public void WithCacheHit_4parameters() { _output.Clear(); JwsDescriptor descriptor = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256, "typ", "cty"); descriptor.Encode(new EncodingContext(_output, _enabledCache, 0, false)); }
private static JwsDescriptorWrapper CreateDescriptor(SignatureAlgorithm algorithm) { var jwk = algorithm.Category switch { Cryptography.AlgorithmCategory.None => Jwk.None, Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm), Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm), Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm), Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm), _ => throw new InvalidOperationException() }; var descriptor = new JwsDescriptor(jwk, algorithm) { Payload = new JwtPayload { { JwtClaimNames.Iat, EpochTime.UtcNow }, { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" } } }; return(new JwsDescriptorWrapper(descriptor)); } }
public void Encode_Decode(string alg) { var(signingKey, validationKey) = SelectKeys(alg); var writer = new JwtWriter(); var descriptor = new JwsDescriptor(signingKey, (SignatureAlgorithm)alg) { Payload = new JwtPayload { { "sub", "Alice" } } }; var token = writer.WriteTokenString(descriptor); var policy = new TokenValidationPolicyBuilder() .RequireSignatureByDefault(validationKey, (SignatureAlgorithm)alg) .Build(); var result = Jwt.TryParse(token, policy, out var jwt); Assert.True(result); Assert.True(jwt.Payload.TryGetClaim("sub", out var sub)); Assert.Equal("Alice", sub.GetString()); jwt.Dispose(); }
private static void FillPayload(KeyValuePair<string, JObject> payload, JwsDescriptor descriptor) { foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value)); break; default: if (property.Value is JArray) { var array = new List<string>(((JArray)property.Value).ToObject<string[]>()); descriptor.Audiences = array; } else { descriptor.AddClaim(property.Name, (string)property.Value); } break; } } }
static void Main() { // Creates a symmetric key defined for the 'HS256' algorithm var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU"); // Creates a JWS descriptor with all its properties var descriptor = new JwsDescriptor() { SigningKey = key, Algorithm = SignatureAlgorithm.HmacSha256, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = "https://idp.example.com/", Audience = "636C69656E745F6964" }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
public void WithoutCache_2parameters() { _output.Clear(); JwsDescriptor descriptor = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256); descriptor.Encode(new EncodingContext(_output, _disabledCache, 0, false)); }
private static IDictionary <string, JwtDescriptor> CreateDescriptors(IDictionary <string, Dictionary <string, object> > payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey) { var descriptors = new Dictionary <string, JwtDescriptor>(); foreach (var payload in payloads) { var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None); FillPayload(payload, descriptor); descriptors.Add("JWT-" + payload.Key, descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm); FillPayload(payload, descriptor); descriptors.Add("JWS-" + payload.Key, descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm); FillPayload(payload, descriptor); var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256) { Payload = descriptor, Header = new JwtHeader { { "cty", "JWT" } } }; descriptors.Add("JWE-" + payload.Key, jwe); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm); FillPayload(payload, descriptor); var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256, CompressionAlgorithm.Def) { Payload = descriptor, Header = new JwtHeader { { "cty", "JWT" } } }; descriptors.Add("JWE-DEF-" + payload.Key, jwe); } return(descriptors); }
public void Descriptor_SetInvalidHeader_ThrowException() { var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None); Assert.Throws <ArgumentNullException>(() => descriptor.Header = null); descriptor.Header = new JwtHeader(); Assert.Throws <InvalidOperationException>(() => descriptor.Header = new JwtHeader()); }
public void WithoutCache_8parameters() { _output.Clear(); JwsDescriptor descriptor = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256, "typ", "cty") { Payload = new JwtPayload { { "header5", "value 5" }, { "header6", "value 6" }, { "header7", "value 7" }, { "header8", "value 8" } } }; descriptor.Encode(new EncodingContext(_output, _disabledCache, 0, false)); }
public void Encode() { var descriptor = new JwsDescriptor(); var context = new EncodingContext(new JsonHeaderCache(), 60, true); using (var bufferWriter = new PooledByteBufferWriter()) { descriptor.Encode(context, bufferWriter); var reader = new JwtReader(); var result = reader.TryReadToken(bufferWriter.WrittenSpan, TokenValidationPolicy.NoValidation); Assert.True(result.Succedeed); Assert.NotNull(result.Token); Assert.True(result.Token.ExpirationTime.HasValue); Assert.True(result.Token.IssuedAt.HasValue); } }
public void EncodeEmpty() { var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None); using (var bufferWriter = new PooledByteBufferWriter()) { var context = new EncodingContext(bufferWriter, new LruJwtHeaderCache(), 60, true); descriptor.Encode(context); var result = Jwt.TryParse(bufferWriter.WrittenSpan, TokenValidationPolicy.NoValidation, out var jwt); Assert.True(result); Assert.NotNull(jwt); Assert.True(jwt.Payload.ContainsClaim("exp")); Assert.True(jwt.Payload.ContainsClaim("iat")); jwt.Dispose(); } }
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwsDescriptor descriptor, string claim = null) { switch (status) { case TokenValidationStatus.SignatureKeyNotFound: descriptor.Header.Add("kid", "X"); break; case TokenValidationStatus.MissingEncryptionAlgorithm: descriptor.Header.Add("enc", (object)null); break; } var token = descriptor; var writer = new JwtWriter(); //writer.IgnoreTokenValidation = true; var jwt = writer.WriteTokenString(token); switch (status) { case TokenValidationStatus.MalformedToken: jwt = "/" + jwt.Substring(0, jwt.Length - 1); break; case TokenValidationStatus.InvalidSignature: var parts = jwt.Split('.'); parts[2] = new string(parts[2].Reverse().ToArray()); jwt = parts[0] + "." + parts[1] + "." + parts[2]; break; case TokenValidationStatus.MalformedSignature: jwt = jwt.Substring(0, jwt.Length - 2); break; case TokenValidationStatus.MissingSignature: parts = jwt.Split('.'); jwt = parts[0] + "." + parts[1] + "."; break; default: break; } return(new TokenState(jwt, status)); }
public void Write_Success() { const string expectedToken = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwfQ."; var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None) { Payload = new JwtPayload { { "iss", "http://server.example.com" }, { "sub", "248289761001" }, { "aud", "s6BhdRkqt3" }, { "exp", 1311281970 }, { "iat", 1311280970 } } }; var writer = new JwtWriter(); var jwt = writer.WriteTokenString(descriptor); Assert.Equal(expectedToken, jwt); }
public void Descriptor_PayloadSetTwice_PayloadNotChanged() { var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None); var payload1 = new JwtPayload { { "One", "Member" } }; var json1 = payload1.ToString(); descriptor.Payload = payload1; var payload2 = new JwtPayload { { "Something", "else" } }; var json2 = payload2.ToString(); descriptor.Payload = payload2; Assert.Equal(payload1.ToString(), json1); Assert.Equal(payload2.ToString(), json2); }
public string GenerateToken(User user) { var descriptor = new JwsDescriptor { SigningKey = _key, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = _configuration["ISSUER"], Audience = _configuration["AUDIENCE"], Subject = user.Id, Algorithm = SignatureAlgorithm.RsaSha256 }; descriptor.AddClaim("https://hasura.io/jwt/claims", JsonSerializer.Serialize(new HasuraClaim { UserId = user.Id, DefaultRole = "user", Roles = new[] { "user" } })); var writer = new JwtWriter(); return(writer.WriteTokenString(descriptor)); }
public void JwsDescriptor_Ctor() { SymmetricJwk signingKey = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256); Assert.Throws <ArgumentNullException>(() => new JwsDescriptor(null, SignatureAlgorithm.HS256)); Assert.Throws <ArgumentNullException>(() => new JwsDescriptor(signingKey, null)); var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256, "typ_value", "cty_value"); Assert.Equal(signingKey, descriptor.SigningKey); Assert.Equal(SignatureAlgorithm.HS256, descriptor.Alg); Assert.True(descriptor.Header.TryGetValue("typ", out var typ)); Assert.Equal("typ_value", (string)typ.Value); Assert.True(descriptor.Header.TryGetValue("cty", out var cty)); Assert.Equal("cty_value", (string)cty.Value); var defaultDescriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256); Assert.False(defaultDescriptor.Header.TryGetValue("typ", out _)); Assert.False(defaultDescriptor.Header.TryGetValue("cty", out _)); }
static void Main() { // Creates a JWS descriptor with all its properties var descriptor = new JwsDescriptor() { Algorithm = SignatureAlgorithm.None, IssuedAt = DateTime.UtcNow, ExpirationTime = DateTime.UtcNow.AddHours(1), Issuer = "https://idp.example.com/", Audience = "636C69656E745F6964" }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
public void Encode_Decode(string alg) { var(signingKey, validationKey) = SelectKeys(alg); var writer = new JwtWriter(); var descriptor = new JwsDescriptor { SigningKey = signingKey, Algorithm = (SignatureAlgorithm)alg, Subject = "Alice" }; var token = writer.WriteToken(descriptor); var reader = new JwtReader(); var policy = new TokenValidationPolicyBuilder() .RequireSignature(validationKey, (SignatureAlgorithm)alg) .Build(); var result = reader.TryReadToken(token, policy); Assert.Equal(TokenValidationStatus.Success, result.Status); Assert.Equal("Alice", result.Token.Subject); }
static void Main() { // Creates a JWS descriptor with all its properties var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None) { Payload = new JwtPayload { { JwtClaimNames.Iat, EpochTime.UtcNow }, { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" } } }; // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
public JwsDescriptorWrapper(JwsDescriptor descriptor) { _descriptor = descriptor; }
private static TokenState CreateInvalidToken(Jwk signingKey, TokenValidationStatus status, JwsDescriptor descriptor, string claim = null) { descriptor.SigningKey = signingKey; descriptor.Algorithm = signingKey.SignatureAlgorithm; return CreateInvalidToken(status, descriptor); }
static void Main() { // Creates a symmetric key defined for the 'HS256' algorithm var signingKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU"); // Creates a JWS descriptor with all its properties var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256) { Payload = new JwtPayload { // You can use predefined claims { JwtClaimNames.Iat, EpochTime.UtcNow }, { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour }, { JwtClaimNames.Iss, "https://idp.example.com/" }, { JwtClaimNames.Aud, "636C69656E745F6964" }, // Or use custom claims { "value", "ABCEDF" } } }; // Adds another claim descriptor.Payload.Add("ClaimName", new JsonObject { { "stuff1", "xyz789" }, { "stuff2", "abc123" }, { "subObject", new JsonObject { { "prop1", "abc123" }, { "prop2", "xyz789" } } }, { "Modules", new [] { new JsonObject { { "name", "module1" }, { "prop1", "abc123" }, { "prop2", "xyz789" } }, new JsonObject { { "name", "module2" }, { "prop1", "abc123" }, { "prop2", "xyz789" } } } } }); // Adds anonymous object descriptor.Payload.Add("ClaimName_anonymous_type", new { stuff1 = "xyz789", stuff2 = "abc123", subObject = new { prop1 = "abc123", prop2 = "xyz789" }, Modules = new[] { new { name = "module1", prop1 = "abc123", prop2 = "xyz789" }, new { name = "module2", prop1 = "abc123", prop2 = "xyz789" } } }); // Generates the UTF-8 string representation of the JWT var writer = new JwtWriter(); var token = writer.WriteTokenString(descriptor); Console.WriteLine("The JWT is:"); Console.WriteLine(descriptor); Console.WriteLine(); Console.WriteLine("Its compact form is:"); Console.WriteLine(token); }
private static IDictionary<string, JwtDescriptor> CreateDescriptors(IDictionary<string, JObject> payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey) { var descriptors = new Dictionary<string, JwtDescriptor>(); foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { Algorithm = SignatureAlgorithm.None }; FillPayload(payload, descriptor); descriptors.Add("JWT-" + payload.Key, descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { SigningKey = signingKey, Algorithm = signingKey.SignatureAlgorithm }; FillPayload(payload, descriptor); descriptors.Add("JWS-" + payload.Key, descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { SigningKey = signingKey, Algorithm = signingKey.SignatureAlgorithm }; FillPayload(payload, descriptor); var jwe = new JweDescriptor { Payload = descriptor, EncryptionKey = encryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, Algorithm = KeyManagementAlgorithm.Aes128KW, ContentType = "JWT" }; descriptors.Add("JWE-" + payload.Key, jwe); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { SigningKey = signingKey, Algorithm = signingKey.SignatureAlgorithm }; FillPayload(payload, descriptor); var jwe = new JweDescriptor { Payload = descriptor, EncryptionKey = encryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, Algorithm = KeyManagementAlgorithm.Aes128KW, ContentType = "JWT", CompressionAlgorithm = CompressionAlgorithm.Deflate }; descriptors.Add("JWE-DEF-" + payload.Key, jwe); } return descriptors; }
private static JwsDescriptor CreateJws(Jwk signingKey, JObject descriptor, TokenValidationStatus status, string?claim = null) { var payload = new JwtPayload(); foreach (var kvp in descriptor) { switch (status) { case TokenValidationStatus.InvalidClaim: if (kvp.Key == "aud" && claim == "aud") { payload.Add(kvp.Key, kvp.Value + "XXX"); continue; } if (kvp.Key == "iss" && claim == "iss") { payload.Add(kvp.Key, kvp.Value + "XXX"); continue; } break; case TokenValidationStatus.MissingClaim: if (kvp.Key == "exp" & claim == "exp") { continue; } if (kvp.Key == "aud" & claim == "aud") { continue; } if (kvp.Key == "iss" && claim == "iss") { continue; } break; case TokenValidationStatus.Expired: if (kvp.Key == "exp") { payload.Add(kvp.Key, 1500000000); continue; } if (kvp.Key == "nbf") { payload.Add(kvp.Key, 1400000000); continue; } break; case TokenValidationStatus.NotYetValid: if (kvp.Key == "exp") { payload.Add(kvp.Key, 2100000000); continue; } if (kvp.Key == "nbf") { payload.Add(kvp.Key, 2000000000); continue; } break; } switch (kvp.Value.Type) { case JTokenType.Object: payload.Add(kvp.Key, (object)kvp.Value); break; case JTokenType.Array: payload.Add(kvp.Key, (object[])(object)kvp.Value); break; case JTokenType.Integer: payload.Add(kvp.Key, (long)kvp.Value); break; case JTokenType.Float: payload.Add(kvp.Key, (double)kvp.Value); break; case JTokenType.String: payload.Add(kvp.Key, (string)kvp.Value); break; case JTokenType.Boolean: payload.Add(kvp.Key, (bool)kvp.Value); break; case JTokenType.Null: payload.Add(kvp.Key, (object)kvp.Value); break; } } var d = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256) { Payload = payload }; return(d); }
private static IDictionary <string, JwtDescriptor> CreateDescriptors(IDictionary <string, JObject> payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey) { var descriptors = new Dictionary <string, JwtDescriptor>(); foreach (var payload in payloads) { var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None); foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.Payload !.Add(property.Name, (long)property.Value); break; default: descriptor.Payload !.Add(property.Name, (string)property.Value); break; } } descriptors.Add("JWT " + payload.Key + "6 claims", descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256); foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.Payload !.Add(property.Name, (long)property.Value); break; default: descriptor.Payload !.Add(property.Name, (string)property.Value); break; } } descriptors.Add("JWS " + payload.Key + "6 claims", descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256); foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.Payload !.Add(property.Name, (long)property.Value); break; default: descriptor.Payload !.Add(property.Name, (string)property.Value); break; } } var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256) { Payload = descriptor }; descriptors.Add("JWE " + payload.Key + "6 claims", jwe); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256); foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.Payload !.Add(property.Name, (long)property.Value); break; default: descriptor.Payload !.Add(property.Name, (string)property.Value); break; } } var jwe = new JweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256, CompressionAlgorithm.Def) { Payload = descriptor }; descriptors.Add("JWE DEF " + payload.Key + "6 claims", jwe); } return(descriptors); }
private static IDictionary <string, JwtDescriptor> CreateDescriptors(IDictionary <string, JObject> payloads, SymmetricJwk signingKey, SymmetricJwk encryptionKey) { var descriptors = new Dictionary <string, JwtDescriptor>(); foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { Algorithm = SignatureAlgorithm.None }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } descriptors.Add("JWT " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { SigningKey = signingKey, Algorithm = (SignatureAlgorithm?)signingKey.Alg }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } descriptors.Add("JWS " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { SigningKey = signingKey, Algorithm = (SignatureAlgorithm?)signingKey.Alg }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } var jwe = new JweDescriptor { Payload = descriptor, EncryptionKey = encryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, Algorithm = KeyManagementAlgorithm.Aes128KW, ContentType = "JWT" }; descriptors.Add("JWE " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwe); } foreach (var payload in payloads) { var descriptor = new JwsDescriptor() { SigningKey = signingKey, Algorithm = (SignatureAlgorithm?)signingKey.Alg }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.ToDateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } var jwe = new JweDescriptor { Payload = descriptor, EncryptionKey = encryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, Algorithm = KeyManagementAlgorithm.Aes128KW, ContentType = "JWT", CompressionAlgorithm = CompressionAlgorithm.Deflate }; descriptors.Add("JWE DEF " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwe); } return(descriptors); }
private static JwsDescriptor CreateJws(Jwk signingKey, Dictionary <string, object> descriptor, TokenValidationStatus status, string claim = null) { var payload = new JwtPayload(); foreach (var kvp in descriptor) { switch (status) { case TokenValidationStatus.InvalidClaim: if (kvp.Key == "aud" && claim == "aud") { payload.Add(kvp.Key, kvp.Value + "XXX"); continue; } if (kvp.Key == "iss" && claim == "iss") { payload.Add(kvp.Key, kvp.Value + "XXX"); continue; } break; case TokenValidationStatus.MissingClaim: if (kvp.Key == "exp" & claim == "exp") { continue; } if (kvp.Key == "aud" & claim == "aud") { continue; } if (kvp.Key == "iss" && claim == "iss") { continue; } break; case TokenValidationStatus.Expired: if (kvp.Key == "exp") { payload.Add(kvp.Key, 1500000000); continue; } if (kvp.Key == "nbf") { payload.Add(kvp.Key, 1400000000); continue; } break; case TokenValidationStatus.NotYetValid: if (kvp.Key == "exp") { payload.Add(kvp.Key, 2100000000); continue; } if (kvp.Key == "nbf") { payload.Add(kvp.Key, 2000000000); continue; } break; } payload.Add(kvp.Key, kvp.Value); } var d = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm); d.Payload = payload; return(d); }
private static Dictionary <string, JwtDescriptor> CreateJwtDescriptors() { var descriptors = new Dictionary <string, JwtDescriptor>(); foreach (var payload in Tokens.Payloads) { var descriptor = new JwsDescriptor() { Algorithm = SignatureAlgorithm.None }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.DateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } descriptors.Add("JWT " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor); } foreach (var payload in Tokens.Payloads) { var descriptor = new JwsDescriptor() { SigningKey = SigningKey }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, EpochTime.DateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } descriptors.Add("JWS " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", descriptor); } foreach (var payload in Tokens.Payloads) { var descriptor = new JwsDescriptor() { SigningKey = SigningKey }; foreach (var property in payload.Value.Properties()) { switch (property.Name) { case "iat": case "nbf": case "exp": descriptor.AddClaim(property.Name, Microsoft.IdentityModel.Tokens.EpochTime.DateTime((long)property.Value)); break; default: descriptor.AddClaim(property.Name, (string)property.Value); break; } } var jwe = new JweDescriptor { Payload = descriptor, EncryptionKey = EncryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256 }; descriptors.Add("JWE " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwe); var jwc = new JweDescriptor { Payload = descriptor, EncryptionKey = EncryptionKey, EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256, CompressionAlgorithm = CompressionAlgorithm.Deflate }; descriptors.Add("JWE DEF " + (payload.Key == "0" ? "" : payload.Key) + "6 claims", jwc); } return(descriptors); }
private static void FillPayload(KeyValuePair <string, Dictionary <string, object> > payload, JwsDescriptor descriptor) { foreach (var property in payload.Value) { switch (property.Key) { case "iat": case "nbf": case "exp": if (property.Value is int intValue) { descriptor.Payload.Add(property.Key, intValue); } else { descriptor.Payload.Add(property.Key, (long)property.Value); } break; default: if (property.Value is JArray) { var array = new List <string>(((JArray)property.Value).ToObject <string[]>()); descriptor.Payload.Add("aud", array); } else { descriptor.Payload.Add(property.Key, (string)property.Value); } break; } } }