public bool IsValid(AssertionModel assertionModel) { try { if (!_decodedJwtValidator.IsIShareCompliant(CreateTokenValidationArgs(assertionModel))) { return(false); } if (!IsRootCertificateTrusted(CertificateUtilities.FromBase64Der(assertionModel.Certificates.Last()))) { _logger.LogWarning("SO root certificate is untrusted."); return(false); } var x509Certificate = CertificateUtilities.FromBase64Der(assertionModel.Certificates.First()); var additionalCertificates = assertionModel.Certificates.Skip(1) .Select(CertificateUtilities.FromBase64Der) .ToArray(); return(IsChainValid(x509Certificate, additionalCertificates) && DoesBelongToSchemeOwner(x509Certificate)); } catch (Exception e) { _logger.LogError(e, "Error occurred while validating token response retrieved from Scheme Owner."); return(false); } }
public void FromPemFormat_FromBase64Der_BothCertsConvertedCorrectly() { var cert1 = CertificateUtilities.FromPemFormat(Constants.SchemeOwner.PublicKey); var cert2 = CertificateUtilities.FromBase64Der(Constants.SchemeOwner.PublicKeyBase64Der); var sha1 = cert1.GetSha256(); var sha2 = cert2.GetSha256(); sha1.Should().Be(sha2); }
public async Task IsValidAsync_ValidAndTrusted_ReturnsTrue() { var sut = new JwtCertificateValidator( _partiesQueryServiceMock.Object, _trustedListQueryServiceMock.Object, new ProductionCaStrategy(), _loggerMock.Object); var args = new CertificateValidationArgs( CertificateUtilities.FromBase64Der(Constants.TrustedCertificates.PublicKeyBase64Der), Constants.SchemeOwner.ClientId, new[] { CertificateUtilities.FromBase64Der(Constants.TrustedCertificates.RootCaPublicKeyBase64Der) }); var result = await sut.IsValidAsync(args, "access_token", CancellationToken.None); result.Should().BeTrue(); }