private static TokenState CreateInvalidToken(Jwk signingKey, TokenValidationStatus status, JwsDescriptor descriptor, string claim = null)
{
descriptor.SigningKey = signingKey;
descriptor.Algorithm = signingKey.SignatureAlgorithm;
return CreateInvalidToken(status, descriptor);
}
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwtDescriptor descriptor, string?claim = null)
{
switch (status)
{
case TokenValidationStatus.SignatureKeyNotFound:
descriptor.Header.Add(JwtHeaderParameterNames.Kid, "x");
break;
case TokenValidationStatus.MissingEncryptionAlgorithm:
descriptor.Header.Add(JwtHeaderParameterNames.Enc, (object)null !);
break;
}
var token = descriptor;
var writer = new JwtWriter();
writer.IgnoreTokenValidation = true;
var jwt = writer.WriteTokenString(token);
switch (status)
{
case TokenValidationStatus.MalformedToken:
jwt = "/" + jwt.Substring(0, jwt.Length - 1);
break;
case TokenValidationStatus.InvalidSignature:
var parts = jwt.Split('.');
parts[2] = new string(parts[2].Reverse().ToArray());
jwt = parts[0] + "." + parts[1] + "." + parts[2];
break;
case TokenValidationStatus.MalformedSignature:
jwt = jwt.Substring(0, jwt.Length - 2);
break;
case TokenValidationStatus.MissingSignature:
parts = jwt.Split('.');
jwt = parts[0] + "." + parts[1] + ".";
break;
default:
break;
}
return(new TokenState(jwt, status));
}
public ActionResult ValidateToken([FromBody] UserDetails data)
{
try
{
using (var db = new ApplicationDbContext())
{
if (data == null)
{
return(StatusCode(Microsoft.AspNetCore.Http.StatusCodes.Status400BadRequest));
}
else
{
AppHistoryService history = new AppHistoryService(_db);
var tokenInfo = history.MatchedById(data.TokenId, data.AppName);
var isValid = history.ValidateUser(data);
if (isValid != null)
{
var userTokenDeviceDetails = new UserTokenDeviceDetails
{
UserTokenDetailsId = tokenInfo.Id,
DeviceId = data.DeviceId,
};
var validUser = history.SaveUserLog(userTokenDeviceDetails);
}
else
{
TokenValidationStatus failureStatus = new TokenValidationStatus();
failureStatus.success = false;
failureStatus.message = "No such token found";
return(Ok(failureStatus));
}
TokenValidationStatus successStatus = new TokenValidationStatus();
successStatus.success = true;
successStatus.message = "Token validated successfully";
return(Ok(successStatus));
}
}
}
catch (Exception ex)
{
return(StatusCode(Microsoft.AspNetCore.Http.StatusCodes.Status204NoContent));
}
}
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwtDescriptor descriptor)
{
switch (status)
{
case TokenValidationStatus.SignatureKeyNotFound:
descriptor.Header.Replace(new JwtProperty(HeaderParameters.KidUtf8, (string)descriptor.Header[HeaderParameters.KidUtf8].Value + "x"));
break;
case TokenValidationStatus.MissingEncryptionAlgorithm:
descriptor.Header.Replace(new JwtProperty(HeaderParameters.EncUtf8));
break;
}
var token = descriptor;
var writer = new JwtWriter();
//writer.IgnoreTokenValidation = true;
var jwt = writer.WriteTokenString(token);
switch (status)
{
case TokenValidationStatus.MalformedToken:
jwt = "/" + jwt.Substring(0, jwt.Length - 1);
break;
case TokenValidationStatus.InvalidSignature:
var parts = jwt.Split('.');
parts[2] = new string(parts[2].Reverse().ToArray());
jwt = parts[0] + "." + parts[1] + "." + parts[2];
break;
case TokenValidationStatus.MalformedSignature:
jwt = jwt.Substring(0, jwt.Length - 2);
break;
case TokenValidationStatus.MissingSignature:
parts = jwt.Split('.');
jwt = parts[0] + "." + parts[1] + ".";
break;
default:
break;
}
return new TokenState(jwt, status);
}
public TokenState(string jwt, TokenValidationStatus status)
{
Jwt = jwt;
Status = status;
}
private static JwsDescriptor CreateJws(JObject descriptor, TokenValidationStatus status, string claim = null)
{
var payload = new JObject();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
payload.Add(kvp.Key, kvp.Value);
}
return new JwsDescriptor(new JwtObject(), ToJwtObject(payload));
}
private static JwsDescriptor CreateJws(Jwk signingKey, JObject descriptor, TokenValidationStatus status, string?claim = null)
{
var payload = new JwtPayload();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
switch (kvp.Value.Type)
{
case JTokenType.Object:
payload.Add(kvp.Key, (object)kvp.Value);
break;
case JTokenType.Array:
payload.Add(kvp.Key, (object[])(object)kvp.Value);
break;
case JTokenType.Integer:
payload.Add(kvp.Key, (long)kvp.Value);
break;
case JTokenType.Float:
payload.Add(kvp.Key, (double)kvp.Value);
break;
case JTokenType.String:
payload.Add(kvp.Key, (string)kvp.Value);
break;
case JTokenType.Boolean:
payload.Add(kvp.Key, (bool)kvp.Value);
break;
case JTokenType.Null:
payload.Add(kvp.Key, (object)kvp.Value);
break;
}
}
var d = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256)
{
Payload = payload
};
return(d);
}
/// <summary>
/// Initializes a new instance of the <see cref="SignatureValidationResult"/> class.
/// </summary>
public SignatureValidationResult(TokenValidationStatus status, Jwk signingKey)
{
Status = status;
SigningKey = signingKey;
}
/// <summary>
/// Initializes a new instance of the <see cref="SignatureValidationResult"/> class.
/// </summary>
public SignatureValidationResult(TokenValidationStatus status)
{
Status = status;
}
/// <summary>
/// Initializes a new instance of the <see cref="SignatureValidationResult"/> class.
/// </summary>
public SignatureValidationResult(TokenValidationStatus status, Exception?exception)
{
Status = status;
Exception = exception;
}
private TokenValidationError(TokenValidationStatus status, string message)
{
Status = status;
_message = message;
}
private TokenValidationError(TokenValidationStatus status, Exception?exception)
{
Status = status;
Exception = exception;
_message = exception?.Message;
}
private TokenValidationError(TokenValidationStatus status)
{
Status = status;
}
/// <summary>Initializes a new instance of the <see cref="SignatureValidationError"/> class.</summary>
public SignatureValidationError(TokenValidationStatus status)
{
Status = status;
}
private static JwsDescriptor CreateJws(Jwk signingKey, Dictionary <string, object> descriptor, TokenValidationStatus status, string claim = null)
{
var payload = new JwtPayload();
foreach (var kvp in descriptor)
{
switch (status)
{
case TokenValidationStatus.InvalidClaim:
if (kvp.Key == "aud" && claim == "aud")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
payload.Add(kvp.Key, kvp.Value + "XXX");
continue;
}
break;
case TokenValidationStatus.MissingClaim:
if (kvp.Key == "exp" & claim == "exp")
{
continue;
}
if (kvp.Key == "aud" & claim == "aud")
{
continue;
}
if (kvp.Key == "iss" && claim == "iss")
{
continue;
}
break;
case TokenValidationStatus.Expired:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 1500000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 1400000000);
continue;
}
break;
case TokenValidationStatus.NotYetValid:
if (kvp.Key == "exp")
{
payload.Add(kvp.Key, 2100000000);
continue;
}
if (kvp.Key == "nbf")
{
payload.Add(kvp.Key, 2000000000);
continue;
}
break;
}
payload.Add(kvp.Key, kvp.Value);
}
var d = new JwsDescriptor(signingKey, signingKey.SignatureAlgorithm);
d.Payload = payload;
return(d);
}
public static void ReadingTokenFileFailed(this ILogger logger, string filename, TokenValidationStatus status, Exception?e = null)
{
_readingTokenFileFailed(logger, filename, status, e);
}