public async Task <ActionResult <RepositoryResponse <AccessTokenViewModel> > > Register([FromBody] MixRegisterViewModel model) { RepositoryResponse <AccessTokenViewModel> result = new RepositoryResponse <AccessTokenViewModel>(); if (ModelState.IsValid) { var user = new ApplicationUser { UserName = model.Username, Email = model.Email, FirstName = model.FirstName, LastName = model.LastName, Avatar = model.Avatar ?? MixService.GetAppSetting <string>("DefaultAvatar"), JoinDate = DateTime.UtcNow }; var createResult = await _userManager.CreateAsync(user, password : model.Password).ConfigureAwait(false); if (createResult.Succeeded) { await _userManager.AddToRoleAsync(user, MixDefaultRoles.Guest); var saveData = await Mix.Cms.Lib.ViewModels.MixDatabaseDatas.Helper.SaveObjAsync( MixDatabaseNames.SYSTEM_USER_DATA, model.UserData, user.UserName, MixDatabaseParentType.User); result.IsSucceed = saveData.IsSucceed; result.Errors = saveData.Errors; result.Exception = saveData.Exception; _logger.LogInformation("User created a new account with password."); user = await _userManager.FindByNameAsync(model.Username).ConfigureAwait(false); var rsaKeys = RSAEncryptionHelper.GenerateKeys(); var aesKey = AesEncryptionHelper.GenerateCombinedKeys(256); var token = await _idService.GenerateAccessTokenAsync(user, true, aesKey, rsaKeys[MixConstants.CONST_RSA_PUBLIC_KEY]); if (token != null) { result.IsSucceed = true; result.Data = token; _logger.LogInformation("User logged in."); return(result); } else { return(Ok(result)); } } else { foreach (var error in createResult.Errors) { result.Errors.Add(error.Description); } return(BadRequest(result)); } } return(BadRequest(result)); }
public RepositoryResponse <CryptoViewModel <string> > Decrypt([FromBody] JObject model) { string data = model.GetValue("data")?.Value <string>(); string key = model.GetValue("key")?.Value <string>(); return(AesEncryptionHelper.DecryptStringFromBytes_Aes(data, key)); }
public UserSessions CreateNewUserSession(int id, LoginModel user) { string token = CreateRandomToken(); string tokenSalt = string.Empty; //use User create timestamp and web.config secret key to encrypt newly created token (guids...) string tokenEncryptKey = DateTime.Now + ConfigurationManager.AppSettings["ENCRYPT_LINK_KEY"]; string encryptedToken = AesEncryptionHelper.Encrypt(token, tokenEncryptKey, ref tokenSalt); // use newly created token (guids...) and web.config secret to encrypt session id, use same salt as used by token string sessionCookieEncryptKey = token + ":" + ConfigurationManager.AppSettings["ENCRYPT_LINK_KEY"]; string doubleSubmitSessionCookie = AesEncryptionHelper.Encrypt(Guid.NewGuid().ToString(), sessionCookieEncryptKey, ref tokenSalt); var userSession = new UserSessions { UserId = id, AuthToken = encryptedToken.Base64ToBase64URL(), //since we may use this authToken in a URL later, let's make sure it's URL safe. AuthExpiration = DateTime.UtcNow.AddMinutes(12 * 60), IsExpired = false, HardAbsoluteExpirationTime = DateTime.UtcNow.AddMinutes(12 * 60), AuthTokenSalt = tokenSalt, AuthDoubleSubmitSessionIdCookie = doubleSubmitSessionCookie, }; return(userSession); }
private void InitializeMockObjects() { _simpleIdentityServerConfigurator = new Mock <IConfigurationService>(); _clientRepositoryStub = new Mock <IClientRepository>(); _jsonWebKeyRepositoryStub = new Mock <IJsonWebKeyRepository>(); _scopeRepositoryStub = new Mock <IScopeRepository>(); var clientValidator = new ClientValidator(); var claimsMapping = new ClaimsMapping(); var parameterParserHelper = new ParameterParserHelper(_scopeRepositoryStub.Object); var createJwsSignature = new CreateJwsSignature(new CngKeySerializer()); var aesEncryptionHelper = new AesEncryptionHelper(); var jweHelper = new JweHelper(aesEncryptionHelper); var jwsGenerator = new JwsGenerator(createJwsSignature); var jweGenerator = new JweGenerator(jweHelper); _jwtGenerator = new JwtGenerator( _simpleIdentityServerConfigurator.Object, _clientRepositoryStub.Object, clientValidator, _jsonWebKeyRepositoryStub.Object, _scopeRepositoryStub.Object, claimsMapping, parameterParserHelper, jwsGenerator, jweGenerator); }
public string Encrypt([FromBody] EncryptDataDto requestDto) { string data = requestDto.ObjectData.ToString(Newtonsoft.Json.Formatting.None); var key = requestDto.Key ?? MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey); return(AesEncryptionHelper.EncryptString(data, key)); }
public void Init() { _encryptionHelper = new AesEncryptionHelper(); //for test purposes, we're generating a new key each time AesEncryptionHelper.CipherKey = AesEncryptionHelper.GenerateCipherKey(); }
public static IHostBuilder CreateHostBuilder(string[] args) { if (!File.Exists($"{MixConstants.CONST_FILE_APPSETTING}")) { File.Copy($"{MixConstants.CONST_DEFAULT_FILE_APPSETTING}", $"{MixConstants.CONST_FILE_APPSETTING}"); var aesKey = AesEncryptionHelper.GenerateCombinedKeys(256); MixService.SetConfig <string>(MixAppSettingKeywords.ApiEncryptKey, aesKey); MixService.SetAuthConfig(MixAuthConfigurations.SecretKey, Guid.NewGuid().ToString("N")); MixService.SaveSettings(); } var config = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile(MixConstants.CONST_FILE_APPSETTING, optional: true, reloadOnChange: true) .Build(); return(Host.CreateDefaultBuilder(args) .ConfigureLogging(logging => { logging.ClearProviders(); logging.AddConsole(); }) .ConfigureWebHostDefaults(webBuilder => { webBuilder.UseStartup <Startup>(); })); }
public RepositoryResponse <string> Decrypt([FromBody] JObject model) { string data = model.GetValue("data")?.Value <string>(); var key = MixService.GetConfig <string>(MixAppSettingKeywords.ApiEncryptKey); return(new RepositoryResponse <string>() { Data = AesEncryptionHelper.DecryptString(data, key) }); }
public RepositoryResponse <CryptoViewModel <string> > Encrypt([FromBody] JObject model) { string data = model.GetValue("data").Value <string>(); var encrypted = new JObject(new JProperty("encrypted", data)); return(new RepositoryResponse <CryptoViewModel <string> >() { Data = AesEncryptionHelper.EncryptStringToBytes_Aes(encrypted) }); }
public RepositoryResponse <string> Decrypt([FromBody] JObject model) { string data = model.GetValue("data")?.Value <string>(); //string key = model.GetValue("key")?.Value<string>(); var key = System.Text.Encoding.UTF8.GetBytes("sw-cms-secret-key"); return(new RepositoryResponse <string>() { Data = AesEncryptionHelper.DecryptString(data, Convert.ToBase64String(key)) }); }
public RepositoryResponse <CryptoViewModel <JObject> > Decrypt([FromBody] JObject model) { string data = model.GetValue("data").Value <string>(); string key = model.GetValue("key").Value <string>(); string iv = model.GetValue("iv").Value <string>(); return(new RepositoryResponse <CryptoViewModel <JObject> >() { Data = AesEncryptionHelper.DecryptStringFromBytes_Aes(data, key, iv) }); }
public RepositoryResponse <string> Encrypt([FromBody] JObject model) { string data = model.GetValue("data").Value <string>(); var encrypted = new JObject(new JProperty("encrypted", data)); var key = MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey); return(new RepositoryResponse <string>() { Data = AesEncryptionHelper.EncryptString(data, key) }); }
/* * [Fact] * public void When_Passing_AuthorizationParameterWithoutOpenIdScope_Then_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * Prompt = "login", * State = state, * RedirectUrl = redirectUrl, * Scope = "email" * }; * * // ACT & ASSERTS * var exception = * Assert.Throws<IdentityServerExceptionWithState>( * () => _processAuthorizationRequest.Process(authorizationParameter, null)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidScope)); * Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.TheScopesNeedToBeSpecified, Core.Constants.StandardScopes.OpenId.Name))); * Assert.True(exception.State.Equals(state)); * } * * [Fact] * public void When_Passing_AuthorizationRequestWithMissingResponseType_Then_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * Prompt = "login", * State = state, * RedirectUrl = redirectUrl, * Scope = "openid" * }; * * // ACT & ASSERTS * var exception = * Assert.Throws<IdentityServerExceptionWithState>( * () => _processAuthorizationRequest.Process(authorizationParameter, null)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode)); * Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.MissingParameter * , Core.Constants.StandardAuthorizationRequestParameterNames.ResponseTypeName))); * Assert.True(exception.State.Equals(state)); * } * * [Fact] * public void When_Passing_AuthorizationRequestWithNotSupportedResponseType_Then_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * Prompt = "login", * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code" * }; * * // ACT * var client = FakeFactories.FakeDataSource.Clients.FirstOrDefault(c => c.ClientId == clientId); * Assert.NotNull(client); * client.ResponseTypes.Remove(ResponseType.code); * * // ACT & ASSERTS * var exception = * Assert.Throws<IdentityServerExceptionWithState>( * () => _processAuthorizationRequest.Process(authorizationParameter, null)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode)); * Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.TheClientDoesntSupportTheResponseType * , clientId, "code"))); * Assert.True(exception.State.Equals(state)); * } * * [Fact] * public void When_TryingToByPassLoginAndConsentScreen_But_UserIsNotAuthenticated_Then_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * Prompt = "none", * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code" * }; * * // ACT & ASSERTS * var exception = * Assert.Throws<IdentityServerExceptionWithState>( * () => _processAuthorizationRequest.Process(authorizationParameter, null)); * Assert.True(exception.Code.Equals(ErrorCodes.LoginRequiredCode)); * Assert.True(exception.Message.Equals(ErrorDescriptions.TheUserNeedsToBeAuthenticated)); * Assert.True(exception.State.Equals(state)); * } * * [Fact] * public void When_TryingToByPassLoginAndConsentScreen_But_TheUserDidntGiveHisConsent_Then_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * Prompt = "none", * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code" * }; * * var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake")); * * // ACT & ASSERTS * var exception = * Assert.Throws<IdentityServerExceptionWithState>( * () => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal)); * Assert.True(exception.Code.Equals(ErrorCodes.InteractionRequiredCode)); * Assert.True(exception.Message.Equals(ErrorDescriptions.TheUserNeedsToGiveHisConsent)); * Assert.True(exception.State.Equals(state)); * } * * [Fact] * public void When_Passing_A_NotValid_IdentityTokenHint_Parameter_Then_An_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string subject = "*****@*****.**"; * const string redirectUrl = "http://localhost"; * FakeFactories.FakeDataSource.Consents.Add(new Consent * { * ResourceOwner = new ResourceOwner * { * Id = subject * }, * GrantedScopes = new List<Scope> * { * new Scope * { * Name = "openid" * } * }, * Client = FakeFactories.FakeDataSource.Clients.First() * }); * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * Prompt = "none", * IdTokenHint = "invalid identity token hint" * }; * * var claims = new List<Claim> * { * new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject) * }; * var claimIdentity = new ClaimsIdentity(claims, "fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * * // ACT * var exception = Assert.Throws<IdentityServerExceptionWithState>(() => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode)); * Assert.True(exception.Message.Equals(ErrorDescriptions.TheIdTokenHintParameterIsNotAValidToken)); * } * * [Fact] * public void When_Passing_An_IdentityToken_Valid_ForWrongAudience_Then_An_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string subject = "*****@*****.**"; * const string redirectUrl = "http://localhost"; * FakeFactories.FakeDataSource.Consents.Add(new Consent * { * ResourceOwner = new ResourceOwner * { * Id = subject * }, * GrantedScopes = new List<Scope> * { * new Scope * { * Name = "openid" * } * }, * Client = FakeFactories.FakeDataSource.Clients.First() * }); * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * Prompt = "none", * }; * * var subjectClaim = new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject); * var claims = new List<Claim> * { * subjectClaim * }; * var claimIdentity = new ClaimsIdentity(claims, "fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * var jwtPayload = new JwsPayload * { * { * subjectClaim.Type, subjectClaim.Value * } * }; * * authorizationParameter.IdTokenHint = _jwtGenerator.Sign(jwtPayload, JwsAlg.RS256); * * // ACT * var exception = Assert.Throws<IdentityServerExceptionWithState>(() => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode)); * Assert.True(exception.Message.Equals(ErrorDescriptions.TheIdentityTokenDoesntContainSimpleIdentityServerAsAudience)); * } * * [Fact] * public void When_Passing_An_IdentityToken_Different_From_The_Current_Authenticated_User_Then_An_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string subject = "*****@*****.**"; * const string issuerName = "audience"; * const string redirectUrl = "http://localhost"; * FakeFactories.FakeDataSource.Consents.Add(new Consent * { * ResourceOwner = new ResourceOwner * { * Id = subject * }, * GrantedScopes = new List<Scope> * { * new Scope * { * Name = "openid" * } * }, * Client = FakeFactories.FakeDataSource.Clients.First() * }); * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * Prompt = "none", * }; * * var subjectClaim = new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject); * var claims = new List<Claim> * { * subjectClaim * }; * var claimIdentity = new ClaimsIdentity(claims, "fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * var jwtPayload = new JwsPayload * { * { * subjectClaim.Type, "wrong subjet" * }, * { * Jwt.Constants.StandardClaimNames.Audiences, new [] { issuerName } * } * }; * _simpleIdentityServerConfiguratorStub.Setup(s => s.GetIssuerName()).Returns(issuerName); * authorizationParameter.IdTokenHint = _jwtGenerator.Sign(jwtPayload, JwsAlg.RS256); * * // ACT * var exception = Assert.Throws<IdentityServerExceptionWithState>(() => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode)); * Assert.True(exception.Message.Equals(ErrorDescriptions.TheCurrentAuthenticatedUserDoesntMatchWithTheIdentityToken)); * } * * [Fact] * public void When_Passing_Not_Supported_Prompts_Parameter_Then_An_Exception_Is_Thrown() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * Prompt = "select_account", * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code" * }; * * var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake")); * * // ACT & ASSERTS * var exception = * Assert.Throws<IdentityServerExceptionWithState>( * () => _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal)); * Assert.True(exception.Code.Equals(ErrorCodes.InvalidRequestCode)); * Assert.True(exception.Message.Equals(string.Format(ErrorDescriptions.ThePromptParameterIsNotSupported, "select_account"))); * Assert.True(exception.State.Equals(state)); * } */ #endregion /* #region TEST VALID SCENARIOS * * [Fact] * public void When_TryingToRequestAuthorization_But_TheUserConnectionValidityPeriodIsNotValid_Then_Redirect_To_The_Authentication_Screen() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * const long maxAge = 300; * var currentDateTimeOffset = DateTimeOffset.UtcNow.ConvertToUnixTimestamp(); * currentDateTimeOffset -= maxAge + 100; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * Prompt = "none", * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * MaxAge = 300 * }; * * var claims = new List<Claim> * { * new Claim(ClaimTypes.AuthenticationInstant, currentDateTimeOffset.ToString()) * }; * var claimIdentity = new ClaimsIdentity(claims, "fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * * // ACT * var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal); * * // ASSERTS * Assert.NotNull(result); * Assert.True(result.RedirectInstruction.Action.Equals(IdentityServerEndPoints.AuthenticateIndex)); * } * * [Fact] * public void When_TryingToRequestAuthorization_But_TheUserIsNotAuthenticated_Then_Redirect_To_The_Authentication_Screen() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * }; * * // ACT * var result = _processAuthorizationRequest.Process(authorizationParameter, null); * * // ASSERTS * Assert.NotNull(result); * Assert.True(result.RedirectInstruction.Action.Equals(Core.Results.IdentityServerEndPoints.AuthenticateIndex)); * } * * [Fact] * public void When_TryingToRequestAuthorization_And_TheUserIsAuthenticated_But_He_Didnt_Give_His_Consent_Then_Redirect_To_Consent_Screen() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * }; * * var claimIdentity = new ClaimsIdentity("fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * * // ACT * var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal); * * // ASSERTS * Assert.NotNull(result); * Assert.True(result.RedirectInstruction.Action.Equals(Core.Results.IdentityServerEndPoints.ConsentIndex)); * } * * [Fact] * public void When_TryingToRequestAuthorization_And_ExplicitySpecify_PromptConsent_But_The_User_IsNotAuthenticated_Then_Redirect_To_Consent_Screen() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * Prompt = "consent" * }; * * // ACT * var result = _processAuthorizationRequest.Process(authorizationParameter, null); * * // ASSERTS * Assert.NotNull(result); * Assert.True(result.RedirectInstruction.Action.Equals(Core.Results.IdentityServerEndPoints.AuthenticateIndex)); * } * * [Fact] * public void When_TryingToRequestAuthorization_And_TheUserIsAuthenticated_And_He_Already_Gave_HisConsent_Then_The_AuthorizationCode_Is_Passed_To_The_Callback() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string subject = "*****@*****.**"; * const string redirectUrl = "http://localhost"; * FakeFactories.FakeDataSource.Consents.Add(new Consent * { * ResourceOwner = new ResourceOwner * { * Id = subject * }, * GrantedScopes = new List<Scope> * { * new Scope * { * Name = "openid" * } * }, * Client = FakeFactories.FakeDataSource.Clients.First() * }); * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * Prompt = "none" * }; * * var claims = new List<Claim> * { * new Claim(Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject) * }; * var claimIdentity = new ClaimsIdentity(claims, "fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * * // ACT * var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal); * * // ASSERTS * Assert.NotNull(result); * Assert.True(result.Type.Equals(TypeActionResult.RedirectToCallBackUrl)); * Assert.True(result.RedirectInstruction.Parameters.Count().Equals(0)); * } * #endregion * #region TEST THE LOGIN * * [Fact] * public void When_Executing_Correct_Authorization_Request_Then_Events_Are_Logged() * { * // ARRANGE * InitializeMockingObjects(); * const string state = "state"; * const string clientId = "MyBlog"; * const string redirectUrl = "http://localhost"; * const long maxAge = 300; * var currentDateTimeOffset = DateTimeOffset.UtcNow.ConvertToUnixTimestamp(); * currentDateTimeOffset -= maxAge + 100; * var authorizationParameter = new AuthorizationParameter * { * ClientId = clientId, * State = state, * Prompt = "none", * RedirectUrl = redirectUrl, * Scope = "openid", * ResponseType = "code", * MaxAge = 300 * }; * * var jsonAuthorizationParameter = authorizationParameter.SerializeWithJavascript(); * * var claims = new List<Claim> * { * new Claim(ClaimTypes.AuthenticationInstant, currentDateTimeOffset.ToString()) * }; * var claimIdentity = new ClaimsIdentity(claims, "fake"); * var claimsPrincipal = new ClaimsPrincipal(claimIdentity); * * // ACT * var result = _processAuthorizationRequest.Process(authorizationParameter, claimsPrincipal); * * // ASSERTS * Assert.NotNull(result); * Assert.True(result.RedirectInstruction.Action.Equals(IdentityServerEndPoints.AuthenticateIndex)); * _simpleIdentityServerEventSource.Verify(s => s.StartProcessingAuthorizationRequest(jsonAuthorizationParameter)); * _simpleIdentityServerEventSource.Verify(s => s.EndProcessingAuthorizationRequest(jsonAuthorizationParameter, "RedirectToAction", "AuthenticateIndex")); * } * #endregion */ private void InitializeMockingObjects() { var clientValidator = new ClientValidator(); _simpleIdentityServerConfiguratorStub = new Mock <IConfigurationService>(); _oauthEventSource = new Mock <IOAuthEventSource>(); var scopeRepository = new Mock <IScopeRepository>(); var clientRepository = new Mock <IClientRepository>(); var consentRepository = new Mock <IConsentRepository>(); var jsonWebKeyRepository = new Mock <IJsonWebKeyRepository>(); var parameterParserHelper = new ParameterParserHelper(scopeRepository.Object); var scopeValidator = new ScopeValidator(parameterParserHelper); var actionResultFactory = new ActionResultFactory(); var consentHelper = new ConsentHelper(consentRepository.Object, parameterParserHelper); var aesEncryptionHelper = new AesEncryptionHelper(); var jweHelper = new JweHelper(aesEncryptionHelper); var jweParser = new JweParser(jweHelper); var createJwsSignature = new CreateJwsSignature(new CngKeySerializer()); var jwsParser = new JwsParser(createJwsSignature); var jsonWebKeyConverter = new JsonWebKeyConverter(); var httpClientFactory = new Mock <IHttpClientFactory>(); var jwtParser = new JwtParser( jweParser, jwsParser, httpClientFactory.Object, clientRepository.Object, jsonWebKeyConverter, jsonWebKeyRepository.Object); var claimsMapping = new ClaimsMapping(); var jwsGenerator = new JwsGenerator(createJwsSignature); var jweGenerator = new JweGenerator(jweHelper); _authenticationContextclassReferenceRepositoryStub = new Mock <IAuthenticationContextclassReferenceRepository>(); _processAuthorizationRequest = new ProcessAuthorizationRequest( parameterParserHelper, clientValidator, scopeValidator, actionResultFactory, consentHelper, jwtParser, _simpleIdentityServerConfiguratorStub.Object, _oauthEventSource.Object, _authenticationContextclassReferenceRepositoryStub.Object); _jwtGenerator = new JwtGenerator(_simpleIdentityServerConfiguratorStub.Object, clientRepository.Object, clientValidator, jsonWebKeyRepository.Object, scopeRepository.Object, claimsMapping, parameterParserHelper, jwsGenerator, jweGenerator); }
public void Encryption_With_Text_Success() { EncryptionConfiguration encryptionConfiguration = new EncryptionConfiguration(DefaultKey); IAesEncryptionHelper aesEncryptionHelper = new AesEncryptionHelper(encryptionConfiguration); var text = "aesEncrypt"; var encrypted = aesEncryptionHelper.Encrypt(text); Assert.NotNull(encrypted); Assert.NotEmpty(encrypted); }
public async Task <ActionResult <JObject> > ExternalLogin([FromBody] JObject data) { string message = data.Value <string>("message"); string key = MixService.GetConfig <string>(MixAppSettingKeywords.ApiEncryptKey); string decryptMsg = AesEncryptionHelper.DecryptString(message, key); var model = JsonConvert.DeserializeObject <RegisterExternalBindingModel>(decryptMsg); RepositoryResponse <JObject> loginResult = await _idService.ExternalLogin(model); if (loginResult.IsSucceed) { return(Ok(loginResult.Data)); } return(BadRequest(loginResult.Errors)); }
public void CanDecryptDateString() { var key = new byte[] { 54, 109, 249, 186, 109, 210, 209, 44, 94, 28, 227, 232, 73, 86, 128, 186 }; var data = new byte[] { 123, 28, 227, 85, 79, 126, 149, 28, 211, 96, 199, 192, 105, 149, 76, 231, 8, 136, 51, 141, 139, 44, 0, 230, 228, 116, 12, 145, 132, 157, 5, 123, 235, 247, 232, 244, 36, 217, 73, 147, 157, 124, 27, 143, 255, 79, 220, 194 }; var output = AesEncryptionHelper.Decrypt(data, key); Assert.Equal("D:20180808103317-07'00'", OtherEncodings.BytesAsLatin1String(output)); }
public void Fail_To_Decrypt() { var plainText = "https://www.nsa.gov/"; AesEncryptionHelper.CipherKey = null; var cipherText = _encryptionHelper.EncryptAsBase64(plainText); Assert.AreNotEqual(plainText, cipherText); AesEncryptionHelper.CipherKey = AesEncryptionHelper.GenerateCipherKey();//this will yield the wrong key that was used to encrypt Assert.Throws <CryptographicException>(() => { var decryptedText = _encryptionHelper.DecryptAsBase64(cipherText); }); }
public override MixPostAttributeValue ParseModel(MixCmsContext _context = null, IDbContextTransaction _transaction = null) { if (string.IsNullOrEmpty(Id)) { Id = Guid.NewGuid().ToString(); CreatedDateTime = DateTime.UtcNow; } if (Field.IsEncrypt && !string.IsNullOrEmpty(StringValue)) { if (string.IsNullOrEmpty(EncryptValue)) { EncryptKey = Guid.NewGuid().ToString("N"); EncryptValue = AesEncryptionHelper.EncryptString(StringValue, EncryptKey); } StringValue = string.Empty; } return(base.ParseModel(_context, _transaction)); }
public async Task Decrypt_EncryptedString_GetsOriginalValue() { //Arrange var fakeEncryptionOptionsMonitor = Substitute.For <IOptionsMonitor <EncryptionOptions> >(); fakeEncryptionOptionsMonitor .CurrentValue .Returns(new EncryptionOptions() { Pepper = "VQpYmtjVlH$Ys#llTcP9fwPCkzTxs1%f" }); var aesEncryptionHelper = new AesEncryptionHelper(fakeEncryptionOptionsMonitor); //Act var data = await aesEncryptionHelper.EncryptAsync("some-data"); //Assert Assert.AreEqual("some-data", await aesEncryptionHelper.DecryptAsync(data)); }
public async Task <ActionResult> Login([FromBody] JObject data) { string message = data.Value <string>("message"); string key = MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey); string decryptMsg = AesEncryptionHelper.DecryptString(message, key); if (!string.IsNullOrEmpty(decryptMsg)) { var model = JsonConvert.DeserializeObject <LoginViewModel>(decryptMsg); RepositoryResponse <JObject> loginResult = new RepositoryResponse <JObject>(); loginResult = await _idService.Login(model); if (loginResult.IsSucceed) { return(Ok(loginResult.Data)); } return(BadRequest(loginResult.Errors)); } return(BadRequest()); }
public JObject SaveEncrypt([FromBody] RequestEncrypted request) { //var key = Convert.FromBase64String(request.Key); //Encoding.UTF8.GetBytes(request.Key); //var iv = Convert.FromBase64String(request.IV); //Encoding.UTF8.GetBytes(request.IV); string encrypted = string.Empty; string decrypt = string.Empty; if (!string.IsNullOrEmpty(request.PlainText)) { encrypted = AesEncryptionHelper.EncryptStringToBytes_Aes(new JObject()).ToString(); } if (!string.IsNullOrEmpty(request.Encrypted)) { //decrypt = SioService.DecryptStringFromBytes_Aes(request.Encrypted, request.Key, request.IV); } JObject data = new JObject( new JProperty("key", request.Key), new JProperty("encrypted", encrypted), new JProperty("plainText", decrypt)); return data; }
public async Task <JObject> GetAuthData(ApplicationUser user, bool rememberMe) { var rsaKeys = RSAEncryptionHelper.GenerateKeys(); var aesKey = AesEncryptionHelper.GenerateCombinedKeys(256); var token = await GenerateAccessTokenAsync(user, rememberMe, aesKey, rsaKeys[MixConstants.CONST_RSA_PUBLIC_KEY]); if (token != null) { token.Info = new MixUserViewModel(user); await token.Info.LoadUserDataAsync(); var plainText = JObject.FromObject(token).ToString(Formatting.None).Replace("\r\n", string.Empty); var encryptedInfo = AesEncryptionHelper.EncryptString(plainText, aesKey); var resp = new JObject() { new JProperty("k", aesKey), new JProperty("rpk", rsaKeys[MixConstants.CONST_RSA_PRIVATE_KEY]), new JProperty("data", encryptedInfo) }; return(resp); } return(default);
public async Task Encrypt_SameDataEncryptedTwice_ContainsDifferentBytesDueToSalt() { //Arrange var fakeEncryptionOptionsMonitor = Substitute.For <IOptionsMonitor <EncryptionOptions> >(); fakeEncryptionOptionsMonitor .CurrentValue .Returns(new EncryptionOptions() { Pepper = "VQpYmtjVlH$Ys#llTcP9fwPCkzTxs1%f" }); var aesEncryptionHelper = new AesEncryptionHelper(fakeEncryptionOptionsMonitor); //Act var data1 = await aesEncryptionHelper.EncryptAsync("some-data"); var data2 = await aesEncryptionHelper.EncryptAsync("some-data"); //Assert Assert.AreNotEqual( Convert.ToBase64String(data1), Convert.ToBase64String(data2)); }
public void Generate_Key() { var key = AesEncryptionHelper.GenerateCipherKey(); }
public JObject Decrypt([FromBody] EncryptDataDto requestDto) { var key = requestDto.Key ?? MixService.GetAppSetting <string>(MixAppSettingKeywords.ApiEncryptKey); return(JObject.Parse(AesEncryptionHelper.DecryptString(requestDto.StringData, key))); }