public static RefreshTokenModel GenerateToken(IConnectionMultiplexer connectionMultiplexer, string cacheKey, IEnumerable <Claim> claims, string key, string issuer = null, string audience = null, double?expires = null) { RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(key); RsaSecurityKey privateKey = new RsaSecurityKey(privateKeyParameters); SigningCredentials credentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256); JwtSecurityToken securityToken = new JwtSecurityToken( issuer: issuer, audience: audience, claims: claims, expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null, signingCredentials: credentials); string token = new JwtSecurityTokenHandler().WriteToken(securityToken); string refreshToken = SaltGenerator.Generate(); IDatabase database = connectionMultiplexer.GetDatabase(0); database.StringSet(cacheKey, refreshToken); return(new RefreshTokenModel { Token = token, Expiration = securityToken.ValidTo, RefreshToken = refreshToken }); }
public void GetDigitalSignatureCertificates_MyStoreCurrentUser_CertificatesListed() { IEnumerable <X509Certificate2> certificates = DigitalSignatureManager.GetDigitalSignatureCertificates(); foreach (X509Certificate2 certificate in certificates) { _output.WriteLine(certificate.ToString()); } }
public static PackageDigitalSignature Sign(OpenXmlPackage openXmlPackage) { if (openXmlPackage == null) { throw new ArgumentNullException(nameof(openXmlPackage)); } X509Certificate2 certificate = DigitalSignatureManager.PromptForSigningCertificate(IntPtr.Zero); return(certificate != null?Sign(openXmlPackage, certificate) : null); }
public static RefreshTokenModel RefreshToken(IConnectionMultiplexer connectionMultiplexer, string token, string refreshToken, string privateKey, string publicKey, string issuer = null, string audience = null, double?expires = null) { ClaimsPrincipal principal = GetPrincipalFromExpiredToken(token, publicKey, issuer, audience); string ip = principal.Claims.SingleOrDefault(x => x.Type == "ip").Value; string customerCode = principal.Claims.SingleOrDefault(x => x.Type == "customerCode").Value; string userName = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.NameIdentifier).Value; string cacheKey = $"{customerCode}-{userName}-{ip}"; IDatabase database = connectionMultiplexer.GetDatabase(0); var savedRefreshToken = database.StringGet(cacheKey); if (savedRefreshToken != refreshToken) { throw new SecurityTokenException(); } RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(privateKey); RsaSecurityKey securityKey = new RsaSecurityKey(privateKeyParameters); //var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); SigningCredentials credentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256); var newSecurityToken = new JwtSecurityToken( issuer: issuer, audience: audience, claims: principal.Claims, expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null, signingCredentials: credentials); string newToken = new JwtSecurityTokenHandler().WriteToken(newSecurityToken); string newRefreshToken = SaltGenerator.Generate(); database.StringSet(cacheKey, newRefreshToken); return(new RefreshTokenModel { Token = newToken, Expiration = newSecurityToken.ValidTo, RefreshToken = newRefreshToken }); }
public void Sign_NoCertificatePassed_ExcelWorkbookSigned() { const string path = "Resources\\UnsignedWorkbook.xlsx"; using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(path); using (SpreadsheetDocument spreadsheetDocument = SpreadsheetDocument.Open(stream, true)) { DigitalSignatureManager.Sign(spreadsheetDocument.Package); } using (SpreadsheetDocument spreadsheetDocument = SpreadsheetDocument.Open(stream, false)) { VerifyResult verifyResult = DigitalSignatureManager.VerifySignature(spreadsheetDocument.Package); Assert.Equal(VerifyResult.Success, verifyResult); } File.WriteAllBytes("SignedWorkbook.xlsx", stream.ToArray()); }
public void Sign_CertificatePassed_Success(string sourcePath, string destPath) { using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(sourcePath); using (OpenXmlPackage openXmlPackage = Open(stream, true, sourcePath)) { X509Certificate2 certificate = DigitalSignatureManager .GetSigningCertificates() .OfType <X509Certificate2>() .First(); PackageDigitalSignature signature = OpenXmlDigitalSignatureManager.Sign(openXmlPackage, certificate); VerifyResult verifyResult = signature.Verify(); Assert.Equal(VerifyResult.Success, verifyResult); } File.WriteAllBytes(destPath, stream.ToArray()); }
public void Sign_UnsignedWorkbook_SuccessfullySigned() { // Load our unsigned Excel workbook into a MemoryStream for processing. const string path = "Resources\\UnsignedWorkbook.xlsx"; using MemoryStream stream = FileCloner.ReadAllBytesToMemoryStream(path); // Open the SpreadsheetDocument on the MemoryStream and sign it, using // the first digital signature certificate that we find. using (SpreadsheetDocument spreadsheetDocument = SpreadsheetDocument.Open(stream, true)) { X509Certificate2 certificate = DigitalSignatureManager.GetDigitalSignatureCertificates().First(); DigitalSignatureManager.Sign(spreadsheetDocument, certificate); } // Save the signed Excel workbook to disk. When you open this workbook, // Excel should tell you that it has found a valid signature. File.WriteAllBytes("SignedWorkbook.xlsx", stream.ToArray()); }
public static TokenValidationParameters GetTokenValidationParameters(string publicKey, string issuer = null, string audience = null) { RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(publicKey); RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters); return(new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = securityKey, ValidateIssuer = !string.IsNullOrWhiteSpace(issuer), ValidIssuer = issuer, ValidateAudience = !string.IsNullOrWhiteSpace(audience), ValidAudience = audience, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }); }
public static void AddJwt(this IServiceCollection services, IConfiguration configuration) { JwtOptions options = new JwtOptions(); IConfigurationSection section = configuration.GetSection("jwt"); section.Bind(options); services.Configure <JwtOptions>(configuration.GetSection("jwt")); RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(options.PublicKey); RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters); TokenValidationParameters tokenValidationParameters = TokenManager.GetTokenValidationParameters(options.PublicKey, options.Issuer, options.Audience); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(authorizationOptions => { authorizationOptions.TokenValidationParameters = tokenValidationParameters; authorizationOptions.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { context.Response.Headers.Add("Token-Expired", "true"); } return(Task.CompletedTask); } }; }); services.AddAuthorization(authorizationOptions => { authorizationOptions.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build(); }); }