/// <summary>
        /// Creates the JWT header
        /// </summary>
        /// <param name="token">The token.</param>
        /// <param name="credential">The credentials.</param>
        /// <returns>The JWT header</returns>
        protected virtual async Task <JwtHeader> CreateHeaderAsync(Token token, SecurityKey key)
        {
            JwtHeader header = null;

#if DOTNET5_4
            header = new JwtHeader(new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature));
#elif NET451
            header = new JwtHeader(new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest));

            var x509key = key as X509SecurityKey;
            if (x509key != null)
            {
                header.Add("kid", await _keyService.GetKidAsync(x509key.Certificate));
                header.Add("x5t", await _keyService.GetKidAsync(x509key.Certificate));
            }
#endif

            return(header);
        }
Esempio n. 2
0
        /// <summary>
        /// Creates the JWT header
        /// </summary>
        /// <param name="credential">The credentials.</param>
        /// <returns>The JWT header</returns>
        private async Task <JwtHeader> CreateHeaderAsync(SigningCredentials credential)
        {
            var header = new JwtHeader(credential);

            var x509credential = credential as X509SigningCredentials;

            if (x509credential != null)
            {
                header.Add("kid", await _keyService.GetKidAsync(x509credential.Certificate));
            }

            return(header);
        }
Esempio n. 3
0
        private async Task <IEndpointResult> ExecuteJwksAsync(HttpContext context)
        {
            _logger.LogTrace("Start key discovery request");

            if (_options.DiscoveryOptions.ShowKeySet == false)
            {
                _logger.LogInformation("Key discovery disabled. 404.");
                return(new StatusCodeResult(404));
            }

            var webKeys = new List <Models.JsonWebKey>();

            foreach (var key in await _keyService.GetValidationKeysAsync())
            {
                if (key != null)
                {
                    var x509Key = new X509SecurityKey(key);

                    var cert64     = Convert.ToBase64String(key.RawData);
                    var thumbprint = Base64Url.Encode(key.GetCertHash());

                    var pubKey     = x509Key.PublicKey as RSA;
                    var parameters = pubKey.ExportParameters(false);
                    var exponent   = Base64Url.Encode(parameters.Exponent);
                    var modulus    = Base64Url.Encode(parameters.Modulus);

                    var webKey = new Models.JsonWebKey
                    {
                        kty = "RSA",
                        use = "sig",
                        kid = await _keyService.GetKidAsync(key),
                        x5t = thumbprint,
                        e   = exponent,
                        n   = modulus,
                        x5c = new[] { cert64 }
                    };

                    webKeys.Add(webKey);
                }
            }

            return(new JsonWebKeysResult(webKeys));
        }