public void AddSigningCredential_with_json_web_key_containing_asymmetric_key_should_succeed() { IServiceCollection services = new ServiceCollection(); IIdentityServerBuilder identityServerBuilder = new IdentityServerBuilder(services); String json = @"{ ""alg"" : ""RS256"", ""kty"" : ""RSA"", ""use"" : ""sig"", ""d"" : ""KGGNkbbgm2hNMqW6fP1fmcWwEBy77WOJIPAXnDJ0KxNTtqDF8K5ULj7EElHO1A8ZnNl1Ey/x//G9lJCOQUU9wmj010dOSsW0NBbR5NtRtLLuVbkVdyft53PGeTQs+1S3c51fz9jojtNqmlfXSANPFOH6QhxmzpTx3KLsf/TpCzblkSrEGOOqCCvVdl7ybTcB230jNhh3JoL7po1rvxKtoOM4a/Bs0NtKj7e+VaHcf0GLnBPJYetsHu43ZfNejJeDoouaXZzeVEklY3B0pe10OTCIOu0JUKGZxNekklRIo1WSEYdL+CJfrSKWIv8bLj6xSr5zrASvWODyH443LN6ZvQ=="", ""e"" : ""AQAB"", ""n"" : ""q7mZfquRq8tzg/5slbNdQmrosNN/mFXS25dbSPm11qEDCgZa452KkO8+hvMtqa92QaqdlmalSF8+FRDOz3grDR5NtmnXZxuKnp+raKfzpC6hCvh2JSIe/J9enmsMM4YeI4d1FOSDwhJlZIYMdMnqG/VJtO1LSHjOaF3XN31ANKF0nPAsmr2/WysiQlxnxxiikLEnsFuNdS615ODDXFGTQ1E+zc4zVur4/Ox0cllPwHPA4PqoIgdPJPL+xM9IOIXuAGtsp4CYoxT6VWaRrALIZXXDY806WGTuctq4KKot6FGL9HQte2hRLl4E/r8SzIK86U3wRwrBe7saK+XUXoP0gQ="", ""p"" : ""25dkucyCSqxRcJpRrhl7PXqw7wqBZeLQgYlZLpK493PdM8pFfq+/LK1hFtxIjdFKqXS/TOikB4YCBMEH0Im3HZ8Lo0dub3SWNhdegJyRjMbcoO+A9YSODEj7DFaNpZtdmtDi1n6etJm66ctPSR20NNpzoYZuaJ92fVQiKiOh6Qs="", ""q"" : ""yDKBrS8l1DOx4dwP9hdwhqZJ3XahidiIZSL7m46I/6+cjaki/1mtNiA60MOgqTKegP7Fo7jAYvliqQwnvVGmQvLv19cfKywlIuKN9DdkLHnKh75hfo7aakEbO7GJ5zVgsNnKOdf8wvpclfvIuRDEVva4cksPzsJy6K7C8ENCSCM="", ""dp"" : ""GlYJ6o6wgawxCEQ5z5uWwETau5CS/Fk7kI2ceI14SZVHzlJQC2WglAcnQcqhmQCk57Xsy5iLM6vKyi8sdMJPh+nvR2HlyNA+w7YBy4L7odqn01VmLgv7zVVjZpNq4ZXEoDC1Q+xjtF1LoYaUt7wsRLp+a7znuPyHBXj1sAAeBwk="", ""dq"" : ""W8OK3S83T8VCTBzq1Ap6cb3XLcQq11yBaJpYaj0zXr/IKsbUW+dnFeBAFWEWS3gAX3Bod1tAFB3rs0D3FjhO1XE1ruHUT520iAEAwGiDaj+JLh994NzqELo3GW2PoIM/BtFNeKYgHd9UgQsgPnQJCzOb6Aev/z3yHeW9RRQPVbE="", ""qi"" : ""w4KdmiDN1GtK71JxaasqmEKPNfV3v2KZDXKnfyhUsdx/idKbdTVjvMOkxFPJ4FqV4yIVn06f3QHTm4NEG18Diqxsrzd6kXQIHOa858tLsCcmt9FoGfrgCFgVceh3K/Zah/r8rl9Y61u0Z1kZumwMvFpFE+mVU01t9HgTEAVkHTc="", }"; JsonWebKey jsonWebKey = new JsonWebKey(json); SigningCredentials credentials = new SigningCredentials(jsonWebKey, jsonWebKey.Alg); identityServerBuilder.AddSigningCredential(credentials); }
public void AddSigningCredential_with_invalid_curve_should_throw_exception(string curveOid, string alg) { IServiceCollection services = new ServiceCollection(); IIdentityServerBuilder identityServerBuilder = new IdentityServerBuilder(services); var key = new ECDsaSecurityKey(ECDsa.Create( ECCurve.CreateFromOid(Oid.FromOidValue(curveOid, OidGroup.All)))); Assert.Throws <InvalidOperationException>(() => identityServerBuilder.AddSigningCredential(key, alg)); }
public void AddSigningCredential_with_valid_curve_should_succeed(string curveOid, string alg) { IServiceCollection services = new ServiceCollection(); IIdentityServerBuilder identityServerBuilder = new IdentityServerBuilder(services); var key = new ECDsaSecurityKey(ECDsa.Create( ECCurve.CreateFromOid(Oid.FromOidValue(curveOid, OidGroup.All)))); identityServerBuilder.AddSigningCredential(key, alg); }
public void AddSigningCredential_with_json_web_key_containing_symmetric_key_should_throw_exception() { IServiceCollection services = new ServiceCollection(); IIdentityServerBuilder identityServerBuilder = new IdentityServerBuilder(services); String json = @"{ ""alg"" : ""HS256"", ""kty"" : ""oct"", ""use"" : ""sig"", ""k"" : ""y5FHaQFtC294HLAtPXAcMkxZ5gHzCq24223vSYQUrDuu-3CUw7UzPru-AX30ubeB2IM_gUsNQ80bX22wwSk_3LC6XxYxqeGJZSeoQqHG0VNbaWCVkqeuB_HOiL1-ksPfGT-o8_A_Uv-6zi2NaEOYpnIyff5LpdW__LhiE-bhIenaw7GhoXSAfsGEZfNZpUUOU35NAiN2dv0T5vptb87wkL1I2zLhV0pdLvWsDWgQPINEa8bbCA_mseBYpB1eioZvt0TZbp6CL9tiEoiikYV_F3IutrJ2SOWYtDNFeQ3sbyYP7zTzh9a2eyaM8ca5_q3qosI92AbZ7WpEFLa9cZ_O7g"" }"; JsonWebKey jsonWebKey = new JsonWebKey(json); SigningCredentials credentials = new SigningCredentials(jsonWebKey, jsonWebKey.Alg); Assert.Throws <InvalidOperationException>(() => identityServerBuilder.AddSigningCredential(credentials)); }
public void AddSigningCredential_with_invalid_crv_value_should_throw_exception(string curveOid, string alg, string crv) { IServiceCollection services = new ServiceCollection(); IIdentityServerBuilder identityServerBuilder = new IdentityServerBuilder(services); var key = new ECDsaSecurityKey(ECDsa.Create( ECCurve.CreateFromOid(Oid.FromOidValue(curveOid, OidGroup.All)))); var parameters = key.ECDsa.ExportParameters(true); var jsonWebKeyFromECDsa = new JsonWebKey() { Kty = JsonWebAlgorithmsKeyTypes.EllipticCurve, Use = "sig", Kid = key.KeyId, KeyId = key.KeyId, X = Base64UrlEncoder.Encode(parameters.Q.X), Y = Base64UrlEncoder.Encode(parameters.Q.Y), D = Base64UrlEncoder.Encode(parameters.D), Crv = crv.Replace("-", string.Empty), Alg = SecurityAlgorithms.EcdsaSha256 }; Assert.Throws <InvalidOperationException>(() => identityServerBuilder.AddSigningCredential(jsonWebKeyFromECDsa, alg)); }
private static IServiceCollection AddIdentityServer( this IServiceCollection services, Core.IdentityServerOptions identityServerOptions, bool isDevelopment, Action <IdentityServer4.Configuration.IdentityServerOptions> identityServerOptionsAction, Action <ConfigurationStoreOptions> configurationStoreOptionsAction, Action <OperationalStoreOptions> operationalStoreOptionsAction, Action <IdentityOptions> identityOptionsAction, Action <AspNetCore.Authentication.AuthenticationOptions> authenticationOptionsAction, Action <IdentityServerAuthenticationOptions> identityServerAuthenticationOptionsAction, Action <FacebookOptions> facebookOptionsAction) { DefaultInboundClaimTypeMap.Clear(); DefaultOutboundClaimTypeMap.Clear(); var builder = new IdentityServerBuilder(services); identityServerOptionsAction = identityServerOptionsAction ?? (_ => { }); builder.Services.Configure <SecurityStampValidatorOptions>(opts => { opts.OnRefreshingPrincipal = UpdatePrincipal; }); builder.Services.ConfigureApplicationCookie(options => { options.Cookie.IsEssential = true; options.Cookie.SameSite = None; }); builder.Services.ConfigureExternalCookie(options => { options.Cookie.IsEssential = true; options.Cookie.SameSite = None; }); builder.Services.Configure <CookieAuthenticationOptions>(TwoFactorRememberMeScheme, options => { options.Cookie.IsEssential = true; }); builder.Services.Configure <CookieAuthenticationOptions>(TwoFactorUserIdScheme, options => { options.Cookie.IsEssential = true; }); builder.Services.Configure(identityServerOptionsAction); builder.Services.AddIdentityServer(); if (identityServerOptions.UseEntityFramework) { builder.Services.AddEntityFramework(configurationStoreOptionsAction, operationalStoreOptionsAction); builder.AddConfigurationStore <IdentityServerDbContext>(configurationStoreOptionsAction); builder.AddOperationalStore <IdentityServerDbContext>(operationalStoreOptionsAction); } if (identityServerOptions.UseIdentity) { builder.Services.AddIdentity(identityServerOptions, identityOptionsAction); builder.AddAspNetIdentity <User>(); } if (identityServerOptions.UseAuthentication) { builder.Services.AddAuthentication( identityServerOptions, authenticationOptionsAction, identityServerAuthenticationOptionsAction, facebookOptionsAction); } if (isDevelopment) { builder.AddDeveloperSigningCredential(); } else { if (!IsNullOrWhiteSpace(identityServerOptions.SigningCredential)) { var rawData = FromBase64String(identityServerOptions.SigningCredential); var cert = new X509Certificate2(rawData, default(string), MachineKeySet); builder.AddSigningCredential(cert); } if (!IsNullOrWhiteSpace(identityServerOptions.ValidationKey)) { var rawData = FromBase64String(identityServerOptions.ValidationKey); var cert = new X509Certificate2(rawData, default(string), MachineKeySet); builder.AddValidationKey(cert); } builder.AddConfigurationStoreCache(); } return(builder.Services); }