public static TokenVerificationKey AsTokenVerificationKey(this JsonWebKey jwk) { X509Certificate2 cert = null; X509CertTokenVerificationKey key = null; if (jwk.X5c != null && jwk.X5c.Count > 0) { cert = new X509Certificate2(Convert.FromBase64String(jwk.X5c.First())); key = new X509CertTokenVerificationKey(cert); return(key); } if (!String.IsNullOrEmpty(jwk.N) && !String.IsNullOrEmpty(jwk.E)) { RsaTokenVerificationKey rsaToken = new RsaTokenVerificationKey(); RSAParameters rsaParams = new RSAParameters() { Modulus = EncodeUtilities.Base64UrlDecode(jwk.N), Exponent = EncodeUtilities.Base64UrlDecode(jwk.E) }; rsaToken.InitFromRsaParameters(rsaParams); return(rsaToken); } throw new NotSupportedException(StringTable.NotSupportedJwkToTokenVerificationKeyConversion); }
public void RSATokenVerificationKeyRoundTrip() { TokenRestrictionTemplate template = new TokenRestrictionTemplate(TokenType.JWT); RsaTokenVerificationKey tokenVerificationKey = new RsaTokenVerificationKey(); RSAParameters inputRsaParameters; using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider()) { inputRsaParameters = provider.ExportParameters(true); tokenVerificationKey.InitFromRsaParameters(inputRsaParameters); } Assert.IsNotNull(tokenVerificationKey.RawBody); template.Audience = _sampleAudience; template.Issuer = _sampleIssuer; template.PrimaryVerificationKey = tokenVerificationKey; var templateAsString = TokenRestrictionTemplateSerializer.Serialize(template); Assert.IsTrue(templateAsString.Contains("<PrimaryVerificationKey i:type=\"RsaTokenVerificationKey\">")); TokenRestrictionTemplate output = TokenRestrictionTemplateSerializer.Deserialize(templateAsString); Assert.AreEqual(TokenType.JWT, output.TokenType); Assert.IsNotNull(output.PrimaryVerificationKey); Assert.IsNotNull(output.PrimaryVerificationKey as RsaTokenVerificationKey); RsaTokenVerificationKey key = output.PrimaryVerificationKey as RsaTokenVerificationKey; Assert.IsNotNull(key.RawBody); RSAParameters outputRsaParametersutParameters = key.GetRsaParameters(); Assert.IsNotNull(outputRsaParametersutParameters); Assert.IsNotNull(outputRsaParametersutParameters.Exponent); Assert.IsNotNull(outputRsaParametersutParameters.Modulus); //Check that we are storing only public signing key Assert.IsNull(outputRsaParametersutParameters.P); Assert.IsNull(outputRsaParametersutParameters.Q); Assert.IsNull(outputRsaParametersutParameters.D); Assert.IsNull(outputRsaParametersutParameters.DP); Assert.IsNull(outputRsaParametersutParameters.DQ); //Checking that public key matching Assert.IsTrue(inputRsaParameters.Exponent.SequenceEqual(outputRsaParametersutParameters.Exponent), "Exponent value mismatch"); Assert.IsTrue(inputRsaParameters.Modulus.SequenceEqual(outputRsaParametersutParameters.Modulus), "Modulus value mismatch"); }
public void FetchKeyWithRSATokenValidationKeyAsPrimaryVerificationKey() { //Create a new RSACryptoServiceProvider object. using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()) { //Export the key information to an RSAParameters object. //Pass false to export the public key information or pass //true to export public and private key information. RSAParameters RSAParams = RSA.ExportParameters(true); TokenRestrictionTemplate tokenRestrictionTemplate = new TokenRestrictionTemplate(TokenType.JWT); var tokenVerificationKey = new RsaTokenVerificationKey(); tokenVerificationKey.InitFromRsaParameters(RSAParams); tokenRestrictionTemplate.PrimaryVerificationKey = tokenVerificationKey; tokenRestrictionTemplate.Audience = "http://sampleIssuerUrl"; tokenRestrictionTemplate.Issuer = "http://sampleAudience"; string requirements = TokenRestrictionTemplateSerializer.Serialize(tokenRestrictionTemplate); } }