public static bool ValidateMaaJwt(string attestDnsName, AttestationToken token, AttestationSigner signer, bool includeDetails)
{
var tenantName = attestDnsName.Split('.')[0];
var attestUri = new Uri($"https://{attestDnsName}");
AttestationResult result = token.GetBody <AttestationResult>();
ValidateJwtIssuerIsTenant(result, attestUri, includeDetails);
ValidateSigningCertIssuerMatchesJwtIssuer(result, signer, includeDetails);
X509Certificate2 signingCertificate = signer.SigningCertificates[0];
byte[] certificateBytes = signingCertificate.RawData;
string x5c = Convert.ToBase64String(certificateBytes);
#if LOG_BOUNCY_CASTLE
if (includeDetails)
{
var bouncyCertParser = new X509CertificateParser();
var bouncyCert = bouncyCertParser.ReadCertificate(certificateBytes);
var bouncyAsn1Sequence = (DerSequence)bouncyCert.CertificateStructure.ToAsn1Object();
for (int i = 0; i < bouncyAsn1Sequence.Count; i++)
{
var asn1 = bouncyAsn1Sequence[i];
Logger.WriteLine(53, 128, $"{asn1.GetType().ToString(),50} : ", BitConverter.ToString(asn1.GetEncoded()).Replace("-", ""));
}
}
#endif
Logger.WriteBanner("VALIDATING MAA JWT TOKEN - MAA EMBEDDED QUOTE IN SIGNING CERTIFICATE FOR JWT");
MaaQuoteValidator.ValidateMaaQuote(x5c, includeDetails);
return(true);
}
public static TokenValidationResult ValidateMaaJwt(string attestDnsName, string serviceJwt, bool includeDetails)
{
var tenantName = attestDnsName.Split('.')[0];
var attestUri = $"https://{attestDnsName}";
var jwksTrustedSigningKeys = RetrieveTrustedSigningKeys(serviceJwt, attestDnsName, tenantName, includeDetails);
var jwksTrustedSigningKeysJWKS = new JsonWebKeySet(jwksTrustedSigningKeys);
var validatedToken = ValidateSignedToken(serviceJwt, jwksTrustedSigningKeysJWKS, includeDetails);
ValidateJwtIssuerIsTenant(validatedToken, attestUri, includeDetails);
ValidateSigningCertIssuerMatchesJwtIssuer(validatedToken, includeDetails);
X509SecurityKey signingKey = (X509SecurityKey)validatedToken.SecurityToken.SigningKey;
X509Certificate2 signingCertificate = signingKey.Certificate;
byte[] certificateBytes = signingCertificate.RawData;
string x5c = Convert.ToBase64String(certificateBytes);
#if LOG_BOUNCY_CASTLE
if (includeDetails)
{
var bouncyCertParser = new X509CertificateParser();
var bouncyCert = bouncyCertParser.ReadCertificate(certificateBytes);
var bouncyAsn1Sequence = (DerSequence)bouncyCert.CertificateStructure.ToAsn1Object();
for (int i = 0; i < bouncyAsn1Sequence.Count; i++)
{
var asn1 = bouncyAsn1Sequence[i];
Logger.WriteLine(53, 128, $"{asn1.GetType().ToString(),50} : ", BitConverter.ToString(asn1.GetEncoded()).Replace("-", ""));
}
}
#endif
Logger.WriteBanner("VALIDATING MAA JWT TOKEN - MAA EMBEDDED QUOTE IN SIGNING CERTIFICATE FOR JWT");
MaaQuoteValidator.ValidateMaaQuote(x5c, includeDetails);
return(validatedToken);
}
