// Permanently set all occurrences of x to true. Assumes positive // polarity at all occurrences. static void setTrue(Cnf f, string x) { f.vars.Remove(x); // Eliminate clauses containing x. for (var i = 0; i < f.clauses.Count;) { if (f.clauses[i].lits.Exists(lit => lit.ident == x)) { f.clauses.RemoveAt(i); } else { ++i; } } }
public void parser_should_read_proper_cnf_structure() { var jwk = new JsonWebKey { Kty = "oct", Alg = "HS256", K = "123" }; var json = new Cnf(jwk).ToJson(); jwk = CnfParser.Parse(json); jwk.Should().NotBeNull(); jwk.Kty.Should().Be("oct"); jwk.Alg.Should().Be("HS256"); jwk.K.Should().Be("123"); }
static HttpSignatureValidationMiddlewareTests() { var jwk = new JsonWebKey { Kty = "oct", Alg = "HS256", K = Base64Url.Encode(_symmetricKey) }; var cnf = new Cnf(jwk); var cnfJson = cnf.ToJson(); var claims = new Claim[] { new Claim("cnf", cnfJson) }; _cnfIdentity = new ClaimsIdentity(claims, "PoP"); }
// Set all occurrences of x to false. Assumes negative polarity at // all occurrences. Returns true if the formula becomes // unsatisfiable. static bool setFalse(Cnf f, string x) { f.vars.Remove(x); // Eliminate x from clauses. for (var i = 0; i < f.clauses.Count;) { f.clauses[i].lits.RemoveAll(lit => lit.ident == x); // If a clause becomes empty then the formula is unsatisfiable. if (f.clauses.Count == 0) { return(true); } else { ++i; } } return(false); }
// Determine the polarity of a variable in a CNF formula. static Polarity polarity(string x, Cnf f) { var pol = Polarity.Unknown; for (var i = 0; i < f.clauses.Count;) { var c_pol = clausePolarity(x, f.clauses[i]); if (c_pol == Polarity.Mixed) { f.clauses.RemoveAt(i); } else { pol |= c_pol; // combine polarities with bitwise OR ++i; } } return(pol); }
pure_literal_assign(Cnf f, Dictionary <string, Polarity> pols) { var assigns = new List <Tuple <string, bool> >(); foreach (var kv in pols) { switch (kv.Value) { case Polarity.Negative: assigns.Add(Tuple.Create(kv.Key, false)); if (setFalse(f, kv.Key)) { return(null); // unsat } break; case Polarity.Positive: assigns.Add(Tuple.Create(kv.Key, true)); setTrue(f, kv.Key); break; } } return(null); }
public static Formula ChooseLiteral(Cnf cnf) { return(cnf.Clauses.First().Literals.First()); }
// Check for an empty clause. static bool is_there_empty_clause(Cnf f) { return(f.clauses.Any(c => c.lits.Count == 0)); }
// Find all variables that occur in a CNF formula. static List <string> fvs(Cnf f) { return(f.clauses.Select(x => x.lits.Select(y => y.ident)) .SelectMany(x => x).Distinct().ToList()); }
// Evaluate a CNF formula under a given environment. static bool eval(Cnf f, Dictionary <string, bool> env) { return(f.clauses.Aggregate(true, (x, y) => x & eval_clause(y, env))); }
/// <summary> /// Validates the specified identity token. /// </summary> /// <param name="identityToken">The identity token.</param> /// <returns>The validation result</returns> public async Task <AccessTokenValidationResult> ValidateAsync(string popToken, bool forceIntrospection = false, string introspectionScope = null, string introspectionSecret = null) { _logger.LogTrace("Validate PoP Token"); var handler = new JwtSecurityTokenHandler(); handler.InboundClaimTypeMap.Clear(); // setup general validation parameters var parameters = new TokenValidationParameters { ValidIssuer = _options.ProviderInformation.IssuerName, ValidateAudience = false, //Pop tokens don't have this - they use the body data. RequireExpirationTime = false, ValidateIssuer = false }; // read the token signing algorithm JwtSecurityToken jwt; try { jwt = handler.ReadJwtToken(popToken); } catch (Exception ex) { return(new AccessTokenValidationResult { Error = $"Error validating access token: {ex.ToString()}" }); } var algorithm = jwt.Header.Alg; // if token is unsigned, and this is allowed, skip signature validation if (string.Equals(algorithm, "none")) { if (_options.Policy.RequireAccessTokenSignature) { return(new AccessTokenValidationResult { Error = $"Pop access token is not singed. Signatures are required by policy" }); } else { _logger.LogInformation("Pop token is not signed. This is allowed by configuration."); parameters.RequireSignedTokens = false; } } else { // check if signature algorithm is allowed by policy if (!_options.Policy.ValidSignatureAlgorithms.Contains(algorithm)) { return(new AccessTokenValidationResult { Error = $"Pop token uses invalid algorithm: {algorithm}" }); } ; } var extractedAccessToken = jwt.Payload.ContainsKey("at") ? jwt.Payload["at"] as string : null; if (string.IsNullOrEmpty(extractedAccessToken)) { _logger.LogInformation("Pop token was recieved without 'at'"); return(new AccessTokenValidationResult { Error = "Token is invalid." }); } //Attempt to validate the JWT, if possible. AccessTokenValidationResult tokenValidation = null; try { tokenValidation = await new AccessTokenValidator(_options, _refreshKeysAsync).ValidateAsync(extractedAccessToken, forceIntrospection, introspectionScope, introspectionSecret).ConfigureAwait(false); } catch (Exception ex) { return(new AccessTokenValidationResult { Error = $"Error validating pop access token: {ex.ToString()}" }); } if (tokenValidation.IsError) //If we failed - pass it through. { return(tokenValidation); } //Get the signature keys and preform online validation. var cnfJson = tokenValidation.AccessTokenPrincipal.Claims.FirstOrDefault(x => x.Type == "cnf")?.Value; if (cnfJson == null) { _logger.LogError("CNF is not present on the AccessTokenPrincipal"); return(new AccessTokenValidationResult() { Error = "Token validation failed." }); } Cnf cnf = Newtonsoft.Json.JsonConvert.DeserializeObject <Cnf>(cnfJson); ClaimsPrincipal claims; try { claims = ValidateSignature(popToken, cnf.jwk, handler, parameters); } catch (SecurityTokenSignatureKeyNotFoundException sigEx) { return(new AccessTokenValidationResult { Error = $"Error validating pop access token: {sigEx.ToString()}" }); } catch (Exception ex) { return(new AccessTokenValidationResult { Error = $"Error validating pop access token: {ex.ToString()}" }); } tokenValidation.PopTokenPrincipal = claims; tokenValidation.PopTokenSignatureAlgorithm = algorithm; tokenValidation.PreformedPopTokenValidation = true; return(tokenValidation); }
/// <summary> /// Gets the hash code /// </summary> /// <returns>Hash code</returns> public override int GetHashCode() { unchecked // Overflow is fine, just wrap { var hashCode = 41; // Suitable nullity checks etc, of course :) if (Iss != null) { hashCode = hashCode * 59 + Iss.GetHashCode(); } if (Sub != null) { hashCode = hashCode * 59 + Sub.GetHashCode(); } if (Aud != null) { hashCode = hashCode * 59 + Aud.GetHashCode(); } if (Exp != null) { hashCode = hashCode * 59 + Exp.GetHashCode(); } if (Nbf != null) { hashCode = hashCode * 59 + Nbf.GetHashCode(); } if (Iat != null) { hashCode = hashCode * 59 + Iat.GetHashCode(); } if (Jti != null) { hashCode = hashCode * 59 + Jti.GetHashCode(); } if (Uuid != null) { hashCode = hashCode * 59 + Uuid.GetHashCode(); } if (Name != null) { hashCode = hashCode * 59 + Name.GetHashCode(); } if (GivenName != null) { hashCode = hashCode * 59 + GivenName.GetHashCode(); } if (Nickname != null) { hashCode = hashCode * 59 + Nickname.GetHashCode(); } if (Email != null) { hashCode = hashCode * 59 + Email.GetHashCode(); } if (EmailVerified != null) { hashCode = hashCode * 59 + EmailVerified.GetHashCode(); } if (Zoneinfo != null) { hashCode = hashCode * 59 + Zoneinfo.GetHashCode(); } if (Locale != null) { hashCode = hashCode * 59 + Locale.GetHashCode(); } if (Cnf != null) { hashCode = hashCode * 59 + Cnf.GetHashCode(); } if (Orig != null) { hashCode = hashCode * 59 + Orig.GetHashCode(); } if (Dest != null) { hashCode = hashCode * 59 + Dest.GetHashCode(); } if (Mky != null) { hashCode = hashCode * 59 + Mky.GetHashCode(); } return(hashCode); } }
/// <summary> /// Returns true if JWToken instances are equal /// </summary> /// <param name="other">Instance of JWToken to be compared</param> /// <returns>Boolean</returns> public bool Equals(JWToken other) { if (ReferenceEquals(null, other)) { return(false); } if (ReferenceEquals(this, other)) { return(true); } return (( Iss == other.Iss || Iss != null && Iss.Equals(other.Iss) ) && ( Sub == other.Sub || Sub != null && Sub.Equals(other.Sub) ) && ( Aud == other.Aud || Aud != null && Aud.Equals(other.Aud) ) && ( Exp == other.Exp || Exp != null && Exp.Equals(other.Exp) ) && ( Nbf == other.Nbf || Nbf != null && Nbf.Equals(other.Nbf) ) && ( Iat == other.Iat || Iat != null && Iat.Equals(other.Iat) ) && ( Jti == other.Jti || Jti != null && Jti.Equals(other.Jti) ) && ( Uuid == other.Uuid || Uuid != null && Uuid.Equals(other.Uuid) ) && ( Name == other.Name || Name != null && Name.Equals(other.Name) ) && ( GivenName == other.GivenName || GivenName != null && GivenName.Equals(other.GivenName) ) && ( Nickname == other.Nickname || Nickname != null && Nickname.Equals(other.Nickname) ) && ( Email == other.Email || Email != null && Email.Equals(other.Email) ) && ( EmailVerified == other.EmailVerified || EmailVerified != null && EmailVerified.Equals(other.EmailVerified) ) && ( Zoneinfo == other.Zoneinfo || Zoneinfo != null && Zoneinfo.Equals(other.Zoneinfo) ) && ( Locale == other.Locale || Locale != null && Locale.Equals(other.Locale) ) && ( Cnf == other.Cnf || Cnf != null && Cnf.Equals(other.Cnf) ) && ( Orig == other.Orig || Orig != null && Orig.Equals(other.Orig) ) && ( Dest == other.Dest || Dest != null && Dest.Equals(other.Dest) ) && ( Mky == other.Mky || Mky != null && Mky.Equals(other.Mky) )); }