/// <summary>Initializes a new instance of the <see cref="BinaryJweDescriptor"/> class.</summary>
public BinaryJweDescriptor(Jwk encryptionKey, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, CompressionAlgorithm?zip = null, string?typ = JwtMediaTypeValues.OctetStream, string?cty = null)
: base(encryptionKey, alg, enc, zip, typ, cty)
{
}
public JwsHeader(string algorithm, Jwk key)
{
Algorithm = algorithm;
Key = key;
}
public override void IsSupportedSignature_Success(Jwk key, SignatureAlgorithm alg)
{
base.IsSupportedSignature_Success(key, alg);
}
public AccessTokenDescriptor(SignatureAlgorithm alg, Jwk signingKey)
: base(signingKey, alg)
{
}
public override KeyWrapper CreateKeyWrapper_Succeed(Jwk key, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
return(base.CreateKeyWrapper_Succeed(key, enc, alg));
}
public override void IsSupportedKeyWrapping_Success(Jwk key, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
Assert.False(key.SupportEncryption(enc));
Assert.True(key.SupportKeyManagement(alg));
}
public override void IsSupportedKeyWrapping_Success(Jwk key, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
base.IsSupportedKeyWrapping_Success(key, enc, alg);
}
public virtual void IsSupportedEncryption_Success(Jwk key, EncryptionAlgorithm enc)
{
Assert.True(key.SupportEncryption(enc));
}
private static JwsDescriptor CreateJws(Jwk signingKey, JObject descriptor, TokenValidationStatus status, string?claim = null)
{
var payload = new JwtPayload();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
switch (kvp.Value.Type)
{
case JTokenType.Object:
payload.Add(kvp.Key, (object)kvp.Value);
break;
case JTokenType.Array:
payload.Add(kvp.Key, (object[])(object)kvp.Value);
break;
case JTokenType.Integer:
payload.Add(kvp.Key, (long)kvp.Value);
break;
case JTokenType.Float:
payload.Add(kvp.Key, (double)kvp.Value);
break;
case JTokenType.String:
payload.Add(kvp.Key, (string)kvp.Value);
break;
case JTokenType.Boolean:
payload.Add(kvp.Key, (bool)kvp.Value);
break;
case JTokenType.Null:
payload.Add(kvp.Key, (object)kvp.Value);
break;
}
}
var d = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256);
d.Payload = payload;
return(d);
}
public DirectKeyWrapper(Jwk key, EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm)
: base(key, encryptionAlgorithm, algorithm)
{
}
/// <summary>Initializes a new instance of <see cref="JweDescriptor"/>.</summary>
public JweDescriptorBase(Jwk encryptionKey, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, CompressionAlgorithm?zip = null, string?typ = null, string?cty = JwtContentTypeValues.Jwt)
: base(encryptionKey, alg, enc, zip, typ, cty)
{
}
public override bool IsValidKey(Jwk key)
{
return(key.X.IsNotEmpty() && key.Y.IsNotEmpty() && key.Crv.IsNotEmpty());
}
private static JwsDescriptor CreateJws(Jwk signingKey, Dictionary <string, object> descriptor, TokenValidationStatus status, string claim = null)
{
var payload = new JwtPayload();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
payload.Add(kvp.Key, kvp.Value);
}
var d = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm)
{
Payload = payload
};
return(d);
}
public JwtService(X509Certificate2 certificate, IConfiguration configuration)
{
_configuration = configuration;
_key = Jwk.FromX509Certificate(certificate, true);
}
public override bool IsValidKey(Jwk key)
{
return(key.K.IsNotEmpty());
}
public EncryptedAccesTokenDescriptor(Jwk encryptionKey, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, CompressionAlgorithm?zip = null)
: base(encryptionKey, alg, enc, zip)
{
}
public Task <Account?> FindAccountAsync(Jwk jwk, CancellationToken cancellationToken)
{
throw new NotImplementedException();
}
public virtual void IsSupportedKeyWrapping_Success(Jwk key, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
Assert.True(key.SupportKeyManagement(alg));
}
public StateDescriptor(SignatureAlgorithm alg, Jwk signingKey)
: base(signingKey, alg)
{
}
public override Signer CreateSigner_Succeed(Jwk key, SignatureAlgorithm alg)
{
return(base.CreateSigner_Succeed(key, alg));
}
public void TryWrapKey_WithoutStaticKey_Success(EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
Jwk cek = TryWrapKey_Success(null, enc, alg);
Assert.NotNull(cek);
}
public override void IsSupportedSignature_Success(Jwk key, SignatureAlgorithm alg)
{
Assert.True(key.SupportSignature(alg));
}
public override void IsSupportedEncryption_Success(Jwk key, EncryptionAlgorithm enc)
{
base.IsSupportedEncryption_Success(key, enc);
}