private async Task LoadOpenIdConnectConfigurationAsync()
{
var discoAddress = _settings.Authority + "/.well-known/openid-configuration";
var manager = new ConfigurationManager<OpenIdConnectConfiguration>(discoAddress);
_config = await manager.GetConfigurationAsync();
}
private static ClaimsPrincipal GetClaims(string idToken, OpenIdConnectConfiguration configuration)
{
SecurityToken token;
var claims = TokenHandler.ValidateToken(idToken, new TokenValidationParameters
{
ValidAudience = WebConfigurationManager.AppSettings["AuthenticationProvider.Google.OpenId2.ValidAudience"],
ValidIssuer = WebConfigurationManager.AppSettings["AuthenticationProvider.Google.OpenId2.ValidIssuer"],
IssuerSigningTokens = configuration.SigningTokens
}, out token);
return claims;
}
private OpenIdConnectConfiguration RunOpenIdConnectConfigurationTest(object obj, OpenIdConnectConfiguration compareTo, ExpectedException expectedException, bool asString = true)
{
bool exceptionHit = false;
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
if (obj is string)
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as string);
}
else if (obj is IDictionary<string, object>)
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as IDictionary<string, object>);
}
else
{
if (asString)
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as string);
}
else
{
openIdConnectConfiguration = new OpenIdConnectConfiguration(obj as IDictionary<string, object>);
}
}
expectedException.ProcessNoException();
}
catch (Exception ex)
{
exceptionHit = true;
expectedException.ProcessException(ex);
}
if (!exceptionHit && compareTo != null)
{
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, compareTo), "jsonWebKey created from: " + (obj == null ? "NULL" : obj.ToString() + " did not match expected."));
}
return openIdConnectConfiguration;
}
private void GetAndCheckConfiguration(string jsonName, string propertyName, string propertyValue=null)
{
string jsonValue = propertyValue;
if (jsonValue == null)
{
jsonValue = Guid.NewGuid().ToString();
}
string jsonString = @"{""" + jsonName + @""":""" + jsonValue + @"""}";
try
{
OpenIdConnectConfiguration openIdConnectConfiguration = new OpenIdConnectConfiguration(jsonString);
OpenIdConnectConfiguration expectedConfiguration = new OpenIdConnectConfiguration();
TestUtilities.SetProperty(expectedConfiguration, propertyName, jsonValue);
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration));
}
catch (Exception exception)
{
ExpectedException.NoExceptionExpected.ProcessException(exception);
}
return;
}
private async Task<OpenIdConnectConfiguration> GetConfigurationFromMixedAsync(string primaryDocument, ExpectedException expectedException, OpenIdConnectConfiguration expectedConfiguration = null)
{
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
openIdConnectConfiguration = await OpenIdConnectConfigurationRetriever.GetAsync(
new TestDocumentRetriever(primaryDocument, new GenericDocumentRetriever()), "primary", CancellationToken.None);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
if (expectedConfiguration != null)
{
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration));
}
return openIdConnectConfiguration;
}
private async Task<OpenIdConnectConfiguration> GetConfigurationAsync(string uri, ExpectedException expectedException, OpenIdConnectConfiguration expectedConfiguration = null)
{
OpenIdConnectConfiguration openIdConnectConfiguration = null;
try
{
openIdConnectConfiguration = await OpenIdConnectConfigurationRetriever.GetAsync(uri, CancellationToken.None);
expectedException.ProcessNoException();
}
catch (Exception exception)
{
expectedException.ProcessException(exception);
}
if (expectedConfiguration != null)
{
Assert.IsTrue(IdentityComparer.AreEqual(openIdConnectConfiguration, expectedConfiguration));
}
return openIdConnectConfiguration;
}
public ExpectedQueryValues(string authority, OpenIdConnectConfiguration configuration = null)
{
Authority = authority;
Configuration = configuration ?? TestUtilities.DefaultOpenIdConnectConfiguration;
}
static OpenIdConfigData()
{
JsonWebKeyFromPingExpected1 =
new JsonWebKey
{
E = "AQAB",
Kid = "20am7",
Kty = "RSA",
N = "mhupHfUtg_gHIqwu2wm8CprXY-gKqbPMV6tEYVqkyYrHugzQ_YDYAHr7vWo5Pe_3gIujSFwpqIfXaP8-Fl3O5fQhMo1lMv4DdRabyDLEpv7YO9qoVKTmDOZqYZx-AYBr5x1Zh2xWByI6_0dsPtCjD1pFZfg_SxNEcLPyH1aY6dT8CWYu32qG4O0WF4EihZzMkzSn8fyh8RXbMf5U9Wm2kgb0g8jK62S7MoF4IlhFaJreq898wgUohhPwR8P3X-gk0XQJAFcogEf04Fw4UmKo3z1B6mcNbPRfImhWw4wtLkhp_KIqKNOkMsSpYGSLrCvqQpgK56EJZExrmb7WozjwHw",
Use = "sig"
};
JsonWebKeyFromPingExpected2 =
new JsonWebKey
{
E = "AQAB",
Kid = "20am3",
Kty = "RSA",
N = "wY2KNRyiEvyBFkr1IC_1UGWMPInkzVYpoap_-Zw5fYAXLVxKMSPdZVVLt9AVhuNtagOOQqlZ_Y32e4l19REHym6RGV9Sm1noKRxDUjkz7U8OVeUew7D7h4Dk6E2rrlIYpy9OmhhzWSS68pBTf0_ESdekKv3OQbEs99avEXOPK5uH3V-NHsy1YP3DAvl7HJaV6fn-1Nch1quLrg1G7ohBuTb4Zr-499TJ6bkfabaACz8bf-RHuPezFBjoY0LHNNu6-KQ-qqHVkoki_1OQwj2s_Lui3qYWOmLoaVN9ZzO90rBdhhg8t0JZv6pSlc7o0XT4fie5RRjiqCuOpuGQvNYKpQ",
Use = "sig"
};
JsonWebKeyFromPingExpected3 =
new JsonWebKey
{
E = "AQAB",
Kid = "20alz",
Kty = "RSA",
N = "tgLZUXY8mo2Y1TaXHjOYrFGs23jZxgpzEKfBz004AEeOMHFbEP1h1Lrqf2B7f49mOpXRkBgEm4tnSYzX7pDWrMvNeRVkTFXSXwHYvda1R1kmwiTxnrC9IWjvizrr22DtzHhSSpL_7xuXtmaid2orOF8mUoXnKesPQVfq33pCKm1QUV6oFNSVxAiOKJkzFmxjYvcqzryjYi10glxPSx3cmSI8RGqlxolJr0negfLmI9bNxuAvStf_L6zXB5NFqccmkCQXn_QC3P1N3j-HgwwHTVFxkrS8kZQOMTw3TMXbtTFNrVAx1QC_3M0ze4cVncr2zTSECS_2qXM5RS7xBTEDvQ",
Use = "sig"
};
JsonWebKeyExpected1 =
new JsonWebKey
{
Alg = "SHA256",
E = "AQAB",
KeyOps = "signing",
Kid = "NGTFvdK-fythEuLwjpwAJOM9n-A",
Kty = "RSA",
N = "rCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVw==",
X5t = "NGTFvdK-fythEuLwjpwAJOM9n-A",
X5u = "https://jsonkeyurl",
Use = "sig",
};
JsonWebKeyExpected1.X5c.Add(JsonWebKey_X5c_1);
JsonWebKeyDictionary1 =
new Dictionary<string, object>
{
{"alg", "SHA256"},
{"e", "AQAB"},
{"key_ops", "signing"},
{"kid", "NGTFvdK-fythEuLwjpwAJOM9n-A"},
{"kty", "RSA"},
{"n", "kSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuw=="},
{"x5c", new ArrayList(new List<string> { "MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng"})},
{"x5t", "NGTFvdK-fythEuLwjpwAJOM9n-A"},
{"x5u", "https://jsonkeyurl"},
{"use", "sig"},
};
JsonWebKeyExpected2 =
new JsonWebKey
{
Alg = "SHA256",
E = "AQAB",
Kid = "kriMPdmBvx68skT8-mPAB3BseeA",
Kty = "RSA",
N = "kSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuw==",
X5t = "kriMPdmBvx68skT8-mPAB3BseeA",
Use = "sig",
};
JsonWebKeyExpected2.X5c.Add(JsonWebKey_X5c_2);
JsonWebKeySetExpected1 = new JsonWebKeySet();
JsonWebKeySetExpected1.Keys.Add(JsonWebKeyExpected1);
JsonWebKeySetExpected1.Keys.Add(JsonWebKeyExpected2);
JsonWebKeyExpectedBadX509Data =
new JsonWebKey
{
Alg = null,
KeyOps = null,
Kid = "kriMPdmBvx68skT8-mPAB3BseeA",
Kty = "RSA",
X5t = "kriMPdmBvx68skT8-mPAB3BseeA",
X5u = null,
Use = "sig"
};
JsonWebKeyExpectedBadX509Data.X5c.Add("==MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ");
OpenIdConnectConfiguration1 =
new OpenIdConnectConfiguration()
{
AuthorizationEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize",
CheckSessionIframe = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/checksession",
EndSessionEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/logout",
Issuer = "https://sts.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/",
JwksUri = "JsonWebKeySet.json",
TokenEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/token",
};
X509CertificateJsonWebKey1 = new X509Certificate2(Convert.FromBase64String("MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng"));
X509CertificateJsonWebKey2 = new X509Certificate2(Convert.FromBase64String("MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ"));
OpenIdConnectConfigurationWithKeys1 =
new OpenIdConnectConfiguration()
{
AuthorizationEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize",
CheckSessionIframe = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/checksession",
EndSessionEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/logout",
Issuer = "https://sts.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/",
JwksUri = "JsonWebKeySet.json",
TokenEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/token",
};
RSACryptoServiceProvider rsa1 = new RSACryptoServiceProvider();
RSACryptoServiceProvider rsa2 = new RSACryptoServiceProvider();
RSACryptoServiceProvider rsa3 = new RSACryptoServiceProvider();
string base64String1 = Convert.ToBase64String(Base64UrlEncoder.DecodeBytes(JsonWebKeyFromPingExpected1.N));
rsa1.FromXmlString(string.Format(CultureInfo.InvariantCulture, rsaImportTemplate, base64String1, JsonWebKeyFromPingExpected1.E));
string base64String2 = Convert.ToBase64String(Base64UrlEncoder.DecodeBytes(JsonWebKeyFromPingExpected2.N));
rsa2.FromXmlString(string.Format(CultureInfo.InvariantCulture, rsaImportTemplate, base64String2, JsonWebKeyFromPingExpected2.E));
string base64String3 = Convert.ToBase64String(Base64UrlEncoder.DecodeBytes(JsonWebKeyFromPingExpected3.N));
rsa3.FromXmlString(string.Format(CultureInfo.InvariantCulture, rsaImportTemplate, base64String3, JsonWebKeyFromPingExpected3.E));
OpenIdConnectConfigurationPing =
new OpenIdConnectConfiguration()
{
AuthorizationEndpoint = "https://connect-interop.pinglabs.org:9031/as/authorization.oauth2",
Issuer = "https://connect-interop.pinglabs.org:9031",
TokenEndpoint = "https://connect-interop.pinglabs.org:9031/as/token.oauth2",
UserInfoEndpoint = "https://connect-interop.pinglabs.org:9031/idp/userinfo.openid"
};
OpenIdConnectConfigurationPingLabsJWKS =
new OpenIdConnectConfiguration()
{
JwksUri = "PingLabsJWKS.json",
};
OpenIdConnectConfigurationPingLabsJWKS.SigningTokens.Add(new NamedKeySecurityToken(JsonWebKeyParameterNames.Kid, JsonWebKeyFromPingExpected1.Kid, new RsaSecurityKey(rsa1)));
OpenIdConnectConfigurationPingLabsJWKS.SigningTokens.Add(new NamedKeySecurityToken(JsonWebKeyParameterNames.Kid, JsonWebKeyFromPingExpected2.Kid, new RsaSecurityKey(rsa2)));
OpenIdConnectConfigurationPingLabsJWKS.SigningTokens.Add(new NamedKeySecurityToken(JsonWebKeyParameterNames.Kid, JsonWebKeyFromPingExpected3.Kid, new RsaSecurityKey(rsa3)));
string n = "ns1cm8RU1hKZILPI6pB5Zoxn9mW2tSS0atV+o9FCn9NyeOktEOj1kEXOeIz0KfnqxgPMF1GpshuZBAhgjkyy2kNGE6Zx50CCJgq6XUatvVVJpMp8/FV18ynPf+/TRlF8V2HO3IVJ0XqRJ9fGA2f5xpOweWsdLYitdHbaDCl6IBNSXo52iNuqWAcB1k7jBlsnlXpuvslhLIzj60dnghAVA4ltS3NlFyw1Tz3pGlZQDt7x83IBHe7DA9bV3aJs1trkm1NzI1HoRS4vOqU3n4fn+DlfAE2vYKNkSi/PjuAX+1YQCq6e5uN/hOeSEqji8SsWC2nk/bMTKPwD67rn3jNC9w==";
string e = "AQAB";
string n2 = "kSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuw==";
string e2 = "AQAB";
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
string xml = string.Format(CultureInfo.InvariantCulture, rsaImportTemplate, n, e);
rsa.FromXmlString(xml);
OpenIdConnectConfigurationWithKeys1.SigningTokens.Add(new NamedKeySecurityToken("kid", "NGTFvdK-fythEuLwjpwAJOM9n-A", new RsaSecurityKey(rsa)));
rsa = new RSACryptoServiceProvider();
xml = string.Format(CultureInfo.InvariantCulture, rsaImportTemplate, n2, e2);
rsa.FromXmlString(xml);
OpenIdConnectConfigurationWithKeys1.SigningTokens.Add(new NamedKeySecurityToken("kid", "kriMPdmBvx68skT8-mPAB3BseeA", new RsaSecurityKey(rsa)));
OpenIdConnectConfigurationWithKeys1.SigningTokens.Add(new X509SecurityToken(X509CertificateJsonWebKey1));
OpenIdConnectConfigurationWithKeys1.SigningTokens.Add(new X509SecurityToken(X509CertificateJsonWebKey2));
OpenIdConnectConfigurationSingleX509Data1 =
new OpenIdConnectConfiguration()
{
AuthorizationEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize",
CheckSessionIframe = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/checksession",
EndSessionEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/logout",
Issuer = "https://sts.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/",
JwksUri = "JsonWebKeySetSingleX509Data.json",
TokenEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/token",
};
OpenIdConnectConfigurationSingleX509Data1.SigningTokens.Add(new X509SecurityToken(X509CertificateJsonWebKey1));
// interrop
GoogleCertsExpected = new JsonWebKeySet();
GoogleCertsExpected.Keys.Add(
new JsonWebKey
{
Alg = "RS256",
E = "AQAB",
Kty = "RSA",
Kid = "ab844f3d4c69feee0de2501b04e1a4c8d78eead1",
N = "AKrMiv5vhYehVKXnSpZZN6lYymUIi+NS97ceYKYClMlNyj2Ln4ErWiOwjwdivG2kZnN0kKCC/XL9E+uEgsZO3ECvvDtgtFhPOR0MiqL7pp/K7d58dbKUWX/cWy8E4bm/Zmwa/g0HDcW6o19+Q85IPYXbY/6Z2oOgA9qDAoGHkjIv",
Use = "sig",
});
GoogleCertsExpected.Keys.Add(
new JsonWebKey
{
Alg = "RS256",
E = "AQAB",
Kty = "RSA",
Kid = "550326e0aacb4674d22905a1a51a808cfa7463b0",
N = "ANLFuJO6EoKczde+YP3b1yuz2b46D7Rd7CjrbvKrzbjkH29iRFLBagT7nojwdMOPrsV+WLp/C8lfkRT7UJ38lnQh3m4oEy98HdRRMZh5Vtpbotgt4S/ugh5ansJdHSXSBTxk+X1ZnTzMOUH7ZROpxw3NcX/IFl0sshFlTbebPrDj",
Use = "sig",
});
}
public async Task ChallengeSettingMessage(string challenge, OpenIdConnectRequestType requestType)
{
var configuration = new OpenIdConnectConfiguration
{
AuthorizationEndpoint = ExpectedAuthorizeRequest,
EndSessionEndpoint = ExpectedLogoutRequest
};
var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
{
RequestType = requestType
};
var server = CreateServer(SetProtocolMessageOptions);
var transaction = await SendAsync(server, DefaultHost + challenge);
transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
}
protected override async Task ApplyResponseGrantAsync()
{
AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
if (signout != null)
{
AuthenticationProperties properties = signout.Properties;
// Enable Per-Policy Metadata Retreival
string policy;
if (properties.Dictionary.TryGetValue(PolicyParameter, out policy))
{
B2CConfigurationManager mgr = Options.ConfigurationManager as B2CConfigurationManager;
_configuration = await mgr.GetConfigurationAsync(Context.Request.CallCancelled, policy);
}
else
{
throw new Exception("For B2C, you must pass a policy parameter in every sign out request.");
}
OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage()
{
IssuerAddress = _configuration.EndSessionEndpoint ?? string.Empty,
RequestType = OpenIdConnectRequestType.LogoutRequest,
};
string redirect = string.Empty;
if (properties != null && !string.IsNullOrEmpty(properties.RedirectUri))
{
openIdConnectMessage.PostLogoutRedirectUri = properties.RedirectUri;
redirect = properties.RedirectUri;
}
else if (!string.IsNullOrWhiteSpace(Options.PostLogoutRedirectUri))
{
openIdConnectMessage.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
redirect = Options.RedirectUri;
}
if (string.IsNullOrWhiteSpace(openIdConnectMessage.PostLogoutRedirectUri))
{
throw new Exception("For B2C, the PostLogoutRedirectUri is required.");
}
if (string.IsNullOrWhiteSpace(redirect))
{
throw new Exception("For B2C, the RedirectUri is required.");
}
var notification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
{
ProtocolMessage = openIdConnectMessage
};
await Options.Notifications.RedirectToIdentityProvider(notification);
if (!notification.HandledResponse)
{
string redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
redirectUri = redirectUri + "&" + OpenIdConnectParameterNames.RedirectUri + "=" + HttpUtility.UrlEncode(redirect) + "&" + OpenIdConnectParameterNames.ClientId + "=" + Options.ClientId;
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
{
_logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
}
Response.Redirect(redirectUri);
}
}
}
protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
{
if (Options.CallbackPath.HasValue && Options.CallbackPath != (Request.PathBase + Request.Path))
{
return null;
}
OpenIdConnectMessage openIdConnectMessage = null;
if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
&& !string.IsNullOrWhiteSpace(Request.ContentType)
&& Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
&& Request.Body.CanRead)
{
if (!Request.Body.CanSeek)
{
_logger.WriteVerbose("Buffering request body");
MemoryStream memoryStream = new MemoryStream();
await Request.Body.CopyToAsync(memoryStream);
memoryStream.Seek(0, SeekOrigin.Begin);
Request.Body = memoryStream;
}
IFormCollection form = await Request.ReadFormAsync();
Request.Body.Seek(0, SeekOrigin.Begin);
openIdConnectMessage = new OpenIdConnectMessage(form);
}
if (openIdConnectMessage == null)
{
return null;
}
ExceptionDispatchInfo authFailedEx = null;
string policy = string.Empty;
try
{
var messageReceivedNotification = new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
{
ProtocolMessage = openIdConnectMessage
};
await Options.Notifications.MessageReceived(messageReceivedNotification);
if (messageReceivedNotification.HandledResponse)
{
return GetHandledResponseTicket();
}
if (messageReceivedNotification.Skipped)
{
return null;
}
AuthenticationProperties properties = GetPropertiesFromState(openIdConnectMessage.State);
if (properties == null)
{
_logger.WriteWarning("The state field is missing or invalid.");
return null;
}
string nonce = null;
if (Options.ProtocolValidator.RequireNonce)
{
nonce = RetrieveNonce(openIdConnectMessage);
}
if (!string.IsNullOrWhiteSpace(openIdConnectMessage.Error))
{
throw new OpenIdConnectProtocolException(
string.Format(CultureInfo.InvariantCulture,
openIdConnectMessage.Error,
"", openIdConnectMessage.ErrorDescription ?? string.Empty, openIdConnectMessage.ErrorUri ?? string.Empty));
}
if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
{
_logger.WriteWarning("The id_token is missing.");
return null;
}
var securityTokenReceivedNotification = new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
{
ProtocolMessage = openIdConnectMessage,
};
await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
if (securityTokenReceivedNotification.HandledResponse)
{
return GetHandledResponseTicket();
}
if (securityTokenReceivedNotification.Skipped)
{
return null;
}
// Enable Per-Policy Metadata Retreival
if (properties.Dictionary.TryGetValue(PolicyParameter, out policy))
{
B2CConfigurationManager mgr = Options.ConfigurationManager as B2CConfigurationManager;
_configuration = await mgr.GetConfigurationAsync(Context.Request.CallCancelled, policy);
}
else
{
_logger.WriteWarning("No policy identifier was found in the Authentication Properties of the request.");
return null;
}
TokenValidationParameters tvp = Options.TokenValidationParameters.Clone();
IEnumerable<string> issuers = new[] { _configuration.Issuer };
tvp.ValidIssuers = (tvp.ValidIssuers == null ? issuers : tvp.ValidIssuers.Concat(issuers));
tvp.IssuerSigningTokens = (tvp.IssuerSigningTokens == null ? _configuration.SigningTokens : tvp.IssuerSigningTokens.Concat(_configuration.SigningTokens));
SecurityToken validatedToken;
ClaimsPrincipal principal = Options.SecurityTokenHandlers.ValidateToken(openIdConnectMessage.IdToken, tvp, out validatedToken);
ClaimsIdentity claimsIdentity = principal.Identity as ClaimsIdentity;
JwtSecurityToken jwt = validatedToken as JwtSecurityToken;
AuthenticationTicket ticket = new AuthenticationTicket(claimsIdentity, properties);
if (!string.IsNullOrWhiteSpace(openIdConnectMessage.SessionState))
{
ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = openIdConnectMessage.SessionState;
}
if (!string.IsNullOrWhiteSpace(_configuration.CheckSessionIframe))
{
ticket.Properties.Dictionary[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
}
if (Options.UseTokenLifetime)
{
DateTime issued = jwt.ValidFrom;
if (issued != DateTime.MinValue)
{
ticket.Properties.IssuedUtc = issued.ToUniversalTime();
}
DateTime expires = jwt.ValidTo;
if (expires != DateTime.MinValue)
{
ticket.Properties.ExpiresUtc = expires.ToUniversalTime();
}
ticket.Properties.AllowRefresh = false;
}
var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
{
AuthenticationTicket = ticket,
ProtocolMessage = openIdConnectMessage,
};
await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
if (securityTokenValidatedNotification.HandledResponse)
{
return GetHandledResponseTicket();
}
if (securityTokenValidatedNotification.Skipped)
{
return null;
}
ticket = securityTokenValidatedNotification.AuthenticationTicket;
var protocolValidationContext = new OpenIdConnectProtocolValidationContext
{
AuthorizationCode = openIdConnectMessage.Code,
Nonce = nonce,
};
Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
if (openIdConnectMessage.Code != null)
{
var authorizationCodeReceivedNotification = new AuthorizationCodeReceivedNotification(Context, Options)
{
AuthenticationTicket = ticket,
Code = openIdConnectMessage.Code,
JwtSecurityToken = jwt,
ProtocolMessage = openIdConnectMessage,
RedirectUri = ticket.Properties.Dictionary.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey) ?
ticket.Properties.Dictionary[OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey] : string.Empty,
};
await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
if (authorizationCodeReceivedNotification.HandledResponse)
{
return GetHandledResponseTicket();
}
if (authorizationCodeReceivedNotification.Skipped)
{
return null;
}
ticket = authorizationCodeReceivedNotification.AuthenticationTicket;
}
return ticket;
}
catch (Exception exception)
{
authFailedEx = ExceptionDispatchInfo.Capture(exception);
}
if (authFailedEx != null)
{
_logger.WriteError("Exception occurred while processing message: '" + authFailedEx.ToString());
if (Options.RefreshOnIssuerKeyNotFound && authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
{
B2CConfigurationManager mgr = Options.ConfigurationManager as B2CConfigurationManager;
mgr.RequestRefresh(policy);
}
var authenticationFailedNotification = new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
{
ProtocolMessage = openIdConnectMessage,
Exception = authFailedEx.SourceException
};
await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
if (authenticationFailedNotification.HandledResponse)
{
return GetHandledResponseTicket();
}
if (authenticationFailedNotification.Skipped)
{
return null;
}
authFailedEx.Throw();
}
return null;
}
protected override async Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode == 401)
{
AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge == null)
{
return;
}
AuthenticationProperties properties = challenge.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = CurrentUri;
}
if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
{
properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri);
}
// Enable Per-Policy Metadata Retreival
string policy;
if (properties.Dictionary.TryGetValue(PolicyParameter, out policy))
{
B2CConfigurationManager mgr = Options.ConfigurationManager as B2CConfigurationManager;
_configuration = await mgr.GetConfigurationAsync(Context.Request.CallCancelled, policy);
}
else
{
throw new Exception("For B2C, you must pass a policy parameter in every challenge.");
return;
}
OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage
{
ClientId = Options.ClientId,
IssuerAddress = _configuration.AuthorizationEndpoint ?? string.Empty,
RedirectUri = Options.RedirectUri,
RequestType = OpenIdConnectRequestType.AuthenticationRequest,
Resource = Options.Resource,
ResponseMode = OpenIdConnectResponseModes.FormPost,
ResponseType = Options.ResponseType,
Scope = Options.Scope,
State = AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)),
};
if (Options.ProtocolValidator.RequireNonce)
{
AddNonceToMessage(openIdConnectMessage);
}
var notification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
{
ProtocolMessage = openIdConnectMessage
};
await Options.Notifications.RedirectToIdentityProvider(notification);
if (!notification.HandledResponse)
{
string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
{
_logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri);
}
Response.Redirect(redirectUri);
}
}
return;
}
public void OpenIdConnectConfiguration_GetSets()
{
OpenIdConnectConfiguration configuration = new OpenIdConnectConfiguration();
TestUtilities.CallAllPublicInstanceAndStaticPropertyGets(configuration, "OpenIdConnectMetadata_GetSets");
List<string> methods = new List<string> { "AuthorizationEndpoint", "EndSessionEndpoint", "Issuer", "JwksUri", "TokenEndpoint", "UserInfoEndpoint" };
foreach(string method in methods)
{
TestUtilities.GetSet(configuration, method, null, new object[] { Guid.NewGuid().ToString(), null, Guid.NewGuid().ToString() });
}
string authorization_Endpoint = Guid.NewGuid().ToString();
string end_Session_Endpoint = Guid.NewGuid().ToString();
string issuer = Guid.NewGuid().ToString();
string jwks_Uri = Guid.NewGuid().ToString();
string token_Endpoint = Guid.NewGuid().ToString();
configuration = new OpenIdConnectConfiguration()
{
AuthorizationEndpoint = authorization_Endpoint,
EndSessionEndpoint = end_Session_Endpoint,
Issuer = issuer,
JwksUri = jwks_Uri,
TokenEndpoint = token_Endpoint,
};
List<SecurityKey> securityKeys = new List<SecurityKey> { new X509SecurityKey(KeyingMaterial.Cert_1024), new X509SecurityKey(KeyingMaterial.DefaultCert_2048) };
configuration.SigningKeys.Add(new X509SecurityKey(KeyingMaterial.Cert_1024));
configuration.SigningKeys.Add(new X509SecurityKey(KeyingMaterial.DefaultCert_2048));
Assert.AreEqual(configuration.AuthorizationEndpoint, authorization_Endpoint);
Assert.AreEqual(configuration.EndSessionEndpoint, end_Session_Endpoint);
Assert.AreEqual(configuration.Issuer, issuer);
Assert.AreEqual(configuration.JwksUri, jwks_Uri);
Assert.AreEqual(configuration.TokenEndpoint, token_Endpoint);
Assert.IsTrue(IdentityComparer.AreEqual<IEnumerable<SecurityKey>>(configuration.SigningKeys, securityKeys));
}
public void OpenIdConnectConfiguration_Defaults()
{
OpenIdConnectConfiguration configuration = new OpenIdConnectConfiguration();
Assert.IsNull(configuration.AuthorizationEndpoint);
Assert.IsNull(configuration.EndSessionEndpoint);
Assert.IsNull(configuration.Issuer);
Assert.IsNull(configuration.JwksUri);
Assert.IsNull(configuration.TokenEndpoint);
Assert.IsNotNull(configuration.SigningKeys);
}
