private AuthTokenDto GetJwtTokenByCertificate(ServiceGateway service, ServerDto serverDto) { var cert = new X509Certificate2(txtCertificate.Text); var rsaKey = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(txtPrivateKey.Text); return(service.JwtTokenService.GetTokenFromCertificate(serverDto, cert, rsaKey)); }
private string GetSignedJwtToken(RSACryptoServiceProvider rsa, X509Certificate2 cert, string url) { var subjectDN = ShaWithRsaSigner.GetX500SubjectDN(cert); var claims = new List <Claim>(); claims.Add(new Claim("token_class", "solution_user_assertion")); claims.Add(new Claim("token_type", "Bearer")); claims.Add(new Claim("iat", DateTimeConverter.ToUnixDate(DateTime.UtcNow.AddMinutes(-5)).ToString(), ClaimValueTypes.Integer64)); claims.Add(new Claim("jti", new Random().Next().ToString())); claims.Add(new Claim("sub", subjectDN)); claims.Add(new Claim("aud", url)); var payload = new JwtPayload(subjectDN, url, claims, DateTime.UtcNow.AddMinutes(-5), DateTime.UtcNow.AddMinutes(5)); var key = new RsaSecurityKey(rsa); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); var header = new JwtHeader(signingCredentials); var token = new JwtSecurityToken(header, payload); var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); try { var jsonToken = jwtSecurityTokenHandler.WriteToken(token); return(jsonToken); } catch (Exception) { // do nothing } return(null); }
private string GetSamlTokenByCertificate(ServiceGateway service, ServerDto serverDto) { var cert = new X509Certificate2(txtCertificate.Text); var rsaKey = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(txtPrivateKey.Text); var token = service.SamlTokenService.GetSamlTokenFromCertificate(serverDto, cert, rsaKey); return(token); }
private string GetSamlTokenByToken(ServiceGateway service, ServerDto serverDto) { var cert = new X509Certificate2(txtTokCert.Text); var rsaKey = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(txtTokPkey.Text); var tokenText = File.ReadAllText(txtTokenFilePath.Text); var token = service.SamlTokenService.GetSamlTokenFromToken(serverDto, tokenText, cert, rsaKey); return(token); }
void PopulateCertDN() { if (rdoUseFile.Checked) { var cert = new X509Certificate2(txtCertFile.Text); var subjectDN = ShaWithRsaSigner.GetX500SubjectDN(cert); txtCertDN.Text = subjectDN; } CertDn = txtCertDN.Text; }
void BindControls() { var base64Value = CertificateHelper.PemToBase64EncodedString(_userDto.Certificate.Encoded); var cert = CertificateHelper.GetX509Certificate2FromString(base64Value); var subjectDN = ShaWithRsaSigner.GetX500SubjectDN(cert); txtIssuedBy.Text = cert.IssuerName.Name; txtValidFrom.Text = cert.NotBefore.ToString("MM-dd-yyyy hh:mm:ss"); txtValidTo.Text = cert.NotAfter.ToString("MM-dd-yyyy hh:mm:ss"); txtDN.Text = subjectDN; }
public void OnClickAddButton(object sender, EventArgs e) { if (IsValid()) { var serverDto = new ServerDto { ServerName = TxtServer.StringValue, Tenant = TxtTenant.StringValue, Port = TxtPort.StringValue, Protocol = CbSsl.StringValue == "1" ? "https" : "http", TokenType = CbSaml.StringValue == "1" ? TokenType.SAML : TokenType.Bearer, Url = LblServerUrl.StringValue, StsUrl = string.IsNullOrEmpty(TxtStsUrl.StringValue) ? string.Empty : TxtStsUrl.StringValue }; var login = new LoginDto { User = TxtUsername.StringValue, Pass = TxtPassword.StringValue, DomainName = TxtDomain.StringValue, TenantName = TxtTenant.StringValue }; try { TxtIDTokenString.StringValue = string.Empty; TxtAccessTokenString.StringValue = string.Empty; TxtRefreshTokenString.StringValue = string.Empty; TxtSamlToken.StringValue = string.Empty; if (CbSaml.StringValue == "0") { if (RdoTypeGroup.SelectedTag == 1) { var auth = SnapInContext.Instance.ServiceGateway.Authentication.Login(serverDto, login, Constants.ClientId); PopulateToken(auth); } else if (RdoTypeGroup.SelectedTag == 2) { var cert = new X509Certificate2(TxtCertificate.StringValue); var rsa = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(TxtPrivateKey.StringValue); var auth = SnapInContext.Instance.ServiceGateway.JwtTokenService.GetTokenFromCertificate(serverDto, cert, rsa); PopulateToken(auth); } } else { if (RdoTypeGroup.SelectedTag == 1) { var auth = SnapInContext.Instance.ServiceGateway.SamlTokenService.Authenticate(serverDto, login, Constants.ClientId); var bytes = Convert.FromBase64String(auth.Token.AccessToken); var token = System.Text.Encoding.Default.GetString(bytes); TxtSamlToken.StringValue = token; } else if (RdoTypeGroup.SelectedTag == 2) { var cert = new X509Certificate2(TxtCertificate.StringValue); var rsa = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(TxtPrivateKey.StringValue); var token = SnapInContext.Instance.ServiceGateway.SamlTokenService.GetSamlTokenFromCertificate(serverDto, cert, rsa); TxtSamlToken.StringValue = token; } else if (RdoTypeGroup.SelectedTag == 3) { var cert = new X509Certificate2(TxtCertificate.StringValue); var rsa = ShaWithRsaSigner.PrivatePemKeyToRSACryptoServiceProvider(TxtPrivateKey.StringValue); var tokenText = System.IO.File.ReadAllText(TxtTokenFile.StringValue); var token = SnapInContext.Instance.ServiceGateway.SamlTokenService.GetSamlTokenFromToken(serverDto, tokenText, cert, rsa); TxtSamlToken.StringValue = token; } } } catch (WebException exp) { if (CbSaml.StringValue == "1") { if (exp != null && exp.Response != null) { var response = exp.Response as HttpWebResponse; var resp = new StreamReader(exp.Response.GetResponseStream()).ReadToEnd(); UIErrorHelper.ShowAlert(resp, "Error"); return; } else { UIErrorHelper.ShowAlert(exp.Message, "Error"); return; } } else { if (exp.Response is HttpWebResponse) { var response = exp.Response as HttpWebResponse; if (response != null && response.StatusCode == HttpStatusCode.Unauthorized) { var resp = new StreamReader(exp.Response.GetResponseStream()).ReadToEnd(); var error = JsonConvert.Deserialize <AuthErrorDto> (resp); if (error != null) { if (error.Error == AuthError.InvalidToken) { UIErrorHelper.ShowAlert("Token Expired", "Error"); } else { UIErrorHelper.ShowAlert(error.Details, "Error"); } } } else { if (response != null && response.StatusCode == HttpStatusCode.BadRequest && response.ContentType == "application/json;charset=UTF-8") { var resp = new StreamReader(response.GetResponseStream()).ReadToEnd(); var error = JsonConvert.Deserialize <AuthErrorDto> (resp); if (resp.Contains(AuthError.InvalidGrant)) { if (error != null) { UIErrorHelper.ShowAlert("Invalid username or password", "Error"); } else { UIErrorHelper.ShowAlert(exp.Message + " Details: " + resp, "Error"); } } else { UIErrorHelper.ShowAlert(exp.Message + " Details: " + resp, "Error"); } } else if (response != null && response.ContentType == "application/json") { var resp = new StreamReader(response.GetResponseStream()).ReadToEnd(); UIErrorHelper.ShowAlert(exp.Message + " Details: " + resp, "Error"); } else { UIErrorHelper.ShowAlert(exp.Message, "Error"); } } } else { UIErrorHelper.ShowAlert(exp.Message, "Error"); } } } catch (Exception exp) { UIErrorHelper.ShowAlert(exp.Message, "Error"); } } }
public override void AwakeFromNib() { base.AwakeFromNib(); _certs = new List <string> (); TxtTenantName.Enabled = !UpdateCredentials; txtUsername.Enabled = !UpdateCredentials; TxtPassword.Enabled = !UpdateCredentials; if (UpdateCredentials) { TxtTenantName.StringValue = TenantDto.Name; } else { TenantDto = new TenantDto(); } TenantDto.Credentials = new TenantCredentialsDto() { Certificates = new List <CertificateDto>() }; BtnAddCertificate.Activated += (object sender, EventArgs e) => { var openPanel = new NSOpenPanel(); openPanel.ReleasedWhenClosed = true; openPanel.Prompt = "Select file"; var result = openPanel.RunModal(); if (result == 1) { var filePath = openPanel.Url.AbsoluteString.Replace("file://", string.Empty); var cert = new X509Certificate2(); ActionHelper.Execute(delegate() { cert.Import(filePath); _certs.Add(filePath); var certfificateDto = new CertificateDto { Encoded = cert.ExportToPem(), }; TenantDto.Credentials.Certificates.Add(certfificateDto); ReloadCertificates(); }); } }; BtnRemoveCertificate.Activated += (object sender, EventArgs e) => { if (CertificateChainTableView.SelectedRows.Count > 0) { foreach (var row in CertificateChainTableView.SelectedRows) { _certs.RemoveAt((int)row); TenantDto.Credentials.Certificates.RemoveAt((int)row); } ReloadCertificates(); } }; BtnBrowsePrivateKey.Activated += (object sender, EventArgs e) => { var openPanel = new NSOpenPanel(); openPanel.ReleasedWhenClosed = true; openPanel.Prompt = "Select file"; var result = openPanel.RunModal(); if (result == 1) { var filePath = openPanel.Url.AbsoluteString.Replace("file://", string.Empty); ActionHelper.Execute(delegate() { if (ShaWithRsaSigner.IsPrivateKeyValid(filePath)) { var text = System.IO.File.ReadAllText(filePath); var privateKey = PrivateKeyHelper.ExtractBase64EncodedPayload(text); TxtPrivateKeyPath.StringValue = filePath; TenantDto.Credentials.PrivateKey = new PrivateKeyDto() { Algorithm = EncrptionAlgorithm.RSA, Encoded = privateKey }; } else { UIErrorHelper.ShowAlert("Selected private key is not valid", "Alert"); } }); } }; BtnClose.Activated += (object sender, EventArgs e) => { TenantDto = null; this.Close(); NSApplication.SharedApplication.StopModalWithCode(0); }; this.BtnSave.Activated += (object sender, EventArgs e) => { if (!UpdateCredentials && string.IsNullOrEmpty(TxtTenantName.StringValue)) { UIErrorHelper.ShowAlert("Please enter valid tenant name", "Alert"); } else if (!UpdateCredentials && string.IsNullOrEmpty(txtUsername.StringValue)) { UIErrorHelper.ShowAlert("Please enter valid username", "Alert"); } else if (!UpdateCredentials && string.IsNullOrEmpty(TxtPassword.StringValue)) { UIErrorHelper.ShowAlert("Please enter valid password", "Alert"); } else if (string.IsNullOrEmpty(TxtPrivateKeyPath.StringValue)) { UIErrorHelper.ShowAlert("Please enter valid private key", "Alert"); } else if (_certs.Count < 2) { UIErrorHelper.ShowAlert("Please enter atleast 2 valid Certificates", "Alert"); } else { TenantDto.Name = TxtTenantName.StringValue; TenantDto.Username = txtUsername.StringValue; TenantDto.Password = TxtPassword.StringValue; this.Close(); NSApplication.SharedApplication.StopModalWithCode(1); } }; }