public async void AuthMethodTest()
{
var unixTimeNow = (int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds;
var token = JwtSigner.Sign(new
{
jit = "1234",
iss = "auth",
aud = "test",
sid = "123456789",
sub = "*****@*****.**",
nbf = unixTimeNow - 600,
iat = unixTimeNow,
exp = unixTimeNow + 600,
acr = "AM2",
amr = new List <string> {
"password", "devicetoken:1234"
}
});
var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "http://testserver/api/authpassword");
httpRequestMessage.Headers.Add("Authorization", "Bearer " + token);
var response = await TestHttpClient.SendAsync(httpRequestMessage);
Assert.True(response.IsSuccessStatusCode);
var result = await response.Content.ReadAsStringAsync();
Assert.Contains("*****@*****.**", result);
}
public TokenModule(IUserRepository userRepository) : base("/token")
{
this._userRepository = userRepository;
this._jwtSigner = new JwtSigner();
this._passwordHasher = new PasswordHasher();
Post("/auth", async args =>
{
// The user from the POST request
var authUser = this.Bind <User>();
// Find the user in the database
var user = await this._userRepository.GetUser(authUser.Email);
if (user == null)
{
return(Response.AsJson(new { Status = "Error", Message = "User does not exist" }));
}
// Does the entered password match the password from the database
var validPassword = this._passwordHasher.ValidatePassword(authUser.Password, user.Password, user.Salt);
if (!validPassword)
{
return(Response.AsJson(new { Status = "Error", Message = "Incorrect Password" }));
}
// Sign a token
var token = this._jwtSigner.GenerateToken(user);
return(Response.AsJson(new { Status = "Success", Token = token }));
});
}
private SecurityKey GetKey()
{
var data = @"
{
'kty' : 'RSA',
'kid' : 'cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df',
'use' : 'sig',
'n' : 'pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w',
'e' : 'AQAB',
'd' : 'ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q',
'p' : '4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0',
'q' : 'ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8',
'dp' : 'lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE',
'dq' : 'mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk',
'qi' : 'ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg'
}
".Replace("'", "\"");
var d = JsonSerializer.Deserialize <JwkData>(data, new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true
});
var key = JwtSigner.ImportKeyFromJwk(d);
return(key);
}
public void TestSignAndVerifyJwt(String subDir, string nestDir)
{
var subPath = Util.TestDataPath(TEST_DATA, subDir, nestDir);
using (var ks = new FileSystemKeySet(subPath))
using (var signer = new JwtSigner(ks))
using (var verifier = new JwtVerifier(ks))
{
var signedoutput = signer.SignCompact(JObject.Parse(jsonInput));
Console.WriteLine(signedoutput);
Expect(verifier.VerifyCompact(signedoutput), Is.True);
Expect(signer.VerifyCompact(signedoutput), Is.True);
}
}
public void CreateJwtSignature()
{
var key = GetKey();
var somedate = new DateTime(2020, 12, 24);
var token = JwtSigner.CalculateJwtToken(key, d =>
{
d.Expires = somedate;
d.Claims = new Dictionary <string, object>()
{
{ "shoe", 43 }
};
d.Subject = new ClaimsIdentity("identiteetti");
});
Check.That(token)
.StartsWith(
"eyJhbGciOiJSUzI1NiIsImtpZCI6ImNjMzRjMGEwLWJkNWEtNGEzYy1hNTBkLWEyYTdkYjc2NDNkZiIsInR5cCI6IkpXVCJ9");
}
public void CreateSignAndPublicSized(string keyType, string topDir, string nestDir)
{
KeyType type = keyType;
topDir += "-sizes";
var kspath = Util.TestDataPath(WRITE_DATA, topDir, nestDir);
var writer = new FileSystemKeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.SignAndVerify))
{
var success = ks.Save(writer);
Expect(success, Is.True);
}
int i = 0;
foreach (int size in type.KeySizeOptions)
{
if (Util.IsSizeTooSlow(size))
{
break;
}
i++;
using (var ks = new MutableKeySet(kspath))
{
var ver = ks.AddKey(KeyStatus.Primary, size, type: type);
Expect(ver, Is.EqualTo(i));
var success = ks.Save(writer);
Expect(success, Is.True);
}
using (var ks = new FileSystemKeySet(kspath))
using (var signer = new Signer(ks))
using (var jwtSigner = new JwtSigner(ks))
{
var ciphertext = signer.Sign(input);
File.WriteAllText(Path.Combine(kspath, $"{size}.out"), ciphertext);
var key = ks.GetPrimaryKey();
if (Jwt.AlgForKey(key) != null)
{
var token = jwtSigner.SignCompact(JObject.Parse(jsonInput));
File.WriteAllText(Path.Combine(kspath, $"{size}.jwt"), token);
}
}
}
if (type.Asymmetric)
{
var kspath2 = Util.TestDataPath(WRITE_DATA, topDir + ".public", nestDir);
var writer2 = new FileSystemKeySetWriter(kspath2, overwrite: true);
using (var ks = new MutableKeySet(kspath))
{
var pubKs = ks.PublicKey();
var success = pubKs.Save(writer2);
Expect(success, Is.True);
}
}
}
protected int TakeAction(IKeySet keyset, Stream inStream, Stream outStream, Stream outStream2, IKeySet keyset2)
{
if ((WireFormat.IsNullOrEmpty(_format) &&
(keyset.Metadata.Purpose == KeyPurpose.DecryptAndEncrypt ||
keyset.Metadata.Purpose == KeyPurpose.Encrypt)) ||
_format == WireFormat.Crypt
)
{
using (var ucrypter = new Encrypter(keyset))
{
var err = UseCompression(ucrypter);
if (err != 0)
{
return(err);
}
ucrypter.Encrypt(inStream, outStream);
}
}
else if (WireFormat.IsNullOrEmpty(_format) || _format == WireFormat.Sign)
{
using (var signer = new Signer(keyset))
{
var sig = signer.Sign(inStream);
outStream.Write(sig, 0, sig.Length);
}
}
else if (_format == WireFormat.SignJwt)
{
try
{
using (var signer = new JwtSigner(keyset))
using (var reader = new StreamReader(inStream))
{
var sig = signer.SignCompact(JObject.Parse(reader.ReadToEnd()));
outStream.Write(Encoding.UTF8.GetBytes(sig), 0, sig.Length);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.WriteLine(ex.StackTrace);
return(-1);
}
}
else if (_format == WireFormat.SignTimeout)
{
using (var signer = new TimeoutSigner(keyset))
{
var sig = signer.Sign(inStream, _expires.GetValueOrDefault());
outStream.Write(sig, 0, sig.Length);
}
}
else if (_format == WireFormat.SignAttached)
{
using (var signer = new AttachedSigner(keyset))
{
byte[] hidden = null;
if (!String.IsNullOrWhiteSpace(_attachedHidden))
{
hidden = signer.Config.RawStringEncoding.GetBytes(_attachedHidden);
}
signer.Sign(inStream, outStream, hidden);
}
}
else if (_format == WireFormat.SignVanilla || _format == WireFormat.SignUnversioned)
{
using (var signer = new Keyczar.Compat.VanillaSigner(keyset))
{
var sig = signer.Sign(inStream);
outStream.Write(sig, 0, sig.Length);
}
}
else if (_format == WireFormat.CryptSession)
{
using (var crypter = new Encrypter(keyset))
using (var sessionCrypter = new SessionCrypter(crypter))
{
var err = UseCompression(sessionCrypter);
if (err != 0)
{
return(err);
}
var materials = sessionCrypter.SessionMaterial.ToBytes();
outStream.Write(materials, 0, materials.Length);
sessionCrypter.Encrypt(inStream, outStream2);
}
}
else if (_format == WireFormat.CryptSignedSession)
{
if (keyset2 == null)
{
Console.WriteLine(Localized.MsgRequiresLocation2);
return(-1);
}
using (var crypter = new Encrypter(keyset))
using (var signer = new AttachedSigner(keyset2))
using (var sessionCrypter = new SessionCrypter(crypter, signer))
{
var err = UseCompression(sessionCrypter);
if (err != 0)
{
return(err);
}
var materials = sessionCrypter.SessionMaterial.ToBytes();
outStream.Write(materials, 0, materials.Length);
sessionCrypter.Encrypt(inStream, outStream2);
}
}
else
{
Console.WriteLine(Localized.MsgUnknownFormat, _format);
return(-1);
}
return(0);
}
