA1.Create())); //act DeviceRequestValidator validator = new DeviceRequestValidator(new PublicKeyRepo()); var result = validator.IsRequestValid(request).Result; AccessTokenAggregateRoot aggregateRoot = new AccessTokenAggregateRoot(validator, new GateKeeperKeyRepo(), new NonceRepo(), new Logger()); var created = aggregateRoot.Create(request).Result; //assert Microsoft.VisualStudio.TestTools.UnitTesting.Assert.IsTrue(result); }
public ActionResult <AccessTokenResponseDto> CreateLifetimeToken([FromBody] AccessTokenRequestDto request) { var user = _userRetriever.RetrieveUser(); return(Ok(_storage.CreateLifetimeToken(request.FriendlyName, user.Id))); }