public void WithCacheHit_4parameters()
{
_output.Clear();
JwsDescriptor descriptor = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256, "typ", "cty");
descriptor.Encode(new EncodingContext(_output, _enabledCache, 0, false));
}
private static JwsDescriptorWrapper CreateDescriptor(SignatureAlgorithm algorithm)
{
var jwk = algorithm.Category switch
{
Cryptography.AlgorithmCategory.None => Jwk.None,
Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm),
Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
_ => throw new InvalidOperationException()
};
var descriptor = new JwsDescriptor(jwk, algorithm)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
};
return(new JwsDescriptorWrapper(descriptor));
}
}
public void Encode_Decode(string alg)
{
var(signingKey, validationKey) = SelectKeys(alg);
var writer = new JwtWriter();
var descriptor = new JwsDescriptor(signingKey, (SignatureAlgorithm)alg)
{
Payload = new JwtPayload
{
{ "sub", "Alice" }
}
};
var token = writer.WriteTokenString(descriptor);
var policy = new TokenValidationPolicyBuilder()
.RequireSignatureByDefault(validationKey, (SignatureAlgorithm)alg)
.Build();
var result = Jwt.TryParse(token, policy, out var jwt);
Assert.True(result);
Assert.True(jwt.Payload.TryGetClaim("sub", out var sub));
Assert.Equal("Alice", sub.GetString());
jwt.Dispose();
}
private static void FillPayload(KeyValuePair<string, JObject> payload, JwsDescriptor descriptor)
{
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value));
break;
default:
if (property.Value is JArray)
{
var array = new List<string>(((JArray)property.Value).ToObject<string[]>());
descriptor.Audiences = array;
}
else
{
descriptor.AddClaim(property.Name, (string)property.Value);
}
break;
}
}
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor()
{
SigningKey = key,
Algorithm = SignatureAlgorithm.HmacSha256,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = "https://idp.example.com/",
Audience = "636C69656E745F6964"
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public void WithoutCache_2parameters()
{
_output.Clear();
JwsDescriptor descriptor = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256);
descriptor.Encode(new EncodingContext(_output, _disabledCache, 0, false));
}
private static IDictionary <string, JwtDescriptor> CreateDescriptors(IDictionary <string, Dictionary <string, object> > payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey)
{
var descriptors = new Dictionary <string, JwtDescriptor>();
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None);
FillPayload(payload, descriptor);
descriptors.Add("JWT-" + payload.Key, descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm);
FillPayload(payload, descriptor);
descriptors.Add("JWS-" + payload.Key, descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm);
FillPayload(payload, descriptor);
var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
{
Payload = descriptor,
Header = new JwtHeader
{
{ "cty", "JWT" }
}
};
descriptors.Add("JWE-" + payload.Key, jwe);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm);
FillPayload(payload, descriptor);
var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256, CompressionAlgorithm.Def)
{
Payload = descriptor,
Header = new JwtHeader
{
{ "cty", "JWT" }
}
};
descriptors.Add("JWE-DEF-" + payload.Key, jwe);
}
return(descriptors);
}
public void Descriptor_SetInvalidHeader_ThrowException()
{
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None);
Assert.Throws <ArgumentNullException>(() => descriptor.Header = null);
descriptor.Header = new JwtHeader();
Assert.Throws <InvalidOperationException>(() => descriptor.Header = new JwtHeader());
}
public void WithoutCache_8parameters()
{
_output.Clear();
JwsDescriptor descriptor = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256, "typ", "cty")
{
Payload = new JwtPayload
{
{ "header5", "value 5" },
{ "header6", "value 6" },
{ "header7", "value 7" },
{ "header8", "value 8" }
}
};
descriptor.Encode(new EncodingContext(_output, _disabledCache, 0, false));
}
public void Encode()
{
var descriptor = new JwsDescriptor();
var context = new EncodingContext(new JsonHeaderCache(), 60, true);
using (var bufferWriter = new PooledByteBufferWriter())
{
descriptor.Encode(context, bufferWriter);
var reader = new JwtReader();
var result = reader.TryReadToken(bufferWriter.WrittenSpan, TokenValidationPolicy.NoValidation);
Assert.True(result.Succedeed);
Assert.NotNull(result.Token);
Assert.True(result.Token.ExpirationTime.HasValue);
Assert.True(result.Token.IssuedAt.HasValue);
}
}
public void EncodeEmpty()
{
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None);
using (var bufferWriter = new PooledByteBufferWriter())
{
var context = new EncodingContext(bufferWriter, new LruJwtHeaderCache(), 60, true);
descriptor.Encode(context);
var result = Jwt.TryParse(bufferWriter.WrittenSpan, TokenValidationPolicy.NoValidation, out var jwt);
Assert.True(result);
Assert.NotNull(jwt);
Assert.True(jwt.Payload.ContainsClaim("exp"));
Assert.True(jwt.Payload.ContainsClaim("iat"));
jwt.Dispose();
}
}
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwsDescriptor descriptor, string claim = null)
{
switch (status)
{
case TokenValidationStatus.SignatureKeyNotFound:
descriptor.Header.Add("kid", "X");
break;
case TokenValidationStatus.MissingEncryptionAlgorithm:
descriptor.Header.Add("enc", (object)null);
break;
}
var token = descriptor;
var writer = new JwtWriter();
//writer.IgnoreTokenValidation = true;
var jwt = writer.WriteTokenString(token);
switch (status)
{
case TokenValidationStatus.MalformedToken:
jwt = "/" + jwt.Substring(0, jwt.Length - 1);
break;
case TokenValidationStatus.InvalidSignature:
var parts = jwt.Split('.');
parts[2] = new string(parts[2].Reverse().ToArray());
jwt = parts[0] + "." + parts[1] + "." + parts[2];
break;
case TokenValidationStatus.MalformedSignature:
jwt = jwt.Substring(0, jwt.Length - 2);
break;
case TokenValidationStatus.MissingSignature:
parts = jwt.Split('.');
jwt = parts[0] + "." + parts[1] + ".";
break;
default:
break;
}
return(new TokenState(jwt, status));
}
public void Write_Success()
{
const string expectedToken = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwfQ.";
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None)
{
Payload = new JwtPayload
{
{ "iss", "http://server.example.com" },
{ "sub", "248289761001" },
{ "aud", "s6BhdRkqt3" },
{ "exp", 1311281970 },
{ "iat", 1311280970 }
}
};
var writer = new JwtWriter();
var jwt = writer.WriteTokenString(descriptor);
Assert.Equal(expectedToken, jwt);
}
public void Descriptor_PayloadSetTwice_PayloadNotChanged()
{
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None);
var payload1 = new JwtPayload {
{ "One", "Member" }
};
var json1 = payload1.ToString();
descriptor.Payload = payload1;
var payload2 = new JwtPayload {
{ "Something", "else" }
};
var json2 = payload2.ToString();
descriptor.Payload = payload2;
Assert.Equal(payload1.ToString(), json1);
Assert.Equal(payload2.ToString(), json2);
}
public string GenerateToken(User user)
{
var descriptor = new JwsDescriptor {
SigningKey = _key,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = _configuration["ISSUER"],
Audience = _configuration["AUDIENCE"],
Subject = user.Id,
Algorithm = SignatureAlgorithm.RsaSha256
};
descriptor.AddClaim("https://hasura.io/jwt/claims", JsonSerializer.Serialize(new HasuraClaim {
UserId = user.Id,
DefaultRole = "user",
Roles = new[] { "user" }
}));
var writer = new JwtWriter();
return(writer.WriteTokenString(descriptor));
}
public void JwsDescriptor_Ctor()
{
SymmetricJwk signingKey = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256);
Assert.Throws <ArgumentNullException>(() => new JwsDescriptor(null, SignatureAlgorithm.HS256));
Assert.Throws <ArgumentNullException>(() => new JwsDescriptor(signingKey, null));
var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256, "typ_value", "cty_value");
Assert.Equal(signingKey, descriptor.SigningKey);
Assert.Equal(SignatureAlgorithm.HS256, descriptor.Alg);
Assert.True(descriptor.Header.TryGetValue("typ", out var typ));
Assert.Equal("typ_value", (string)typ.Value);
Assert.True(descriptor.Header.TryGetValue("cty", out var cty));
Assert.Equal("cty_value", (string)cty.Value);
var defaultDescriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256);
Assert.False(defaultDescriptor.Header.TryGetValue("typ", out _));
Assert.False(defaultDescriptor.Header.TryGetValue("cty", out _));
}
static void Main()
{
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor()
{
Algorithm = SignatureAlgorithm.None,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = "https://idp.example.com/",
Audience = "636C69656E745F6964"
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public void Encode_Decode(string alg)
{
var(signingKey, validationKey) = SelectKeys(alg);
var writer = new JwtWriter();
var descriptor = new JwsDescriptor
{
SigningKey = signingKey,
Algorithm = (SignatureAlgorithm)alg,
Subject = "Alice"
};
var token = writer.WriteToken(descriptor);
var reader = new JwtReader();
var policy = new TokenValidationPolicyBuilder()
.RequireSignature(validationKey, (SignatureAlgorithm)alg)
.Build();
var result = reader.TryReadToken(token, policy);
Assert.Equal(TokenValidationStatus.Success, result.Status);
Assert.Equal("Alice", result.Token.Subject);
}
static void Main()
{
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public JwsDescriptorWrapper(JwsDescriptor descriptor)
{
_descriptor = descriptor;
}
private static TokenState CreateInvalidToken(Jwk signingKey, TokenValidationStatus status, JwsDescriptor descriptor, string claim = null)
{
descriptor.SigningKey = signingKey;
descriptor.Algorithm = signingKey.SignatureAlgorithm;
return CreateInvalidToken(status, descriptor);
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var signingKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
// You can use predefined claims
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" },
// Or use custom claims
{ "value", "ABCEDF" }
}
};
// Adds another claim
descriptor.Payload.Add("ClaimName", new JsonObject
{
{ "stuff1", "xyz789" },
{ "stuff2", "abc123" },
{
"subObject", new JsonObject
{
{ "prop1", "abc123" },
{ "prop2", "xyz789" }
}
},
{
"Modules", new []
{
new JsonObject
{
{ "name", "module1" },
{ "prop1", "abc123" },
{ "prop2", "xyz789" }
},
new JsonObject
{
{ "name", "module2" },
{ "prop1", "abc123" },
{ "prop2", "xyz789" }
}
}
}
});
// Adds anonymous object
descriptor.Payload.Add("ClaimName_anonymous_type", new
{
stuff1 = "xyz789",
stuff2 = "abc123",
subObject = new
{
prop1 = "abc123",
prop2 = "xyz789"
},
Modules = new[]
{
new {
name = "module1",
prop1 = "abc123",
prop2 = "xyz789"
},
new {
name = "module2",
prop1 = "abc123",
prop2 = "xyz789"
}
}
});
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
private static IDictionary<string, JwtDescriptor> CreateDescriptors(IDictionary<string, JObject> payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey)
{
var descriptors = new Dictionary<string, JwtDescriptor>();
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
Algorithm = SignatureAlgorithm.None
};
FillPayload(payload, descriptor);
descriptors.Add("JWT-" + payload.Key, descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = signingKey,
Algorithm = signingKey.SignatureAlgorithm
};
FillPayload(payload, descriptor);
descriptors.Add("JWS-" + payload.Key, descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = signingKey,
Algorithm = signingKey.SignatureAlgorithm
};
FillPayload(payload, descriptor);
var jwe = new JweDescriptor
{
Payload = descriptor,
EncryptionKey = encryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256,
Algorithm = KeyManagementAlgorithm.Aes128KW,
ContentType = "JWT"
};
descriptors.Add("JWE-" + payload.Key, jwe);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = signingKey,
Algorithm = signingKey.SignatureAlgorithm
};
FillPayload(payload, descriptor);
var jwe = new JweDescriptor
{
Payload = descriptor,
EncryptionKey = encryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256,
Algorithm = KeyManagementAlgorithm.Aes128KW,
ContentType = "JWT",
CompressionAlgorithm = CompressionAlgorithm.Deflate
};
descriptors.Add("JWE-DEF-" + payload.Key, jwe);
}
return descriptors;
}
private static JwsDescriptor CreateJws(Jwk signingKey, JObject descriptor, TokenValidationStatus status, string?claim = null)
{
var payload = new JwtPayload();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
switch (kvp.Value.Type)
{
case JTokenType.Object:
payload.Add(kvp.Key, (object)kvp.Value);
break;
case JTokenType.Array:
payload.Add(kvp.Key, (object[])(object)kvp.Value);
break;
case JTokenType.Integer:
payload.Add(kvp.Key, (long)kvp.Value);
break;
case JTokenType.Float:
payload.Add(kvp.Key, (double)kvp.Value);
break;
case JTokenType.String:
payload.Add(kvp.Key, (string)kvp.Value);
break;
case JTokenType.Boolean:
payload.Add(kvp.Key, (bool)kvp.Value);
break;
case JTokenType.Null:
payload.Add(kvp.Key, (object)kvp.Value);
break;
}
}
var d = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256)
{
Payload = payload
};
return(d);
}
private static IDictionary <string, JwtDescriptor> CreateDescriptors(IDictionary <string, JObject> payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey)
{
var descriptors = new Dictionary <string, JwtDescriptor>();
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None);
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.Payload !.Add(property.Name, (long)property.Value);
break;
default:
descriptor.Payload !.Add(property.Name, (string)property.Value);
break;
}
}
descriptors.Add("JWT " + payload.Key + "6 claims", descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256);
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.Payload !.Add(property.Name, (long)property.Value);
break;
default:
descriptor.Payload !.Add(property.Name, (string)property.Value);
break;
}
}
descriptors.Add("JWS " + payload.Key + "6 claims", descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256);
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.Payload !.Add(property.Name, (long)property.Value);
break;
default:
descriptor.Payload !.Add(property.Name, (string)property.Value);
break;
}
}
var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
{
Payload = descriptor
};
descriptors.Add("JWE " + payload.Key + "6 claims", jwe);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256);
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.Payload !.Add(property.Name, (long)property.Value);
break;
default:
descriptor.Payload !.Add(property.Name, (string)property.Value);
break;
}
}
var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256, CompressionAlgorithm.Def)
{
Payload = descriptor
};
descriptors.Add("JWE DEF " + payload.Key + "6 claims", jwe);
}
return(descriptors);
}
private static IDictionary <string, JwtDescriptor> CreateDescriptors(IDictionary <string, JObject> payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey)
{
var descriptors = new Dictionary <string, JwtDescriptor>();
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
Algorithm = SignatureAlgorithm.None
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
descriptors.Add("JWT " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = signingKey,
Algorithm = (SignatureAlgorithm?)signingKey.Alg
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
descriptors.Add("JWS " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = signingKey,
Algorithm = (SignatureAlgorithm?)signingKey.Alg
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
var jwe = new JweDescriptor
{
Payload = descriptor,
EncryptionKey = encryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256,
Algorithm = KeyManagementAlgorithm.Aes128KW,
ContentType = "JWT"
};
descriptors.Add("JWE " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwe);
}
foreach (var payload in payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = signingKey,
Algorithm = (SignatureAlgorithm?)signingKey.Alg
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
var jwe = new JweDescriptor
{
Payload = descriptor,
EncryptionKey = encryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256,
Algorithm = KeyManagementAlgorithm.Aes128KW,
ContentType = "JWT",
CompressionAlgorithm = CompressionAlgorithm.Deflate
};
descriptors.Add("JWE DEF " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwe);
}
return(descriptors);
}
private static JwsDescriptor CreateJws(Jwk signingKey, Dictionary <string, object> descriptor, TokenValidationStatus status, string claim = null)
{
var payload = new JwtPayload();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
payload.Add(kvp.Key, kvp.Value);
}
var d = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm);
d.Payload = payload;
return(d);
}
private static Dictionary <string, JwtDescriptor> CreateJwtDescriptors()
{
var descriptors = new Dictionary <string, JwtDescriptor>();
foreach (var payload in Tokens.Payloads)
{
var descriptor = new JwsDescriptor()
{
Algorithm = SignatureAlgorithm.None
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.DateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
descriptors.Add("JWT " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor);
}
foreach (var payload in Tokens.Payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = SigningKey
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, EpochTime.DateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
descriptors.Add("JWS " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor);
}
foreach (var payload in Tokens.Payloads)
{
var descriptor = new JwsDescriptor()
{
SigningKey = SigningKey
};
foreach (var property in payload.Value.Properties())
{
switch (property.Name)
{
case "iat":
case "nbf":
case "exp":
descriptor.AddClaim(property.Name, Microsoft.IdentityModel.Tokens.EpochTime.DateTime((long)property.Value));
break;
default:
descriptor.AddClaim(property.Name, (string)property.Value);
break;
}
}
var jwe = new JweDescriptor
{
Payload = descriptor,
EncryptionKey = EncryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256
};
descriptors.Add("JWE " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwe);
var jwc = new JweDescriptor
{
Payload = descriptor,
EncryptionKey = EncryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256,
CompressionAlgorithm = CompressionAlgorithm.Deflate
};
descriptors.Add("JWE DEF " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwc);
}
return(descriptors);
}
private static void FillPayload(KeyValuePair <string, Dictionary <string, object> > payload, JwsDescriptor descriptor)
{
foreach (var property in payload.Value)
{
switch (property.Key)
{
case "iat":
case "nbf":
case "exp":
if (property.Value is int intValue)
{
descriptor.Payload.Add(property.Key, intValue);
}
else
{
descriptor.Payload.Add(property.Key, (long)property.Value);
}
break;
default:
if (property.Value is JArray)
{
var array = new List <string>(((JArray)property.Value).ToObject <string[]>());
descriptor.Payload.Add("aud", array);
}
else
{
descriptor.Payload.Add(property.Key, (string)property.Value);
}
break;
}
}
}
