public static RefreshTokenModel GenerateToken(IConnectionMultiplexer connectionMultiplexer, string cacheKey, IEnumerable <Claim> claims, string key, string issuer = null, string audience = null, double?expires = null)
{
RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(key);
RsaSecurityKey privateKey = new RsaSecurityKey(privateKeyParameters);
SigningCredentials credentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256);
JwtSecurityToken securityToken = new JwtSecurityToken(
issuer: issuer,
audience: audience,
claims: claims,
expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null,
signingCredentials: credentials);
string token = new JwtSecurityTokenHandler().WriteToken(securityToken);
string refreshToken = SaltGenerator.Generate();
IDatabase database = connectionMultiplexer.GetDatabase(0);
database.StringSet(cacheKey, refreshToken);
return(new RefreshTokenModel
{
Token = token,
Expiration = securityToken.ValidTo,
RefreshToken = refreshToken
});
}
public void GetDigitalSignatureCertificates_MyStoreCurrentUser_CertificatesListed()
{
IEnumerable <X509Certificate2> certificates = DigitalSignatureManager.GetDigitalSignatureCertificates();
foreach (X509Certificate2 certificate in certificates)
{
_output.WriteLine(certificate.ToString());
}
}
public static PackageDigitalSignature Sign(OpenXmlPackage openXmlPackage)
{
if (openXmlPackage == null)
{
throw new ArgumentNullException(nameof(openXmlPackage));
}
X509Certificate2 certificate = DigitalSignatureManager.PromptForSigningCertificate(IntPtr.Zero);
return(certificate != null?Sign(openXmlPackage, certificate) : null);
}
public static RefreshTokenModel RefreshToken(IConnectionMultiplexer connectionMultiplexer, string token, string refreshToken, string privateKey, string publicKey, string issuer = null, string audience = null, double?expires = null)
{
ClaimsPrincipal principal = GetPrincipalFromExpiredToken(token, publicKey, issuer, audience);
string ip = principal.Claims.SingleOrDefault(x => x.Type == "ip").Value;
string customerCode = principal.Claims.SingleOrDefault(x => x.Type == "customerCode").Value;
string userName = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.NameIdentifier).Value;
string cacheKey = $"{customerCode}-{userName}-{ip}";
IDatabase database = connectionMultiplexer.GetDatabase(0);
var savedRefreshToken = database.StringGet(cacheKey);
if (savedRefreshToken != refreshToken)
{
throw new SecurityTokenException();
}
RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(privateKey);
RsaSecurityKey securityKey = new RsaSecurityKey(privateKeyParameters);
//var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
SigningCredentials credentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256);
var newSecurityToken = new JwtSecurityToken(
issuer: issuer,
audience: audience,
claims: principal.Claims,
expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null,
signingCredentials: credentials);
string newToken = new JwtSecurityTokenHandler().WriteToken(newSecurityToken);
string newRefreshToken = SaltGenerator.Generate();
database.StringSet(cacheKey, newRefreshToken);
return(new RefreshTokenModel
{
Token = newToken,
Expiration = newSecurityToken.ValidTo,
RefreshToken = newRefreshToken
});
}
public void Sign_NoCertificatePassed_ExcelWorkbookSigned()
{
const string path = "Resources\\UnsignedWorkbook.xlsx";
using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(path);
using (SpreadsheetDocument spreadsheetDocument = SpreadsheetDocument.Open(stream, true))
{
DigitalSignatureManager.Sign(spreadsheetDocument.Package);
}
using (SpreadsheetDocument spreadsheetDocument = SpreadsheetDocument.Open(stream, false))
{
VerifyResult verifyResult = DigitalSignatureManager.VerifySignature(spreadsheetDocument.Package);
Assert.Equal(VerifyResult.Success, verifyResult);
}
File.WriteAllBytes("SignedWorkbook.xlsx", stream.ToArray());
}
public void Sign_CertificatePassed_Success(string sourcePath, string destPath)
{
using MemoryStream stream = FileCloner.CopyFileStreamToMemoryStream(sourcePath);
using (OpenXmlPackage openXmlPackage = Open(stream, true, sourcePath))
{
X509Certificate2 certificate = DigitalSignatureManager
.GetSigningCertificates()
.OfType <X509Certificate2>()
.First();
PackageDigitalSignature signature = OpenXmlDigitalSignatureManager.Sign(openXmlPackage, certificate);
VerifyResult verifyResult = signature.Verify();
Assert.Equal(VerifyResult.Success, verifyResult);
}
File.WriteAllBytes(destPath, stream.ToArray());
}
public void Sign_UnsignedWorkbook_SuccessfullySigned()
{
// Load our unsigned Excel workbook into a MemoryStream for processing.
const string path = "Resources\\UnsignedWorkbook.xlsx";
using MemoryStream stream = FileCloner.ReadAllBytesToMemoryStream(path);
// Open the SpreadsheetDocument on the MemoryStream and sign it, using
// the first digital signature certificate that we find.
using (SpreadsheetDocument spreadsheetDocument = SpreadsheetDocument.Open(stream, true))
{
X509Certificate2 certificate = DigitalSignatureManager.GetDigitalSignatureCertificates().First();
DigitalSignatureManager.Sign(spreadsheetDocument, certificate);
}
// Save the signed Excel workbook to disk. When you open this workbook,
// Excel should tell you that it has found a valid signature.
File.WriteAllBytes("SignedWorkbook.xlsx", stream.ToArray());
}
public static TokenValidationParameters GetTokenValidationParameters(string publicKey, string issuer = null, string audience = null)
{
RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(publicKey);
RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters);
return(new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = securityKey,
ValidateIssuer = !string.IsNullOrWhiteSpace(issuer),
ValidIssuer = issuer,
ValidateAudience = !string.IsNullOrWhiteSpace(audience),
ValidAudience = audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
});
}
public static void AddJwt(this IServiceCollection services, IConfiguration configuration)
{
JwtOptions options = new JwtOptions();
IConfigurationSection section = configuration.GetSection("jwt");
section.Bind(options);
services.Configure <JwtOptions>(configuration.GetSection("jwt"));
RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(options.PublicKey);
RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters);
TokenValidationParameters tokenValidationParameters = TokenManager.GetTokenValidationParameters(options.PublicKey, options.Issuer, options.Audience);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(authorizationOptions =>
{
authorizationOptions.TokenValidationParameters = tokenValidationParameters;
authorizationOptions.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
services.AddAuthorization(authorizationOptions =>
{
authorizationOptions.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
});
}
