private void HandleAuthenticationAdded(object sender, EventArgs e)
{
RsaSecurityKey rsa = null;
var xml = _identityServerOptions.Configuration.JsonWebKeys.First().SerializedKey;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
var provider = new RSACryptoServiceProvider();
provider.FromXmlStringNetCore(xml);
rsa = new RsaSecurityKey(provider);
}
else
{
var r = new RSAOpenSsl();
r.FromXmlStringNetCore(xml);
rsa = new RsaSecurityKey(r);
}
AspPipelineContext.Instance().ConfigureServiceContext.Services.AddAuthentication(cfg =>
{
cfg.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
cfg.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = rsa
};
});
}
public void SetRsaPublicKeyInformation(Dictionary <string, object> result, OfficeDocumentJsonWebKeyResponse jsonWebKey)
{
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var provider = new RSACryptoServiceProvider())
{
provider.FromXmlStringNetCore(jsonWebKey.SerializedKey);
var rsaParameters = provider.ExportParameters(false);
// Export the modulus
var modulus = rsaParameters.Modulus.Base64EncodeBytes();
// Export the exponent
var exponent = rsaParameters.Exponent.Base64EncodeBytes();
result.Add("n", modulus);
result.Add("e", exponent);
}
}
else
{
using (var provider = new RSAOpenSsl())
{
provider.FromXmlStringNetCore(jsonWebKey.SerializedKey);
var rsaParameters = provider.ExportParameters(false);
// Export the modulus
var modulus = rsaParameters.Modulus.Base64EncodeBytes();
// Export the exponent
var exponent = rsaParameters.Exponent.Base64EncodeBytes();
result.Add("n", modulus);
result.Add("e", exponent);
}
}
}
private RsaSecurityKey GetSecurityKey(string locationName, string subDistName, string txtFileName)
{
string xml = string.Empty;
if (_properties.ContainsKey(locationName) && _properties.ContainsKey(subDistName))
{
var storeLocation = _properties[locationName];
if (_mappingStrToStoreLocation.ContainsKey(storeLocation))
{
using (var store = new X509Store(_mappingStrToStoreLocation[storeLocation]))
{
store.Open(OpenFlags.OpenExistingOnly);
var certificates = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName, _properties[subDistName], true);
if (certificates.Count > 0)
{
xml = ((RSACryptoServiceProvider)certificates[0].PrivateKey).ToXmlStringNetCore(false);
}
}
}
}
else
{
var locationPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var publicKeyLocationPath = Path.Combine(locationPath, txtFileName);
xml = File.ReadAllText(publicKeyLocationPath);
}
RsaSecurityKey rsa = null;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
var provider = new RSACryptoServiceProvider();
provider.FromXmlStringNetCore(xml);
rsa = new RsaSecurityKey(provider);
}
else
{
var r = new RSAOpenSsl();
r.FromXmlStringNetCore(xml);
rsa = new RsaSecurityKey(r);
}
return(rsa);
}
public byte[] Decrypt(
byte[] toBeDecrypted,
JsonWebKey jsonWebKey)
{
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlStringNetCore(jsonWebKey.SerializedKey);
return(rsa.Decrypt(toBeDecrypted, _oaep));
}
}
else
{
using (var rsa = new RSAOpenSsl())
{
rsa.FromXmlStringNetCore(jsonWebKey.SerializedKey);
return(rsa.Decrypt(toBeDecrypted, RSAEncryptionPadding.Pkcs1));
}
}
}
private RsaSecurityKey GetSecurityKey(string txtFileName)
{
var locationPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var publicKeyLocationPath = Path.Combine(locationPath, txtFileName);
var xml = File.ReadAllText(publicKeyLocationPath);
RsaSecurityKey rsa = null;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
var provider = new RSACryptoServiceProvider();
provider.FromXmlStringNetCore(xml);
rsa = new RsaSecurityKey(provider);
}
else
{
var r = new RSAOpenSsl();
r.FromXmlStringNetCore(xml);
rsa = new RsaSecurityKey(r);
}
return(rsa);
}
public string SignWithRsa(
JwsAlg algorithm,
string serializedKeys,
string combinedJwsNotSigned)
{
if (!_supportedAlgs.Contains(algorithm))
{
return(null);
}
if (string.IsNullOrWhiteSpace(serializedKeys))
{
throw new ArgumentNullException("serializedKeys");
}
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var rsa = new RSACryptoServiceProvider())
{
var hashMethod = _mappingWinJwsAlgorithmToRsaHashingAlgorithms[algorithm];
var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned);
rsa.FromXmlStringNetCore(serializedKeys);
var byteToBeConverted = rsa.SignData(bytesToBeSigned, hashMethod);
return(byteToBeConverted.Base64EncodeBytes());
}
}
else
{
using (var rsa = new RSAOpenSsl())
{
var hashMethod = _mappingLinuxJwsAlgorithmToRsaHashingAlgorithms[algorithm];
var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned);
rsa.FromXmlStringNetCore(serializedKeys);
var byteToBeConverted = rsa.SignData(bytesToBeSigned, 0, bytesToBeSigned.Length, hashMethod, RSASignaturePadding.Pkcs1);
return(byteToBeConverted.Base64EncodeBytes());
}
}
}
public bool VerifyWithRsa(
JwsAlg algorithm,
string serializedKeys,
string input,
byte[] signature)
{
if (!_supportedAlgs.Contains(algorithm))
{
return(false);
}
if (string.IsNullOrWhiteSpace(serializedKeys))
{
throw new ArgumentNullException("serializedKeys");
}
var plainBytes = ASCIIEncoding.ASCII.GetBytes(input);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var rsa = new RSACryptoServiceProvider())
{
var hashMethod = _mappingWinJwsAlgorithmToRsaHashingAlgorithms[algorithm];
rsa.FromXmlStringNetCore(serializedKeys);
return(rsa.VerifyData(plainBytes, hashMethod, signature));
}
}
else
{
using (var rsa = new RSAOpenSsl())
{
var hashMethod = _mappingLinuxJwsAlgorithmToRsaHashingAlgorithms[algorithm];
rsa.FromXmlStringNetCore(serializedKeys);
return(rsa.VerifyData(plainBytes, signature, hashMethod, RSASignaturePadding.Pkcs1));
}
}
}