public void OnJwksRefreshed() { var key128 = SymmetricJwk.GenerateKey(128); var key192 = SymmetricJwk.GenerateKey(192); var key256 = SymmetricJwk.GenerateKey(256); var key384 = SymmetricJwk.GenerateKey(384); var key512 = SymmetricJwk.GenerateKey(512); var oldJwks = new Jwks("issuer1") { key128, key192, key256 }; var newJwks = new Jwks() { key128, key256, key384, key512 }; Jwks.OnJwksRefreshed += Jwks_OnJwksRefreshed; try { Jwks.PublishJwksRefreshed(oldJwks, newJwks); } finally { Jwks.OnJwksRefreshed -= Jwks_OnJwksRefreshed; } }
public static JObject Validate(string token, Jwks jwks, string issuer, string audience) { var cryptoServiceProvider = new RSACryptoServiceProvider(); cryptoServiceProvider.ImportParameters(new RSAParameters() { Modulus = FromBase64Url(jwks.Keys[0].Modulus), Exponent = FromBase64Url(jwks.Keys[0].Exponent) }); var validationParameters = new TokenValidationParameters { RequireExpirationTime = true, RequireSignedTokens = true, ValidateAudience = true, ValidateIssuer = true, ValidateLifetime = true, ValidIssuer = issuer, ValidAudience = audience, IssuerSigningKey = new RsaSecurityKey(cryptoServiceProvider) }; SecurityToken validatedSecurityToken; var handler = new JwtSecurityTokenHandler(); handler.ValidateToken(token, validationParameters, out validatedSecurityToken); var validatedJwt = validatedSecurityToken as JwtSecurityToken; var claims = new JObject(); validatedJwt?.Claims.ToList().ForEach(c => claims.Add(c.Type, c.Value)); return(claims); }
public void GetKeyFromKid() { var key128 = SymmetricJwk.GenerateKey(128); key128.Kid = JsonEncodedText.Encode("key128"); var key192 = SymmetricJwk.GenerateKey(192); key192.Kid = JsonEncodedText.Encode("key192"); var key256 = SymmetricJwk.GenerateKey(256); key256.Kid = JsonEncodedText.Encode("key256"); var jwks = new Jwks("issuer1") { key128, key192, key256 }; Assert.Null(jwks["XXX"]); Assert.Null(jwks[JsonEncodedText.Encode("XXX")]); Assert.Equal(key128, jwks["key128"]); Assert.Equal(key128, jwks[key128.Kid]); Assert.Equal(key192, jwks["key192"]); Assert.Equal(key192, jwks[key192.Kid]); Assert.Equal(key256, jwks["key256"]); Assert.Equal(key256, jwks[key256.Kid]); }
public Metadata(OidcSettings settings) { Issuer = settings.Issuer; MetadataEndpoint = settings.MetadataEndpoint; Endpoints = settings.Endpoints ?? new OpenidEndpoints(); Jwks = settings.Jwks; }
private static void OnKeysRefreshed(Jwks added, Jwks removed) { Console.WriteLine("This key has been refreshed."); Console.WriteLine("Removed:"); Console.WriteLine(removed); Console.WriteLine("Added:"); Console.WriteLine(added); }
/// <summary>Initializes a new instance of <see cref="StaticKeyProvider"/>.</summary> public StaticKeyProvider(Jwks jwks) { if (jwks is null) { ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwks); } _jwks = jwks; }
private void Jwks_OnJwksRefreshed(Jwks added, Jwks removed) { Assert.Equal(2, added.Count); Assert.Contains(added, k => k.KeySizeInBits == 384); Assert.Contains(added, k => k.KeySizeInBits == 512); Assert.Equal(1, removed.Count); Assert.Contains(removed, k => k.KeySizeInBits == 192); }
public void Add() { var jwks = new Jwks("issuer1"); Assert.Equal(0, jwks.Count); jwks.Add(SymmetricJwk.GenerateKey(128)); Assert.Equal(1, jwks.Count); Assert.Throws <ArgumentNullException>(() => jwks.Add(null)); }
public void SuccessfulResourceOwnerAuthentication() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), Fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid", "offline" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; Assert.NotNull(result); }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = Jwks.GetSigningKeys(), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "and has valid id token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKey = TestKeys.SecretKey.CreateJwk( JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.IdToken, validationParameters, out _); }); }
public void ReadJwks_Invalid(string json) { try { Jwks.FromJson(json); Assert.False(true, "Expected to throw an exception."); } catch (Exception e) { Assert.IsAssignableFrom <Exception>(e); } }
private static void InterceptKeyRefreshedEvent() { Jwks.OnJwksRefreshed += OnKeysRefreshed; var jwks = new Jwks { SymmetricJwk.GenerateKey(128), SymmetricJwk.GenerateKey(128), SymmetricJwk.GenerateKey(128), SymmetricJwk.GenerateKey(128) }; Jwks.PublishJwksRefreshed(new Jwks(), jwks); }
public void Vakidate() { var key128 = SymmetricJwk.GenerateKey(128); var key192 = SymmetricJwk.GenerateKey(192); var key256 = SymmetricJwk.GenerateKey(256); var jwks = new Jwks("issuer1") { key128, key192, key256 }; jwks.Validate(); }
public void Ctor() { Assert.Throws <ArgumentNullException>(() => new Jwks((Jwk)null)); Assert.Throws <ArgumentNullException>(() => new Jwks((IList <Jwk>)null)); Assert.Throws <ArgumentNullException>(() => new Jwks((string)null)); Assert.Throws <ArgumentNullException>(() => new Jwks((string)null, Jwk.None)); Assert.Throws <ArgumentNullException>(() => new Jwks("issuer", (Jwk)null)); Assert.Throws <ArgumentNullException>(() => new Jwks((string)null, new List <Jwk> { Jwk.None })); Assert.Throws <ArgumentNullException>(() => new Jwks("issuer", (IList <Jwk>)null)); var jwks = new Jwks("issuer1"); Assert.Equal("issuer1", jwks.Issuer); }
public void Contains() { var key128 = SymmetricJwk.GenerateKey(128); var key192 = SymmetricJwk.GenerateKey(192); var key256 = SymmetricJwk.GenerateKey(256); var key512 = SymmetricJwk.GenerateKey(512); var jwks = new Jwks("issuer1") { key128, key192, key256 }; Assert.Contains(key128, jwks); Assert.Contains(key192, jwks); Assert.Contains(key256, jwks); Assert.DoesNotContain(key512, jwks); Assert.DoesNotContain(null, jwks); }
public KeyFixture() { Jwks = new Jwks(); SigningKey = CreateSigningKey(); Jwks.Add(SigningKey); EncryptionKey = CreateEncryptionKey(); Jwks.Add(EncryptionKey); Jwks.Add(PrivateRsa2048Key); #if !NET461 Jwks.Add(PrivateEcc256Key); Jwks.Add(PrivateEcc384Key); Jwks.Add(PrivateEcc512Key); #endif Jwks.Add(Symmetric128Key); Jwks.Add(Symmetric192Key); Jwks.Add(Symmetric256Key); Jwks.Add(Symmetric384Key); Jwks.Add(Symmetric512Key); }
public void Remove() { var key128 = SymmetricJwk.GenerateKey(128); var key192 = SymmetricJwk.GenerateKey(192); var key256 = SymmetricJwk.GenerateKey(256); var key512 = SymmetricJwk.GenerateKey(512); var jwks = new Jwks("issuer1") { key128, key192, key256 }; Assert.Equal(3, jwks.Count); jwks.Remove(key192); Assert.Equal(2, jwks.Count); jwks.Remove(key512); Assert.Equal(2, jwks.Count); Assert.Throws <ArgumentNullException>(() => jwks.Remove(null)); }
public static JObject Validate(string token, Jwks jwks, string issuer, string audience) { RSACryptoServiceProvider cryptoServiceProvider = new RSACryptoServiceProvider(); cryptoServiceProvider.ImportParameters(new RSAParameters() { Modulus = FromBase64Url(jwks.Keys[0].Modulus), Exponent = FromBase64Url(jwks.Keys[0].Exponent) }); string json; try { json = JWT.Decode(token, (object)cryptoServiceProvider); } catch (Exception ex) { throw new TokenValidationException("Invalid signature.", ex); } var claims = JObject.Parse(json); //Ignore other validations in case of refresh token if (claims["token_type"].ToString().Equals("refresh_token", StringComparison.OrdinalIgnoreCase)) { return(claims); } if (claims["token_type"].ToString().Equals("logout_token", StringComparison.OrdinalIgnoreCase)) { ValidateLogoutToken(claims, issuer, audience); } else //if token type is access_token or id_token { ValidateAccessToken(claims, issuer, audience); } return(claims); }
public void SuccessfulClientCredentialsAuthentication() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = Jwks.GetSigningKeys(), ValidAudience = "clientCredentials", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out _); }); }
public void ReadJwks_Kid(string issuer, string json) { var jwks = Jwks.FromJson(issuer, json); var unidentifiedKeys = jwks.Where(k => k.Kid.EncodedUtf8Bytes.IsEmpty); var identifiedKeys = jwks .GroupBy(k => k.Kid) .Where(k => !k.Key.EncodedUtf8Bytes.IsEmpty) .ToDictionary(k => k.Key, k => k.Concat(unidentifiedKeys).ToArray()).ToArray(); Assert.Equal(identifiedKeys.Length, jwks.GetIdentifiedKeys().Length); foreach (var item in identifiedKeys) { Assert.Contains(jwks.GetIdentifiedKeys(), k => k.Key.Equals(item.Key)); var item1 = jwks.GetIdentifiedKeys().First(k => k.Key.Equals(item.Key)).Value; var item2 = item.Value; Assert.Equal(item1.Length, item2.Length); for (int i = 0; i < item1.Length; i++) { Assert.Equal(item1[i], item2[i]); } } }
public void ReadJwks_InvalidParameters() { Assert.Throws <ArgumentNullException>(() => Jwks.FromJson(null, "{}")); Assert.Throws <ArgumentNullException>(() => Jwks.FromJson("issuer1", (string)null)); }
public void Dispose() { Jwks.Dispose(); }
public void Tostring(Jwks jwks, string json) { Assert.Equal(json, jwks.ToString()); }
public void ReadJwks_Invalid(string issuer, string json) { Assert.ThrowsAny <Exception>(() => Jwks.FromJson(issuer, json)); }
public static bool IsEmpty(this Jwks keys) => keys?.Keys == null || keys.Keys.Length == 0;
public void ReadJwks_Valid(string json, int count) { var jwks = Jwks.FromJson(json); Assert.Equal(count, jwks.Count); }
public static bool IsNotEmpty(this Jwks keys) => keys?.Keys != null && keys.Keys.Length > 0;
private static void OnKeysRefreshed(Jwks keys) { Console.WriteLine("This key has been refreshed:"); Console.WriteLine(keys); }