public virtual void SetUp()
{
cert = new CertificateX509();
key = new PrivateKeyManager();
options = new JWTOptions();
claims = new PrivateClaims();
du = new DateUtil();
jwt = new JWTCreator();
cert.Load(BASE_PATH + "dummycerts\\RSA_sha256_1024\\sha256_cert.crt");
options.SetCertificate(cert);
key.Load(BASE_PATH + "dummycerts\\RSA_sha256_1024\\sha256d_key.pem");
options.SetPrivateKey(key);
//
// carga de privateClaim (es parte del Payload)
claims.setClaim("GeneXus", "Viglia");
// Carga de Registered Claims
options.AddRegisteredClaim("iss", "Martin");
options.AddRegisteredClaim("sub", "Martin1");
options.AddRegisteredClaim("aud", "martivigliadoocebbooyo.docebosaas.com");
options.AddCustomTimeValidationClaim("iat", du.GetCurrentDate(), "20");
options.AddCustomTimeValidationClaim("exp", du.CurrentPlusSeconds(3600), "20");
options.AddPublicClaim("client_id", "Martin");
token = jwt.DoCreate("RS256", claims, options);
expected = "{\"alg\":\"RS256\",\"typ\":\"JWT\"}";
}
private bool verifyPrivateClaims(JwtSecurityToken jwtToken, PrivateClaims privateClaims, JWTOptions options)
{
RegisteredClaims registeredClaims = options.getAllRegisteredClaims();
PublicClaims publicClaims = options.getAllPublicClaims();
if (privateClaims == null || privateClaims.isEmpty())
{
return(true);
}
string jsonPayload = jwtToken.Payload.SerializeToJson();
Dictionary <string, object> map = null;
try
{
map = JsonConvert.DeserializeObject <Dictionary <string, object> >(jsonPayload);
}
catch (Exception)
{
this.error.setError("JW009", "Cannot parse JWT payload");
return(false);
}
this.counter = 0;
bool validation = verifyNestedClaims(privateClaims.getNestedMap(), map, registeredClaims, publicClaims);
int pClaimsCount = countingPrivateClaims(privateClaims.getNestedMap(), 0);
if (validation && !(this.counter == pClaimsCount))
{
return(false);
}
return(validation);
}
public virtual void SetUp()
{
options1 = new JWTOptions();
options2 = new JWTOptions();
jwt = new JWTCreator();
claims = new PrivateClaims();
claims.setClaim("hola1", "hola1");
path_RSA_sha256_1024 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha256_1024");
String pathKey = Path.Combine(path_RSA_sha256_1024, "sha256d_key.pem");
String pathCert = Path.Combine(path_RSA_sha256_1024, "sha256_cert.crt");
PrivateKeyManager key = new PrivateKeyManager();
CertificateX509 cert = new CertificateX509();
key.Load(pathKey);
cert.Load(pathCert);
options1.SetCertificate(cert);
options1.SetPrivateKey(key);
options1.AddRegisteredClaim("iss", "GXSA");
options1.AddRegisteredClaim("sub", "subject1");
options1.AddRegisteredClaim("aud", "audience1");
options2.AddRegisteredClaim("iss", "GXSA");
options2.AddRegisteredClaim("sub", "subject1");
options2.AddRegisteredClaim("aud", "audience1");
options2.SetCertificate(cert);
token = jwt.DoCreate("RS256", claims, options1);
}
public virtual void SetUp()
{
jwt = new JWTCreator();
options = new JWTOptions();
keyGen = new SymmetricKeyGenerator();
claims = new PrivateClaims();
rList = new RevocationList();
options.AddRegisteredClaim("iss", "GXSA");
options.AddRegisteredClaim("sub", "subject1");
options.AddRegisteredClaim("aud", "audience1");
ID = "0696bb20-6223-4a1c-9ebf-e15c74387b9c, 0696bb20-6223-4a1c-9ebf-e15c74387b9c"; //&guid.Generate()
options.AddRegisteredClaim("jti", ID);
claims.setClaim("hola1", "hola1");
claims.setClaim("hola2", "hola2");
String hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
options.SetSecret(hexaKey);
options.AddRevocationList(rList);
token = jwt.DoCreate("HS256", claims, options);
}
public virtual void SetUp()
{
jwt = new JWTCreator();
options = new JWTOptions();
keyGen = new SymmetricKeyGenerator();
claimslevel1 = new PrivateClaims();
claimslevel2 = new PrivateClaims();
claimslevel3 = new PrivateClaims();
hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
options.AddRegisteredClaim("aud", "jitsi");
options.AddRegisteredClaim("iss", "my_client");
options.AddRegisteredClaim("sub", "meet.jit.si");
claimslevel1.setClaim("room", "*");
claimslevel1.setClaim("context", claimslevel2);
claimslevel2.setClaim("user", claimslevel3);
claimslevel3.setClaim("avatar", "https:/gravatar.com/avatar/abc123");
claimslevel3.setClaim("name", "John Doe");
claimslevel3.setClaim("email", "*****@*****.**");
claimslevel3.setClaim("id", "abcd:a1b2c3-d4e5f6-0abc1-23de-abcdef01fedcba");
claimslevel2.setClaim("group", "a123-123-456-789");
options.SetSecret(hexaKey);
token = jwt.DoCreate("HS256", claimslevel1, options);
}
public virtual void SetUp()
{
jwt = new JWTCreator();
options = new JWTOptions();
du = new DateUtil();
keyGen = new SymmetricKeyGenerator();
claims = new PrivateClaims();
currentDate = du.GetCurrentDate();
hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
options.AddRegisteredClaim("aud", "jitsi");
options.AddRegisteredClaim("iss", "my_client");
options.AddRegisteredClaim("sub", "meet.jit.si");
string expiration = du.CurrentPlusSeconds(200);
options.AddCustomTimeValidationClaim("exp", expiration, "20");
claims.setClaim("hola", "hola");
options.AddHeaderParameter("cty", "twilio-fpa;v=1");
options.SetSecret(hexaKey);
token = jwt.DoCreate("HS256", claims, options);
}
public virtual void SetUp()
{
du = new DateUtil();
guid = new GUID();
keyGenerator = new SymmetricKeyGenerator();
jwt = new JWTCreator();
options = new JWTOptions();
claims = new PrivateClaims();
options.AddRegisteredClaim("iss", "GXSA");
options.AddRegisteredClaim("sub", "subject1");
options.AddRegisteredClaim("aud", "audience1");
options.AddRegisteredClaim("jti", guid.Generate());
options.AddCustomTimeValidationClaim("exp", du.CurrentPlusSeconds(100), "20");
options.AddCustomTimeValidationClaim("iat", du.GetCurrentDate(), "20");
options.AddCustomTimeValidationClaim("nbf", du.GetCurrentDate(), "20");
claims.setClaim("hola1", "hola1");
claims.setClaim("hola2", "hola2");
path_RSA_sha256_1024 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha256_1024");
path_RSA_sha256_2048 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha256_2048");
path_RSA_sha512_2048 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha512_2048");
path_EC = Path.Combine(BASE_PATH, "dummycerts", "JWT_ECDSA", "prime_test");
alias = "1";
password = "******";
}
public virtual void SetUp()
{
keyGenerator = new SymmetricKeyGenerator();
jwt = new JWTCreator();
options = new JWTOptions();
claims = new PrivateClaims();
string hexaKey = keyGenerator.doGenerateKey("GENERICRANDOM", 256);
options.SetSecret(hexaKey);
claims.setClaim("hola1", "hola1");
}
public virtual void SetUp()
{
options = new JWTOptions();
jwt = new JWTCreator();
claims = new PrivateClaims();
keyGen = new SymmetricKeyGenerator();
options.AddRegisteredClaim("iss", "GXSA");
options.AddRegisteredClaim("sub", "subject1");
options.AddRegisteredClaim("aud", "audience1");
ID = "0696bb20-6223-4a1c-9ebf-e15c74387b9c, 0696bb20-6223-4a1c-9ebf-e15c74387b9c"; // &guid.Generate()
options.AddRegisteredClaim("jti", ID);
claims.setClaim("hola1", "hola1");
claims.setClaim("hola2", "hola2");
}
public virtual void SetUp()
{
keyGenerator = new SymmetricKeyGenerator();
jwt = new JWTCreator();
options = new JWTOptions();
claims = new PrivateClaims();
options.AddRegisteredClaim("iss", "GXSA");
options.AddRegisteredClaim("sub", "subject1");
options.AddRegisteredClaim("aud", "audience1");
claims.setClaim("hola1", "hola1");
claims.setClaim("hola2", "hola2");
path_RSA_sha256_1024 = Path.Combine(BASE_PATH, "dummycerts", "RSA_sha256_1024");
}
public virtual void SetUp()
{
guid = new GUID();
jwt = new JWTCreator();
options = new JWTOptions();
claims = new PrivateClaims();
options.AddRegisteredClaim("iss", "GXSA");
options.AddRegisteredClaim("sub", "subject1");
options.AddRegisteredClaim("aud", "audience1");
options.AddRegisteredClaim("jti", guid.Generate());
claims.setClaim("hola1", "hola1");
claims.setClaim("hola2", "hola2");
ECDSA_path = Path.Combine(BASE_PATH, "dummycerts", "JWT_ECDSA");
}
public virtual void SetUp()
{
jwt = new JWTCreator();
options = new JWTOptions();
keyGen = new SymmetricKeyGenerator();
claims = new PrivateClaims();
options.AddCustomTimeValidationClaim("exp", "2020/07/20 17:56:51", "20");
options.AddCustomTimeValidationClaim("iat", "2020/07/20 17:56:51", "20");
options.AddCustomTimeValidationClaim("nbf", "2020/07/20 17:56:51", "20");
claims.setClaim("hola1", "hola1");
string hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
options.SetSecret(hexaKey);
string token = jwt.DoCreate("HS256", claims, options);
payload = jwt.GetPayload(token);
expected = "{\"hola1\":\"hola1\",\"exp\":1595267811,\"iat\":1595267811,\"nbf\":1595267811}";
}
public void TestNegative2()
{
PrivateClaims claimslevel11 = new PrivateClaims();
PrivateClaims claimslevel21 = new PrivateClaims();
PrivateClaims claimslevel31 = new PrivateClaims();
claimslevel11.setClaim("room", "*");
claimslevel11.setClaim("context", claimslevel21);
claimslevel21.setClaim("user", claimslevel31);
claimslevel31.setClaim("avatar", "https:/gravatar.com/avatar/abc123");
claimslevel31.setClaim("name", "John Doe");
claimslevel31.setClaim("email", "*****@*****.**");
claimslevel31.setClaim("id", "abcd:a1b2c3-d4e5f6-0abc1-23de-abcdef01fedcba");
bool verification = jwt.DoVerify(token, "HS256", claimslevel11, options);
Assert.IsFalse(verification);
Assert.IsFalse(jwt.HasError());
}
public virtual void SetUp()
{
du = new DateUtil();
guid = new GUID();
keyGenerator = new SymmetricKeyGenerator();
jwt = new JWTCreator();
options = new JWTOptions();
claims = new PrivateClaims();
options.AddRegisteredClaim("iss", "GXSA");
options.AddRegisteredClaim("sub", "subject1");
options.AddRegisteredClaim("aud", "audience1");
options.AddRegisteredClaim("jti", guid.Generate());
options.AddCustomTimeValidationClaim("iat", du.GetCurrentDate(), "20");
options.AddCustomTimeValidationClaim("nbf", du.GetCurrentDate(), "20");
claims.setClaim("hola1", "hola1");
claims.setClaim("hola2", "hola2");
}
public virtual void SetUp()
{
jwt = new JWTCreator();
options = new JWTOptions();
du = new DateUtil();
keyGen = new SymmetricKeyGenerator();
claims = new PrivateClaims();
hexaKey = keyGen.doGenerateKey("GENERICRANDOM", 256);
options.AddRegisteredClaim("aud", "jitsi");
options.AddRegisteredClaim("iss", "my_client");
options.AddRegisteredClaim("sub", "meet.jit.si");
claims.setClaim("hola", "hola");
options.AddHeaderParameter("cty", "twilio-fpa;v=1");
options.SetSecret(hexaKey);
token = jwt.DoCreate("HS256", claims, options);
}
private bool DoVerify(string token, string expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options, bool verifyClaims, bool verifyRegClaims)
{
this.error.cleanError();
if (options.HasError())
{
this.error = options.GetError();
return(false);
}
JWTAlgorithm expectedJWTAlgorithm = JWTAlgorithmUtils.getJWTAlgorithm(expectedAlgorithm, this.error);
if (this.HasError())
{
return(false);
}
/***Hack to support 1024 RSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS256"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS512"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS384"] = 1024;
/***Hack to support 1024 RSA key lengths - END***/
/***Hack to support 192 ECDSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha256"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha512"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha384"] = 112;
/***Hack to support 192 ECDSA key lengths - END***/
/***Hack to support 192 ECDSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES256"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES512"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES384"] = 112;
/***Hack to support 192 ECDSA key lengths - END***/
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken jwtToken = new JwtSecurityToken(token);
if (isRevoqued(jwtToken, options))
{
return(false);
}
if (verifyRegClaims)
{
if (!validateRegisteredClaims(jwtToken, options))
{
return(false);
}
}
if (verifyClaims)
{
if (!verifyPrivateClaims(jwtToken, privateClaims, options) || !VerifyHeader(jwtToken, options))
{
return(false);
}
}
//if validates all registered claims and it is not on revocation list
TokenValidationParameters parms = new TokenValidationParameters();
parms.ValidateLifetime = false;
parms.ValidateAudience = false;
parms.ValidateIssuer = false;
parms.ValidateActor = false;
JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm_forVerification(jwtToken.Header.Alg, this.error);
if (this.HasError())
{
return(false);
}
if (JWTAlgorithmUtils.getJWTAlgorithm(jwtToken.Header.Alg, this.error) != expectedJWTAlgorithm || this.HasError())
{
this.error.setError("JW008", "Expected algorithm does not match token algorithm");
return(false);
}
SecurityKey genericKey = null;
if (JWTAlgorithmUtils.isPrivate(alg))
{
CertificateX509 cert = options.GetCertificate();
if (cert.HasError())
{
this.error = cert.GetError();
return(false);
}
if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "RSA"))
{
try {
genericKey = new RsaSecurityKey((RSA)cert.getPublicKeyJWT());
}
catch (Exception)
{
this.error = cert.GetError();
return(false);
}
}
else if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "ECDSA"))
{
try
{
genericKey = new ECDsaSecurityKey((ECDsa)cert.getPublicKeyJWT());
}
catch (Exception)
{
this.error = cert.GetError();
return(false);
}
}
else
{
this.error.setError("JW013", "Not recognized key algorithm");
return(false);
}
}
else
{
SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret());
genericKey = symKey;
}
genericKey.KeyId = "256";
SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error);
parms.IssuerSigningKey = genericKey;
SecurityToken validatedToken;
try
{
handler.ValidateToken(token, parms, out validatedToken);
}
catch (Exception e)
{
this.error.setError("JW004", e.Message);
return(false);
}
return(true);
}
private JwtPayload doBuildPayload(PrivateClaims privateClaims, JWTOptions options)
{
JwtPayload payload = new JwtPayload();
// ****START BUILD PAYLOAD****//
// Adding private claims
List <Claim> privateC = privateClaims.getAllClaims();
foreach (Claim privateClaim in privateC)
{
if (privateClaim.getNestedClaims() != null)
{
payload.Add(privateClaim.getKey(), privateClaim.getNestedClaims().getNestedMap());
}
else
{
System.Security.Claims.Claim netPrivateClaim = null;
object obj = privateClaim.getValue();
if (obj.GetType() == typeof(string))
{
netPrivateClaim = new System.Security.Claims.Claim(privateClaim.getKey(), (string)privateClaim.getValue());
}
else if (obj.GetType() == typeof(int))
{
int value = (int)obj;
netPrivateClaim = new System.Security.Claims.Claim(privateClaim.getKey(), value.ToString(), System.Security.Claims.ClaimValueTypes.Integer32);
}
else if (obj.GetType() == typeof(long))
{
long value = (long)obj;
netPrivateClaim = new System.Security.Claims.Claim(privateClaim.getKey(), value.ToString(), System.Security.Claims.ClaimValueTypes.Integer64);
}
else if (obj.GetType() == typeof(double))
{
double value = (double)obj;
netPrivateClaim = new System.Security.Claims.Claim(privateClaim.getKey(), value.ToString(), System.Security.Claims.ClaimValueTypes.Double);
}
else if (obj.GetType() == typeof(bool))
{
bool value = (bool)obj;
netPrivateClaim = new System.Security.Claims.Claim(privateClaim.getKey(), value.ToString(), System.Security.Claims.ClaimValueTypes.Boolean);
}
else
{
this.error.setError("JW012", "Unrecognized data type");
}
//System.Security.Claims.Claim netPrivateClaim = new System.Security.Claims.Claim(privateClaim.getKey(), privateClaim.getValue());
payload.AddClaim(netPrivateClaim);
}
}
// Adding public claims
if (options.hasPublicClaims())
{
PublicClaims publicClaims = options.getAllPublicClaims();
List <Claim> publicC = publicClaims.getAllClaims();
foreach (Claim publicClaim in publicC)
{
System.Security.Claims.Claim netPublicClaim = new System.Security.Claims.Claim(publicClaim.getKey(), (string)publicClaim.getValue());
payload.AddClaim(netPublicClaim);
}
}
// Adding registered claims
if (options.hasRegisteredClaims())
{
RegisteredClaims registeredClaims = options.getAllRegisteredClaims();
List <Claim> registeredC = registeredClaims.getAllClaims();
foreach (Claim registeredClaim in registeredC)
{
System.Security.Claims.Claim netRegisteredClaim;
if (RegisteredClaimUtils.isTimeValidatingClaim(registeredClaim.getKey()))
{
netRegisteredClaim = new System.Security.Claims.Claim(registeredClaim.getKey(), (string)registeredClaim.getValue(), System.Security.Claims.ClaimValueTypes.Integer32);
}
else
{
netRegisteredClaim = new System.Security.Claims.Claim(registeredClaim.getKey(), (string)registeredClaim.getValue());
}
payload.AddClaim(netRegisteredClaim);
}
}
// ****END BUILD PAYLOAD****//
return(payload);
}
public string DoCreate(string algorithm, PrivateClaims privateClaims, JWTOptions options)
{
this.error.cleanError();
if (options.HasError())
{
this.error = options.GetError();
return("");
}
JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm(algorithm, this.error);
if (this.HasError())
{
return("");
}
if (this.HasError())
{
return("");
}
/***Hack to support 1024 RSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS256"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS512"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS384"] = 1024;
/***Hack to support 1024 RSA key lengths - END***/
/***Hack to support 192 ECDSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES256"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES512"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES384"] = 112;
/***Hack to support 192 ECDSA key lengths - END***/
JwtPayload payload = doBuildPayload(privateClaims, options);
SecurityKey genericKey = null;
if (JWTAlgorithmUtils.isPrivate(alg))
{
PrivateKeyManager key = options.GetPrivateKey();
if (key.HasError())
{
this.error = key.GetError();
return("");
}
if (SecurityUtils.compareStrings(key.getPrivateKeyAlgorithm(), "RSA"))
{
try
{
genericKey = new RsaSecurityKey((RSA)key.getPrivateKeyForJWT());
}catch (Exception)
{
this.error = key.GetError();
return("");
}
}
else if (SecurityUtils.compareStrings(key.getPrivateKeyAlgorithm(), "ECDSA"))
{
try {
genericKey = new ECDsaSecurityKey((ECDsa)key.getPrivateKeyForJWT());
}
catch (Exception)
{
this.error = key.GetError();
return("");
}
}
else
{
this.error.setError("JW012", "Not recognized key algorithm");
return("");
}
if (genericKey == null)
{
this.error = key.GetError();
return("");
}
}
else
{
SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret());
genericKey = symKey;
}
SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error);
if (this.HasError())
{
return("");
}
string signedJwt = "";
try
{
JwtHeader header = new JwtHeader(signingCredentials);
if (!options.GetHeaderParameters().IsEmpty())
{
AddHeaderParameters(header, options);
}
JwtSecurityToken secToken = new JwtSecurityToken(header, payload);
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
signedJwt = handler.WriteToken(secToken);
}
catch (Exception e)
{
this.error.setError("JW003", "key size: " + /*genericKey.KeySize.ToString()*/ e.Message + e.StackTrace);
return("");
}
return(signedJwt);
}
public bool DoVerify(String token, String expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options)
{
return(DoVerify(token, expectedAlgorithm, privateClaims, options, true, true));
}
