public void ConfigureServices(IServiceCollection services) { JsonWebKey sigJsonWebKey; using (var rsa = RSA.Create()) { var json = File.ReadAllText(Path.Combine(_env.ContentRootPath, "openid_key.txt")); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); rsa.Import(dic); sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader())); services.AddMvc(o => o.EnableEndpointRouting = false) .AddNewtonsoftJson(); services.AddAuthorization(opts => opts.AddDefaultOAUTHAuthorizationPolicy()); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(); services.AddSIDOpenID() .AddAcrs(DefaultConfiguration.AcrLst) .AddClients(DefaultConfiguration.Clients, DefaultConfiguration.Scopes) .AddUsers(DefaultConfiguration.Users) .AddJsonWebKeys(new List <JsonWebKey> { sigJsonWebKey }) .AddLoginPasswordAuthentication(); }
private static List <JsonWebKey> GenerateJsonWebKeys() { JsonWebKey sigJsonWebKey; JsonWebKey encJsonWebKey; using (var rsa = RSA.Create()) { sigJsonWebKey = new JsonWebKeyBuilder().NewSign("3", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "PS256").Build(); } using (var rsa = RSA.Create()) { encJsonWebKey = new JsonWebKeyBuilder().NewEnc("4", new[] { KeyOperations.Encrypt, KeyOperations.Decrypt }).SetAlg(rsa, RSAOAEPCEKHandler.ALG_NAME).Build(); } return(new List <JsonWebKey> { sigJsonWebKey, encJsonWebKey }); }
public void ConfigureServices(IServiceCollection services) { JsonWebKey sigJsonWebKey; using (var rsa = RSA.Create()) { var json = File.ReadAllText(Path.Combine(_env.ContentRootPath, "oauth_key.txt")); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); rsa.Import(dic); sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } services.AddMvc(); services.AddAuthorization(opts => opts.AddDefaultOAUTHAuthorizationPolicy()); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(); services.AddSIDOAuth() .AddScopes(DefaultConfiguration.Scopes) .AddClients(DefaultConfiguration.Clients) .AddJsonWebKeys(new List <JsonWebKey> { sigJsonWebKey }); }
public void ConfigureServices(IServiceCollection services) { JsonWebKey oauthJsonWebKey, openidJsonWebKey = ExtractJsonWebKey();; using (var rsa = RSA.Create()) { var json = File.ReadAllText(Path.Combine(_env.ContentRootPath, "oauth_key.txt")); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); rsa.Import(dic); oauthJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } services.Configure <RequestLocalizationOptions>(options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en"), new CultureInfo("fr") }; options.DefaultRequestCulture = new RequestCulture("en"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; }); services.AddLogging(); services.AddMvc(o => o.EnableEndpointRouting = false) .AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix, opts => { opts.ResourcesPath = "Resources"; }) .AddDataAnnotationsLocalization() .AddNewtonsoftJson(); services.AddAuthentication(opts => { opts.DefaultAuthenticateScheme = UMAConstants.SignInScheme; opts.DefaultSignInScheme = UMAConstants.SignInScheme; opts.DefaultChallengeScheme = UMAConstants.ChallengeAuthenticationScheme; }).AddCookie(UMAConstants.SignInScheme).AddOpenIdConnect(UMAConstants.ChallengeAuthenticationScheme, options => { options.ClientId = "umaClient"; options.ClientSecret = "umaClientSecret"; options.Authority = "https://localhost:60000"; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.SaveTokens = true; }); services.AddAuthorization(p => p.AddDefaultOAUTHAuthorizationPolicy()); services.AddSIDUma(options => { options.OpenIdJsonWebKeySignature = openidJsonWebKey; }) .AddClients(DefaultConfiguration.DefaultClients) .AddScopes(DefaultConfiguration.DefaultScopes) .AddJsonWebKeys(new List <JsonWebKey> { oauthJsonWebKey }); }
public void ConfigureServices(IServiceCollection services) { SimpleIdServer.Jwt.JsonWebKey sigJsonWebKey; var json = File.ReadAllText("oauth_key.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); using (var rsa = RSA.Create()) { rsa.Import(dic); sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } services.AddMvc(o => { o.EnableEndpointRouting = false; }).AddNewtonsoftJson(o => { }); services.AddAuthorization(opts => opts.AddDefaultOAUTHAuthorizationPolicy()); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie() .AddJwtBearer(Constants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidAudiences = new List <string> { "gatewayClient" }, ValidateIssuer = false, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); services.AddSIDOAuth(o => { o.ClientSecretExpirationInSeconds = 2; }) .AddClients(DefaultConfiguration.Clients) .AddScopes(DefaultConfiguration.Scopes) .AddJsonWebKeys(new List <SimpleIdServer.Jwt.JsonWebKey> { sigJsonWebKey }); }
private static IServiceCollection AddOAuthStore(this IServiceCollection services) { var jwsGenerator = new JwsGeneratorFactory().BuildJwsGenerator(); JsonWebKey sigJsonWebKey; JsonWebKey encJsonWebKey; using (var rsa = RSA.Create()) { sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } using (var rsa = RSA.Create()) { encJsonWebKey = new JsonWebKeyBuilder().NewEnc("2", new[] { KeyOperations.Encrypt, KeyOperations.Decrypt }).SetAlg(rsa, RSAOAEPCEKHandler.ALG_NAME).Build(); } var jsonWebKeys = new List <JsonWebKey> { sigJsonWebKey, encJsonWebKey }; var clients = new List <OAuthClient>(); var users = new List <OAuthUser>(); var scopes = new List <OAuthScope>(); var tokens = new ConcurrentBag <Token>(); services.TryAddSingleton <IJsonWebKeyQueryRepository>(new DefaultJsonWebKeyQueryRepository(jsonWebKeys)); services.TryAddSingleton <IJsonWebKeyCommandRepository>(new DefaultJsonWebKeyCommandRepository(jsonWebKeys)); services.TryAddSingleton <IOAuthClientQueryRepository>(new DefaultOAuthClientQueryRepository(clients)); services.TryAddSingleton <IOAuthClientCommandRepository>(new DefaultOAuthClientCommandRepository(clients)); services.TryAddSingleton <IOAuthUserQueryRepository>(new DefaultOAuthUserQueryRepository(users)); services.TryAddSingleton <IOAuthUserCommandRepository>(new DefaultOAuthUserCommandRepository(users)); services.TryAddSingleton <IOAuthScopeQueryRepository>(new DefaultOAuthScopeQueryRepository(scopes)); services.TryAddSingleton <IOAuthScopeCommandRepository>(new DefaultOAuthScopeCommandRepository(scopes)); services.TryAddSingleton <ITokenCommandRepository>(new DefaultTokenCommandRepository(tokens)); services.TryAddSingleton <ITokenQueryRepository>(new DefaultTokenQueryRepository(tokens)); return(services); }
private void Init() { var builder = new JsonWebKeyBuilder(); using (var rsa = RSA.Create()) { var sig = builder.NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, RSA256SignHandler.ALG_NAME).Build(); _jsonWebKeys = new[] { sig }; } }
private JsonWebKey ExtractJsonWebKey() { var json = File.ReadAllText(Path.Combine(_env.ContentRootPath, "openid_puk.txt")); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; JsonWebKey sigJsonWebKey; using (var rsa = RSA.Create(rsaParameters)) { sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } return(sigJsonWebKey); }
public void ConfigureServices(IServiceCollection services) { JsonWebKey sigJsonWebKey; using (var rsa = RSA.Create()) { var json = File.ReadAllText("openid_key.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); rsa.Import(dic); sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader())); services.AddMvc(); services.AddAuthorization(opts => opts.AddDefaultOAUTHAuthorizationPolicy()); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(); services.AddSIDOpenID(opt => { }) .AddClients(DefaultConfiguration.Clients) .AddAcrs(DefaultConfiguration.AcrLst) .AddUsers(DefaultConfiguration.Users) .AddScopes(DefaultConfiguration.Scopes) .AddJsonWebKeys(new List <JsonWebKey> { sigJsonWebKey }) .AddLoginPasswordAuthentication(); services.Configure <ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; }); }
private void InitializeDatabase(IApplicationBuilder app) { using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope()) { using (var context = scope.ServiceProvider.GetService <OAuthDBContext>()) { context.Database.Migrate(); if (context.OAuthClients.Any()) { return; } var json = File.ReadAllText("oauth_key.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; SimpleIdServer.Jwt.JsonWebKey sigJsonWebKey; using (var rsa = RSA.Create()) { rsa.Import(dic); sigJsonWebKey = new JsonWebKeyBuilder().NewSign("1", new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, "RS256").Build(); } context.OAuthClients.AddRange(DefaultConfiguration.Clients); context.OAuthScopes.AddRange(DefaultConfiguration.Scopes); context.JsonWebKeys.Add(sigJsonWebKey); context.SaveChanges(); } } }
public void When_Build_Jwe_Then_Can_Decrypt_Into_Jws() { const string payload = "xml"; // ARRANGE InitializeFakeObjects(); JsonWebKey rsaJsonWebKey; using (var rsa = RSA.Create()) { rsaJsonWebKey = new JsonWebKeyBuilder().NewEnc("keyId", new[] { KeyOperations.Encrypt }).SetAlg(rsa, RSAOAEPCEKHandler.ALG_NAME).Build(); } // ACT var encrypted = _jweGenerator.Build(payload, RSAOAEPCEKHandler.ALG_NAME, A192CBCHS384EncHandler.ENC_NAME, rsaJsonWebKey); var decrypted = _jweGenerator.Decrypt(encrypted, rsaJsonWebKey); // ASSERT Assert.Equal(payload, decrypted); }
public void When_Generate_Jws_And_Check_Signature_Then_True_Is_Returned() { // ARRANGE InitializeFakeObjects(); JsonWebKey rsaJsonWebKey, ecJsonWebKey, hmac256JsonWebKey; using (var rsa = RSA.Create()) { rsaJsonWebKey = new JsonWebKeyBuilder().NewSign("keyId", new[] { KeyOperations.Sign }).SetAlg(rsa, "RS256").Build(); } using (var ec = new ECDsaCng()) { ecJsonWebKey = new JsonWebKeyBuilder().NewSign("keyId", new[] { KeyOperations.Sign }).SetAlg(ec, "ES256").Build(); } using (var hmac = new HMACSHA256()) { hmac256JsonWebKey = new JsonWebKeyBuilder().NewSign("keyId", new[] { KeyOperations.Sign }).SetAlg(hmac, "HS256").Build(); } var payload = new JObject(); payload.Add("sub", "thabart"); // ACT var rsa256JWS = _jwsGenerator.Build(payload.ToString(), "RS256", rsaJsonWebKey); var rsa384JWS = _jwsGenerator.Build(payload.ToString(), "RS384", rsaJsonWebKey); var rsa512JWS = _jwsGenerator.Build(payload.ToString(), "RS512", rsaJsonWebKey); var ec256JWS = _jwsGenerator.Build(payload.ToString(), "ES256", ecJsonWebKey); var ec384JWS = _jwsGenerator.Build(payload.ToString(), "ES384", ecJsonWebKey); var ec512JWS = _jwsGenerator.Build(payload.ToString(), "ES512", ecJsonWebKey); var hs256JWS = _jwsGenerator.Build(payload.ToString(), "HS256", hmac256JsonWebKey); var hs384JWS = _jwsGenerator.Build(payload.ToString(), "HS384", hmac256JsonWebKey); var hs512JWS = _jwsGenerator.Build(payload.ToString(), "HS512", hmac256JsonWebKey); var isRSA256JWSValid = _jwsGenerator.Check(rsa256JWS, rsaJsonWebKey); var isRSA384JWSValid = _jwsGenerator.Check(rsa384JWS, rsaJsonWebKey); var isRSA512JWSValid = _jwsGenerator.Check(rsa512JWS, rsaJsonWebKey); var isEC256JWSValid = _jwsGenerator.Check(ec256JWS, ecJsonWebKey); var isEC384JWSValid = _jwsGenerator.Check(ec384JWS, ecJsonWebKey); var isEC512JWSValid = _jwsGenerator.Check(ec512JWS, ecJsonWebKey); var isHS256JWSValid = _jwsGenerator.Check(hs256JWS, hmac256JsonWebKey); var isHS384JWSValid = _jwsGenerator.Check(hs384JWS, hmac256JsonWebKey); var isHS512JWSValid = _jwsGenerator.Check(hs512JWS, hmac256JsonWebKey); // ASSERT Assert.True(isRSA256JWSValid); Assert.True(isRSA384JWSValid); Assert.True(isRSA512JWSValid); Assert.True(isEC256JWSValid); Assert.True(isEC384JWSValid); Assert.True(isEC512JWSValid); Assert.True(isHS256JWSValid); Assert.True(isHS384JWSValid); Assert.True(isHS512JWSValid); }
private static IEnumerable <JsonWebKey> ExtractJsonWebKeys(Table table) { var builder = new JsonWebKeyBuilder(); var jwks = new List <JsonWebKey>(); foreach (var record in table.Rows) { var type = record["Type"]; var kid = record["Kid"]; var algName = record["AlgName"]; JsonWebKey jwk = null; switch (type) { case "SIG": if (algName.StartsWith("ES")) { using (var ec = new ECDsaCng()) { jwk = builder.NewSign(kid, new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(ec, algName).Build(); } } else if (algName.StartsWith("HS")) { using (var hmac = new HMACSHA256()) { jwk = builder.NewSign(kid, new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(hmac, algName).Build(); } } else { using (var rsa = RSA.Create()) { jwk = builder.NewSign(kid, new[] { KeyOperations.Sign, KeyOperations.Verify }).SetAlg(rsa, algName).Build(); } } break; case "ENC": using (var rsa = RSA.Create()) { jwk = builder.NewEnc(kid, new[] { KeyOperations.Encrypt, KeyOperations.Decrypt }).SetAlg(rsa, algName).Build(); } break; } jwks.Add(jwk); } return(jwks); }