public static IServiceCollection AddRSAHttpMessageSigning(this IServiceCollection services, Func <IServiceProvider, KeyId> keyIdFactory, Func <IServiceProvider, RSA> rsaFactory, Action <IServiceProvider, SigningSettings> signingSettingsConfig) { if (services == null) { throw new ArgumentNullException(nameof(services)); } if (keyIdFactory == null) { throw new ArgumentNullException(nameof(keyIdFactory)); } if (rsaFactory == null) { throw new ArgumentNullException(nameof(rsaFactory)); } return(services.AddHttpMessageSigning( keyIdFactory, prov => { var signingSettings = new SigningSettings { SignatureAlgorithm = new RSASignatureAlgorithm(HashAlgorithmName.SHA512, rsaFactory(prov)) }; signingSettingsConfig?.Invoke(prov, signingSettings); return signingSettings; })); }
public SigningStringCompositionRequest CreateForSigning( HttpRequestForSigning request, SigningSettings signingSettings, DateTimeOffset?timeOfComposing, TimeSpan?expires) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (signingSettings == null) { throw new ArgumentNullException(nameof(signingSettings)); } return(new SigningStringCompositionRequest { Request = request.ToHttpRequestForSignatureString(), RequestTargetEscaping = signingSettings.RequestTargetEscaping, HeadersToInclude = signingSettings.Headers, TimeOfComposing = timeOfComposing, Expires = expires, Nonce = signingSettings.EnableNonce ? _nonceGenerator.GenerateNonce() : null }); }
public void GivenInvalidSettings_ThrowsValidationException() { var invalidSettings = new SigningSettings(); Action act = () => _sut.Create(_keyId, invalidSettings); act.Should().Throw <ValidationException>(); }
public RequestSignerTests() { FakeFactory.Create( out _signatureCreator, out _authorizationHeaderParamCreator, out _dateHeaderEnsurer, out _digestHeaderEnsurer, out _systemClock, out _logger); _signingSettings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), KeyId = new KeyId("client1"), SignatureAlgorithm = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA512), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, new HeaderName("dalion_app_id") } }; _sut = new RequestSigner( _signatureCreator, _authorizationHeaderParamCreator, _signingSettings, _dateHeaderEnsurer, _digestHeaderEnsurer, _systemClock, _logger); }
public async Task CalculatesSignatureForExpectedRequest() { var compositionRequest = new SigningStringCompositionRequest(); HttpRequestForSigning interceptedRequest = null; SigningSettings interceptedSigningSettings = null; DateTimeOffset? interceptedTimeOfSigning = null; TimeSpan?interceptedExpires = null; A.CallTo(() => _stringCompositionRequestFactory.CreateForSigning(A <HttpRequestForSigning> ._, A <SigningSettings> ._, A <DateTimeOffset?> ._, A <TimeSpan?> ._)) .Invokes(call => { interceptedRequest = call.GetArgument <HttpRequestForSigning>(0); interceptedSigningSettings = call.GetArgument <SigningSettings>(1); interceptedTimeOfSigning = call.GetArgument <DateTimeOffset?>(2); interceptedExpires = call.GetArgument <TimeSpan?>(3); }) .Returns(compositionRequest); var composedString = "{the composed string}"; A.CallTo(() => _signingStringComposer.Compose(A <SigningStringCompositionRequest> ._)) .Returns(composedString); await _sut.CreateSignature(_httpRequestMessage, _settings, _timeOfSigning, _expires); interceptedRequest.Should().BeEquivalentTo(new HttpRequestForSigning { Method = HttpMethod.Post, RequestUri = "http://dalion.eu/api/resource/id1".ToUri(), Headers = new HeaderDictionary(new Dictionary <string, StringValues> { { "H1", "v1" } }) }); interceptedSigningSettings.Should().Be(_settings); interceptedTimeOfSigning.Should().Be(_timeOfSigning); interceptedExpires.Should().Be(_expires); }
public CreateSignature() { _httpRequestMessage = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri("http://dalion.eu/api/resource/id1"), Headers = { { "H1", "v1" } } }; _settings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), KeyId = new KeyId("client1"), SignatureAlgorithm = A.Fake <ISignatureAlgorithm>(), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, new HeaderName("dalion_app_id") }, UseDeprecatedAlgorithmParameter = false, AuthorizationScheme = "TestScheme", EnableNonce = true, DigestHashAlgorithm = HashAlgorithmName.SHA384 }; _timeOfSigning = new DateTimeOffset(2020, 2, 24, 11, 20, 14, TimeSpan.Zero); _expires = TimeSpan.FromMinutes(10); A.CallTo(() => _settings.SignatureAlgorithm.Name).Returns("Custom"); _nonce = "abc123"; A.CallTo(() => _nonceGenerator.GenerateNonce()).Returns(_nonce); }
public BaseTests() { _httpTest = new HttpTest(); _apiFilmesSettings = ConfigManager.ApiFilmesSettings; _signingSettings = ConfigManager.SigningSettings; _tokenSettings = ConfigManager.TokenSettings; _systemSettings = ConfigManager.SystemSettings; }
public RegisteredSigningSettingsTests() { _keyId = new KeyId("abc123"); _signatureAlgorithm = A.Fake <ISignatureAlgorithm>(); _signingSettings = new SigningSettings { KeyId = _keyId, SignatureAlgorithm = _signatureAlgorithm }; _sut = new RegisteredSigningSettings(_keyId, _signingSettings); }
public RegisteredSigningSettings(KeyId keyId, SigningSettings signingSettings) { if (keyId == KeyId.Empty) { throw new ArgumentException($"The specified {nameof(keyId)} cannot be empty.", nameof(keyId)); } KeyId = keyId; SigningSettings = signingSettings ?? throw new ArgumentNullException(nameof(signingSettings)); }
public void WhenInvalidSettingsAreRegistered_ThrowsValidationException() { var invalidSettings = new SigningSettings(); A.CallTo(() => _registeredSignerSettingsStore.Get(_keyId)) .Returns(invalidSettings); Action act = () => _sut.CreateFor(_keyId); act.Should().Throw <ValidationException>(); }
public void SanitizeHeaderNamesToInclude(SigningSettings signingSettings, HttpRequestMessage request) { if (signingSettings == null) { throw new ArgumentNullException(nameof(signingSettings)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } // When feature is disabled, don't take any further action if (!signingSettings.AutomaticallyAddRecommendedHeaders) { return; } if (signingSettings.Headers == null) { signingSettings.Headers = Array.Empty <HeaderName>(); } // According to the spec, the header (request-target) should always be a part of the signature string. if (!signingSettings.Headers.Contains(HeaderName.PredefinedHeaderNames.RequestTarget)) { signingSettings.Headers = AppendHeaderName(signingSettings.Headers, HeaderName.PredefinedHeaderNames.RequestTarget); } // According to the spec, when the algorithm starts with 'rsa', 'hmac' or 'ecdsa', the Date header should be part of the signature string. if (signingSettings.SignatureAlgorithm.ShouldIncludeDateHeader() && !signingSettings.Headers.Contains(HeaderName.PredefinedHeaderNames.Date)) { signingSettings.Headers = AppendHeaderName(signingSettings.Headers, HeaderName.PredefinedHeaderNames.Date); } // According to the spec, when the algorithm does not start with 'rsa', 'hmac' or 'ecdsa', the (created) header should be part of the signature string. if (signingSettings.SignatureAlgorithm.ShouldIncludeCreatedHeader() && !signingSettings.Headers.Contains(HeaderName.PredefinedHeaderNames.Created)) { signingSettings.Headers = AppendHeaderName(signingSettings.Headers, HeaderName.PredefinedHeaderNames.Created); } // According to the spec, when the algorithm does not start with 'rsa', 'hmac' or 'ecdsa', the (expires) header should be part of the signature string. if (signingSettings.SignatureAlgorithm.ShouldIncludeExpiresHeader() && !signingSettings.Headers.Contains(HeaderName.PredefinedHeaderNames.Expires)) { signingSettings.Headers = AppendHeaderName(signingSettings.Headers, HeaderName.PredefinedHeaderNames.Expires); } // When digest is enabled, make it part of the signature string if (!string.IsNullOrEmpty(signingSettings.DigestHashAlgorithm.Name) && request.Method.SupportsBody() && !signingSettings.Headers.Contains(HeaderName.PredefinedHeaderNames.Digest)) { signingSettings.Headers = AppendHeaderName(signingSettings.Headers, HeaderName.PredefinedHeaderNames.Digest); } }
/// <summary> /// Adds http message signing registrations to the specified /// <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection" />. /// </summary> /// <param name="keyId"> /// The <see cref="T:Dalion.HttpMessageSigning.KeyId" /> that the server can use to identify the client /// application. /// </param> /// <param name="services"> /// The <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection" /> to add the /// registrations to. /// </param> /// <param name="signingSettingsConfig">The action that configures the signing settings.</param> /// <returns> /// The <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection" /> to which the registrations /// were added. /// </returns> public static IServiceCollection AddHttpMessageSigning(this IServiceCollection services, KeyId keyId, Action <SigningSettings> signingSettingsConfig) { if (services == null) { throw new ArgumentNullException(nameof(services)); } return(services.AddHttpMessageSigning(keyId, prov => { var newSettings = new SigningSettings(); signingSettingsConfig?.Invoke(newSettings); return newSettings; })); }
public Create() { _keyId = new KeyId("client1"); _signingSettings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), SignatureAlgorithm = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA512), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, new HeaderName("dalion_app_id") } }; }
public async Task <Signature> CreateSignature(HttpRequestMessage request, SigningSettings settings, DateTimeOffset timeOfSigning) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (settings == null) { throw new ArgumentNullException(nameof(settings)); } _signingSettingsSanitizer.SanitizeHeaderNamesToInclude(settings, request); settings.Validate(); var nonce = settings.EnableNonce ? _nonceGenerator.GenerateNonce() : null; var requestForSigning = request.ToRequestForSigning(); var signingString = _signingStringComposer.Compose( requestForSigning, settings.SignatureAlgorithm.Name, settings.Headers, timeOfSigning, settings.Expires, nonce); var eventTask = settings.Events?.OnSigningStringComposed?.Invoke(request, signingString); if (eventTask != null) { await eventTask; } _logger?.LogDebug("Composed the following signing string for request signing: {0}", signingString); var signatureHash = settings.SignatureAlgorithm.ComputeHash(signingString); var signatureString = _base64Converter.ToBase64(signatureHash); _logger?.LogDebug("The base64 hash of the signature string for signing is '{0}'.", signatureString); var signature = new Signature { KeyId = settings.KeyId, Algorithm = $"{settings.SignatureAlgorithm.Name.ToLowerInvariant()}-{settings.SignatureAlgorithm.HashAlgorithm.ToString().ToLowerInvariant()}", Created = timeOfSigning, Expires = timeOfSigning.Add(settings.Expires), Headers = settings.Headers, Nonce = nonce, String = signatureString }; return(signature); }
public RequestSigner( ISigningSettingsSanitizer signingSettingsSanitizer, ISignatureCreator signatureCreator, IAuthorizationHeaderParamCreator authorizationHeaderParamCreator, SigningSettings signingSettings, ISignatureHeaderEnsurer signatureHeaderEnsurer, ISystemClock systemClock, ILogger <RequestSigner> logger = null) { _signingSettingsSanitizer = signingSettingsSanitizer ?? throw new ArgumentNullException(nameof(signingSettingsSanitizer)); _signatureCreator = signatureCreator ?? throw new ArgumentNullException(nameof(signatureCreator)); _authorizationHeaderParamCreator = authorizationHeaderParamCreator ?? throw new ArgumentNullException(nameof(authorizationHeaderParamCreator)); _signingSettings = signingSettings ?? throw new ArgumentNullException(nameof(signingSettings)); _signatureHeaderEnsurer = signatureHeaderEnsurer ?? throw new ArgumentNullException(nameof(signatureHeaderEnsurer)); _systemClock = systemClock ?? throw new ArgumentNullException(nameof(systemClock)); _logger = logger; }
public Task EnsureHeader(HttpRequestMessage request, SigningSettings signingSettings, DateTimeOffset timeOfSigning) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (signingSettings == null) { throw new ArgumentNullException(nameof(signingSettings)); } if (signingSettings.Headers.Contains(HeaderName.PredefinedHeaderNames.Date) && !request.Headers.Date.HasValue) { request.Headers.Date = timeOfSigning; } return(Task.CompletedTask); }
public async Task <Signature> CreateSignature(HttpRequestMessage request, SigningSettings settings, DateTimeOffset timeOfSigning, TimeSpan expires) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (settings == null) { throw new ArgumentNullException(nameof(settings)); } var requestForSigning = request.ToHttpRequestForSigning(); var compositionRequest = _stringCompositionRequestFactory.CreateForSigning(requestForSigning, settings, timeOfSigning, expires); var signingString = _signingStringComposer.Compose(compositionRequest); var eventTask = settings.Events?.OnSigningStringComposed?.Invoke(request, ref signingString); if (eventTask != null) { await eventTask.ConfigureAwait(continueOnCapturedContext : false); } _logger?.LogDebug("Composed the following signing string for request signing: {0}", signingString); var signatureHash = settings.SignatureAlgorithm.ComputeHash(signingString); var signatureString = _base64Converter.ToBase64(signatureHash); _logger?.LogDebug("The base64 hash of the signature string for signing is '{0}'.", signatureString); var signature = new Signature { KeyId = settings.KeyId, Algorithm = settings.UseDeprecatedAlgorithmParameter ? $"{settings.SignatureAlgorithm.Name.ToLowerInvariant()}-{settings.SignatureAlgorithm.HashAlgorithm.ToString().ToLowerInvariant()}" : Signature.DefaultSignatureAlgorithm, Created = timeOfSigning, Expires = timeOfSigning.Add(expires), Headers = settings.Headers, Nonce = compositionRequest.Nonce, String = signatureString }; return(signature); }
public SanitizeHeaderNamesToInclude() { _httpRequest = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri("http://dalion.eu/api/resource/id1") }; _settings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), KeyId = new KeyId("client1"), SignatureAlgorithm = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA512), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, HeaderName.PredefinedHeaderNames.Expires, new HeaderName("dalion_app_id") }, DigestHashAlgorithm = HashAlgorithmName.SHA256 }; }
public async Task EnsureHeader(HttpRequestMessage request, SigningSettings signingSettings, DateTimeOffset timeOfSigning) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (signingSettings == null) { throw new ArgumentNullException(nameof(signingSettings)); } if (!request.Method.SupportsBody()) { return; } if (string.IsNullOrEmpty(signingSettings.DigestHashAlgorithm.Name)) { return; } if (request.Headers.Contains("Digest")) { return; } if (request.Content == null) { request.Headers.Add("Digest", string.Empty); return; } var bodyBytes = await request.Content.ReadAsByteArrayAsync().ConfigureAwait(false); using (var hashAlgorithm = HashAlgorithmFactory.Create(signingSettings.DigestHashAlgorithm)) { if (hashAlgorithm == null) { throw new NotSupportedException($"The specified hash algorithm ({signingSettings.DigestHashAlgorithm.Name}) for digest is currently not supported."); } var payloadBytes = hashAlgorithm.ComputeHash(bodyBytes); var digest = _base64Converter.ToBase64(payloadBytes); var digestAlgorithmName = Constants.DigestHashAlgorithmNames[signingSettings.DigestHashAlgorithm.Name]; request.Headers.Add("Digest", $"{digestAlgorithmName}={digest}"); } }
public void CreatesNewInstanceOfExpectedType() { var signingSettings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), SignatureAlgorithm = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA512), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, new HeaderName("dalion_app_id") } }; A.CallTo(() => _registeredSignerSettingsStore.Get(_keyId)) .Returns(signingSettings); var actual = _sut.CreateFor(_keyId); actual.Should().NotBeNull().And.BeAssignableTo <RequestSigner>(); }
public EnsureHeader() { _timeOfSigning = new DateTimeOffset(2020, 2, 24, 11, 20, 14, TimeSpan.FromHours(1)); _httpRequest = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri("http://dalion.eu/api/resource/id1") }; _settings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), KeyId = "client1", SignatureAlgorithm = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA512), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, HeaderName.PredefinedHeaderNames.Expires, new HeaderName("dalion_app_id") }, DigestHashAlgorithm = HashAlgorithmName.SHA256 }; }
public static void ConfigurarJwtToken(IServiceCollection services, IConfiguration configuration) { var signingSettings = new SigningSettings(); services.AddSingleton(signingSettings); var tokenSettings = configuration.GetSettings <TokenSettings>(); services.AddAuthentication(opt => { opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(opt => { opt.RequireHttpsMetadata = false; opt.SaveToken = true; opt.TokenValidationParameters = new TokenValidationParameters { IssuerSigningKey = signingSettings.Key, ValidAudience = tokenSettings.Audience, ValidIssuer = tokenSettings.Issuer, ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; }); services.AddAuthorization(opt => { var builder = new AuthorizationPolicyBuilder(); var authPolicy = builder .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); opt.AddPolicy(JwtBearerDefaults.AuthenticationScheme, authPolicy); }); }
public CreateForSigning() { _request = new HttpRequestForSigning(); _settings = new SigningSettings { Expires = TimeSpan.FromMinutes(5), KeyId = new KeyId("client1"), SignatureAlgorithm = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA512), Headers = new[] { HeaderName.PredefinedHeaderNames.RequestTarget, HeaderName.PredefinedHeaderNames.Date, HeaderName.PredefinedHeaderNames.Expires, new HeaderName("dalion_app_id") }, DigestHashAlgorithm = HashAlgorithmName.SHA256, EnableNonce = true, RequestTargetEscaping = RequestTargetEscaping.RFC2396, AutomaticallyAddRecommendedHeaders = true }; _timeOfComposingUtc = new DateTimeOffset(2020, 9, 8, 13, 21, 14, TimeSpan.Zero); _expires = TimeSpan.FromMinutes(3); }
public IRequestSigner Create(KeyId keyId, SigningSettings signingSettings) { if (keyId == KeyId.Empty) { throw new ArgumentException("The specified key id cannot be empty.", nameof(keyId)); } if (signingSettings == null) { throw new ArgumentNullException(nameof(signingSettings)); } signingSettings.KeyId = keyId; return(new RequestSigner( _signingSettingsSanitizer, _signatureCreator, _authorizationHeaderParamCreator, signingSettings, _signatureHeaderEnsurer, _systemClock, _logger)); }
private Task OnRequestSigned(HttpRequestMessage request, Signature signature, SigningSettings settings) { _signedRequest = request; return(Task.CompletedTask); }
public RegisteredSigningSettings(KeyId keyId, SigningSettings signingSettings) { KeyId = keyId; SigningSettings = signingSettings ?? throw new ArgumentNullException(nameof(signingSettings)); }
/// <summary> /// Adds http message signing registrations to the specified /// <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection" />. /// </summary> /// <param name="keyId"> /// The <see cref="T:Dalion.HttpMessageSigning.KeyId" /> that the server can use to identify the client /// application. /// </param> /// <param name="services"> /// The <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection" /> to add the /// registrations to. /// </param> /// <param name="signingSettings">The signing settings.</param> /// <returns> /// The <see cref="T:Microsoft.Extensions.DependencyInjection.IServiceCollection" /> to which the registrations /// were added. /// </returns> public static IServiceCollection AddHttpMessageSigning(this IServiceCollection services, KeyId keyId, SigningSettings signingSettings) { if (services == null) { throw new ArgumentNullException(nameof(services)); } if (signingSettings == null) { throw new ArgumentNullException(nameof(signingSettings)); } return(services.AddHttpMessageSigning(keyId, prov => signingSettings)); }
public static async Task <string> Run(SignOptions options) { var serviceProvider = new ServiceCollection() .AddHttpMessageSigning() .BuildServiceProvider(); var requestSignerFactory = serviceProvider.GetRequiredService <IRequestSignerFactory>(); ISignatureAlgorithm signatureAlgorithm; if (string.IsNullOrEmpty(options.KeyType) || options.KeyType.Equals("RSA", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithm = RSASignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, KeyReader.ReadRSA(options.PrivateKey)); } else if (options.KeyType.Equals("P256", StringComparison.OrdinalIgnoreCase) || options.KeyType.Equals("ECDSA", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithm = ECDsaSignatureAlgorithm.CreateForSigning(HashAlgorithmName.SHA512, KeyReader.ReadECDsaPrivate(options.PrivateKey)); } else if (options.KeyType.Equals("HMAC", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithm = SignatureAlgorithm.CreateForSigning(options.PrivateKey, HashAlgorithmName.SHA512); } else { throw new NotSupportedException("The specified key type is not supported."); } if (!string.IsNullOrEmpty(options.Algorithm) && !options.Algorithm.StartsWith("rsa", StringComparison.OrdinalIgnoreCase) && !options.Algorithm.StartsWith("hmac", StringComparison.OrdinalIgnoreCase) && !options.Algorithm.StartsWith("ecdsa", StringComparison.OrdinalIgnoreCase)) { signatureAlgorithm = new CustomSignatureAlgorithm(options.Algorithm); } var signingSettings = new SigningSettings { SignatureAlgorithm = signatureAlgorithm, EnableNonce = false, DigestHashAlgorithm = HashAlgorithmName.SHA256, AutomaticallyAddRecommendedHeaders = false, Headers = options.Headers ?.Split(new[] { ' ', ',' }, StringSplitOptions.RemoveEmptyEntries) .Select(h => new HeaderName(h)) .ToArray() }; var signer = requestSignerFactory.Create( new KeyId("test"), signingSettings); var created = DateTimeOffset.UtcNow; if (!string.IsNullOrEmpty(options.Created)) { var createdUnix = int.Parse(options.Created); created = DateTimeOffset.FromUnixTimeSeconds(createdUnix); } var expires = signingSettings.Expires; if (!string.IsNullOrEmpty(options.Expires)) { var expiresUnix = int.Parse(options.Expires); var expiresAbsolute = DateTimeOffset.FromUnixTimeSeconds(expiresUnix); expires = expiresAbsolute - created; } await signer.Sign(options.Message, created, expires); var serializedMessage = HttpMessageSerializer.Serialize(options.Message); return(serializedMessage); }
/// <summary> /// Cria um novo token JWT válido /// </summary> /// <param name="identity">Identidade do usuário</param> /// <param name="jwtSettings">Configurações do token JWT</param> /// <param name="signingSettings">Credênciais para assinatura do token</param> /// <returns>Um token JWT válido</returns> public static object CreateJwtToken(this ClaimsIdentity identity, JwtSettings jwtSettings, SigningSettings signingSettings) { var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Subject = identity, Issuer = jwtSettings.Issuer, Audience = jwtSettings.Audience, IssuedAt = jwtSettings.IssuedAt, NotBefore = jwtSettings.NotBefore, Expires = jwtSettings.Expiration, SigningCredentials = signingSettings.SigningCredentials }); var encodedJwt = handler.WriteToken(securityToken); return(new { access_token = encodedJwt, token_type = JwtBearerDefaults.AuthenticationScheme.ToLower(), expires_in = (int)jwtSettings.ValidFor.TotalSeconds, }); }
private void UpdateNonceEnabled(SigningSettings settings) { settings.EnableNonce = _nonceEnabled; }