public Task <TokenValidationResult> ValidateAccessTokenAsync(string token, string expectedScope = null) { // this key should store in the KeyVault service, then we can securely access in anywhere var key = "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=".UrlSafe64Decode(); var jwt64Token = SimpleFernet.Decrypt(key, token, out var timestamp); var jwtToken = jwt64Token.UrlSafe64Encode().FromBase64String(); if (string.IsNullOrEmpty(jwtToken)) { return(Task.FromResult(new TokenValidationResult { IsError = true })); } var result = new TokenValidationResult { IsError = false, Claims = new List <Claim> { new Claim(JwtClaimTypes.Scope, jwtToken) } }; return(Task.FromResult(result)); }
public static string Decrypt(string encrypted, string key) { var keyBytes = key.UrlSafe64Decode(); var decryptedBytes = SimpleFernet.Decrypt(keyBytes, encrypted, out DateTime _); var decrypted = decryptedBytes.UrlSafe64Encode().FromBase64String().Replace("\0", ""); return(decrypted); }
public static (string encryptedPassword, string key) Encrypt(string password) { byte[] keyBytes = SimpleFernet.GenerateKey().UrlSafe64Decode(); var passwordBytes = System.Text.Encoding.Unicode.GetBytes(password); string encrypted = SimpleFernet.Encrypt(keyBytes, passwordBytes); string key = keyBytes.UrlSafe64Encode(); return(encrypted, key); }
protected override Task <string> CreateJwtAsync(JwtSecurityToken jwt) { // this is just for demo so that we will put the required scope into the fernet token var jwtToken = "api1"; var jwt64Token = jwtToken.ToBase64String(); // this key should store in the KeyVault service, then we can securely access in anywhere var key = "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=".UrlSafe64Decode(); var fernetToken = SimpleFernet.Encrypt(key, jwt64Token.UrlSafe64Decode()); return(Task.FromResult(fernetToken)); }
public void CanGenerateFernet() { // Arrange var data = JsonData.DeserializeObject <FernetTokenData>(); var src64 = data.Src.ToBase64String(); // Act var encoded = SimpleFernet.Encrypt(data.Secret.UrlSafe64Decode(), src64.UrlSafe64Decode(), data.Now, data.Iv); // Assert Assert.Equal(encoded, data.Token); }
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey) { var secretBytes = secretKey?.GetSecretBytes(); try { return(SimpleFernet.Encrypt(secretBytes, textBytes)); } finally { SecretKeyFactory.ShuffleSecretKey(secretBytes); } }
public void CanEncodeDecode() { // Arrange var key = SimpleFernet.GenerateKey().UrlSafe64Decode(); var src = "hello"; var src64 = src.ToBase64String(); // Act var token = SimpleFernet.Encrypt(key, src64.UrlSafe64Decode()); var decoded64 = SimpleFernet.Decrypt(key, token, out var timestamp); var decoded = decoded64.UrlSafe64Encode().FromBase64String(); // Assert Assert.Equal(src, decoded); }
public void CanVerifyFernetToken() { // Arrange var data = JsonData.DeserializeObject <FernetTokenData>(); // Act var resultByte = SimpleFernet.Decrypt( data.Secret.UrlSafe64Decode(), data.Token, out var timestamp); var result = resultByte.UrlSafe64Encode().FromBase64String(); // Assert Assert.Equal(result, data.Src); }
public void CanTestInvalidFernetToken() { // Arrange var data = JsonData.DeserializeObject <List <FernetTokenData> >(); // Act foreach (var fernetToken in data) { // Assert Assert.Throws <FernetException>(() => { var resultByte = SimpleFernet.Decrypt( fernetToken.Secret.UrlSafe64Decode(), fernetToken.Token, out var timestamp, fernetToken.TtlSec); }); } }