public static string CreateJsonWebToken(string jsonPayload, ISigningAlgorithm sign) { string jsonHeader = string.Format(@"{{""alg"":""{0}"",""typ"":""JWT""}}", sign.AlgorithmName); string claim = Base64Utility.UTF8UrlEncode(jsonHeader) + "." + Base64Utility.UTF8UrlEncode(jsonPayload); string signature = sign.Sign(claim); return claim + "." + signature; }
/// <summary> /// Initializes a new instance of the <see cref="GatewayController"/> /// class. /// </summary> /// <param name="indexerDatabaseContext"> /// An injected instance of the database. /// </param> /// <param name="signingAlgorithm"> /// An injected instance of the signing algorithm. /// </param> /// <remarks> /// Refactor friendly - needs support for additional signing /// algorithms. /// </remarks> public GatewayController( IIndexerDatabaseContext indexerDatabaseContext, ISigningAlgorithm signingAlgorithm) { this._indexerDatabaseContext = indexerDatabaseContext; this._signingAlgorithm = signingAlgorithm; }
public HmacAuthenticationOptions(ISigningAlgorithm algorithm, ISecretRepository secretRepository, string signInAsAuthenticationType = Schemas.HMAC) : base(Schemas.HMAC) { Algorithm = algorithm; SecretRepository = secretRepository; SignInAsAuthenticationType = signInAsAuthenticationType; }
/// <summary> /// Initializes a new instance of the <see cref="GatewayJWT"/> /// class. /// </summary> /// <param name="header">The header of the JWT.</param> /// <param name="body">The body of the JWT.</param> /// <param name="algorithm">The signing algorithm.</param> /// <remarks> /// Refactor friendly: move signing algorithm out, turn into /// JsonConverter. /// </remarks> public GatewayJWT( GatewayJWTHeader header, GatewayJWTBody body, ISigningAlgorithm algorithm) { this.Header = header; this.Body = body; this._algorithm = algorithm; }
public HmacAuthenticationService( IAppSecretRepository appSecretProvider, ISigningAlgorithm algorithm, IHmacRequestDateValidator dateValidator, IHmacSignatureContentResolver signatureContentResolver) { this.appSecretProvider = appSecretProvider; this.algorithm = algorithm; this.dateValidator = dateValidator; this.signatureContentResolver = signatureContentResolver; }
public HmacServerHandler( ISecretRepository secretRepository, ISigningAlgorithm signingAlgorithm, TimeSpan?clockSkew = null, ITime time = null) { this.secretRepository = secretRepository; this.signingAlgorithm = signingAlgorithm; this.clockSkew = clockSkew ?? Constants.DefaultClockSkew; this.time = time ?? SystemTime.Instance; }
public HMACServerHandler( HttpMessageHandler innerHandler, IAppSecretRepository appSecretRepository, ISigningAlgorithm signingAlgorithm, TimeSpan?tolerance = null, ITime time = null) : base(innerHandler) { this.appSecretRepository = appSecretRepository; this.signingAlgorithm = signingAlgorithm; this.tolerance = tolerance ?? Constants.DefaultTolerance; this.time = time ?? SystemTime.Instance; }
public HmacServerHandler( IAppSecretRepository appSecretRepository, ISigningAlgorithm signingAlgorithm, bool mixedAuthMode = false, TimeSpan?tolerance = null, ITime time = null) { this.appSecretRepository = appSecretRepository; this.signingAlgorithm = signingAlgorithm; this.mixedAuthMode = mixedAuthMode; this.tolerance = tolerance ?? Constants.DefaultTolerance; this.time = time ?? SystemTime.Instance; }
// for service collection public HmacClientHandler( string appId, SecureString secret, ISigningAlgorithm signingAlgorithm = null, INonceGenerator nonceGenerator = null, ITime time = null) { this.appId = appId; this.secret = secret; this.signingAlgorithm = signingAlgorithm ?? HmacSigningAlgorithm.Default; this.nonceGenerator = nonceGenerator ?? GuidNonceGenerator.Instance; this.time = time ?? SystemTime.Instance; }
public HmacClientHandler( string client, SecureString secret, ISigningAlgorithm signingAlgorithm, INonceGenerator nonceGenerator = null, ITime time = null) { this.client = client; this.secret = secret; this.signingAlgorithm = signingAlgorithm; this.nonceGenerator = nonceGenerator ?? GuidNonceGenerator.Instance; this.time = time ?? SystemTime.Instance; }
public HMACMiddleware( OwinMiddleware next, IAppSecretRepository appSecretRepository, ISigningAlgorithm signingAlgorithm, TimeSpan?tolerance = null, ITime time = null) : base(next) { this.appSecretRepository = appSecretRepository; this.signingAlgorithm = signingAlgorithm; this.tolerance = tolerance ?? Constants.DefaultTolerance; this.time = time ?? SystemTime.Instance; }
internal static bool Validate(IOwinRequest req, ISigningAlgorithm algorithm, ISecretRepository secretRepository, ITime time, TimeSpan clockSkew) { var h = req.Headers; var client = GetClient(req); var nonce = GetNonce(req); var auth = h.Get(Headers.Authorization)?.Split(' '); var scheme = auth?.Length == 2 ? auth[0] : null; var token = auth?.Length == 2 ? auth[1] : null; DateTimeOffset date = DateTimeOffset.TryParse(h.Get(Headers.Date), out date) ? date : DateTimeOffset.MinValue; if (client != null && nonce != null && scheme == Schemas.Bearer && token != null && time.UtcNow - date <= clockSkew) { var contentMd5 = h.Get(Headers.ContentMD5); var builder = new CannonicalRepresentationBuilder(); var content = builder.BuildRepresentation( nonce, client, req.Method, req.ContentType, req.Accept.Split(','), contentMd5 == null ? null : Convert.FromBase64String(contentMd5), date, req.Uri); SecureString secret = secretRepository.GetSecret(client); if (secret != null) { var isTokenValid = algorithm.Verify( secret, Encoding.UTF8.GetBytes(content), Convert.FromBase64String(token)); if (isTokenValid) { return(true); } } } return(false); }
public HmacClientHandler( HttpMessageHandler innerHandler, string appId, SecureString secret, ISigningAlgorithm signingAlgorithm, INonceGenerator nonceGenerator = null, ITime time = null) : base(innerHandler) { this.appId = appId; this.secret = secret; this.signingAlgorithm = signingAlgorithm; this.nonceGenerator = nonceGenerator ?? GuidNonceGenerator.Instance; this.time = time ?? SystemTime.Instance; }
internal static bool Validate(IOwinRequest req, ISigningAlgorithm algorithm, IAppSecretRepository appSecretRepository, ITime time, TimeSpan tolerance) { var h = req.Headers; var appId = GetAppId(req); var nonce = GetNonce(req); var auth = h.Get(Headers.Authorization)?.Split(' '); var authSchema = auth?.Length == 2 ? auth[0] : null; var authValue = auth?.Length == 2 ? auth[1] : null; DateTimeOffset date = DateTimeOffset.TryParse(h.Get(Headers.Date), out date) ? date : DateTimeOffset.MinValue; if (appId != null && authSchema == Schemas.HMAC && authValue != null && time.UtcNow - date <= tolerance) { var contentMd5 = h.Get(Headers.ContentMD5); var builder = new CannonicalRepresentationBuilder(); var content = builder.BuildRepresentation( nonce, appId, req.Method, req.ContentType, req.Accept, contentMd5 == null ? null : Convert.FromBase64String(contentMd5), date, req.Uri); SecureString secret; if (content != null && (secret = appSecretRepository.GetSecret(appId)) != null) { var signature = algorithm.Sign(secret, content); if (authValue == signature) { return(true); } } } return(false); }
public HmacMiddlewareOptions(IAppSecretRepository appSecretRepository, ISigningAlgorithm algorithm) { AppSecretRepository = appSecretRepository; Algorithm = algorithm; }
public HmacMiddlewareOptions(ISecretRepository secretRepository, ISigningAlgorithm algorithm) { SecretRepository = secretRepository; Algorithm = algorithm; }
public HMACMiddlewareSettings(IAppSecretRepository appSecretRepository, ISigningAlgorithm signingAlgorithm) { AppSecretRepository = appSecretRepository; SigningAlgorithm = signingAlgorithm; }