public async Task EncryptAndDecrypt_UsingBrainKeys() { Func <TokenContext, Task <string> > tokenCallback = (c) => { var virgilCrypto = new VirgilCrypto(); var signer = new VirgilAccessTokenSigner(); var apiKey = virgilCrypto.ImportPrivateKey( Bytes.FromString(AppSettings.Get.ApiKey, StringEncoding.BASE64)); var generator = new JwtGenerator(AppSettings.Get.AppId, apiKey, AppSettings.Get.ApiKeyId, TimeSpan.FromDays(1), signer); var jwt = generator.GenerateToken("BRAINKEY_CLIENT"); return(Task.FromResult(jwt.ToString())); }; var brainKey = BrainKey.Initialize(tokenCallback); var keyPair1 = await brainKey.GenerateKeyPair("some password"); await Task.Delay(TimeSpan.FromSeconds(2)); var keyPair2 = await brainKey.GenerateKeyPair("some password"); await Task.Delay(TimeSpan.FromSeconds(2)); var crypto = new VirgilCrypto(); var plaindata = GetRandom.Bytes(128); var chipherdata = crypto.SignThenEncrypt(plaindata, keyPair1.PrivateKey, keyPair2.PublicKey); var originaldata = crypto.DecryptThenVerify(chipherdata, keyPair2.PrivateKey, keyPair1.PublicKey); originaldata.Should().BeEquivalentTo(plaindata); }
public static Tuple <Jwt, JwtGenerator> PredefinedToken( this Faker faker, VirgilAccessTokenSigner signer, TimeSpan lifeTime, out string apiPublicKeyId, out string apiPublicKeyBase64) { var crypto = new VirgilCrypto(); var apiKeyPair = crypto.GenerateKeys(); var fingerprint = crypto.GenerateHash(crypto.ExportPublicKey(apiKeyPair.PublicKey)); apiPublicKeyId = Bytes.ToString(fingerprint, StringEncoding.HEX); apiPublicKeyBase64 = Bytes.ToString( crypto.ExportPublicKey(apiKeyPair.PublicKey), StringEncoding.BASE64); var jwtGenerator = new JwtGenerator( faker.AppId(), apiKeyPair.PrivateKey, apiPublicKeyId, lifeTime, signer); var additionalData = new Dictionary <string, string> { { "username", "some_username" } }; var dict = additionalData.ToDictionary(entry => (object)entry.Key, entry => (object)entry.Value); var token = jwtGenerator.GenerateToken("some_identity", dict); return(new Tuple <Jwt, JwtGenerator>(token, jwtGenerator)); }
public static PythiaProtocol Initialize(PythiaProtocolConfig config) { if (config.ProofKeys == null || !config.ProofKeys.Any()) { throw new ArgumentException( $"{nameof(config.ProofKeys)} value cannot be null or empty"); } if (string.IsNullOrWhiteSpace(config.AppId)) { throw new ArgumentException( $"{nameof(config.AppId)} value cannot be null or empty"); } if (string.IsNullOrWhiteSpace(config.ApiKeyId)) { throw new ArgumentException( $"{nameof(config.ApiKeyId)} value cannot be null or empty"); } if (string.IsNullOrWhiteSpace(config.ApiKey)) { throw new ArgumentException( $"{nameof(config.ApiKey)} value cannot be null or empty"); } Func <TokenContext, Task <string> > tokenCallback = (c) => { var virgilCrypto = new VirgilCrypto(); var signer = new VirgilAccessTokenSigner(); var apiKey = virgilCrypto.ImportPrivateKey( Bytes.FromString(config.ApiKey, StringEncoding.BASE64)); var generator = new JwtGenerator(config.AppId, apiKey, config.ApiKeyId, TimeSpan.FromDays(1), signer); var jwt = generator.GenerateToken("PYTHIA_CLIENT"); return(Task.FromResult(jwt.ToString())); }; var connection = new ServiceConnection(config.ApiURL); var tokenProvider = new CachingJwtProvider(tokenCallback); var client = new PythiaClient(connection, new NewtonsoftJsonSerializer()); var pythiaCrypto = new PythiaCrypto(); var protocol = new PythiaProtocol(client, pythiaCrypto, tokenProvider, config.ProofKeys); return(protocol); }
public async Task YTC16() { var correnctPassword = "******"; var wrongPassword = "******"; var crypto = Substitute.For <IPythiaCrypto>(); crypto.Blind(correnctPassword).Returns(new PythiaCrypto().Blind(correnctPassword)); crypto.Blind(wrongPassword).Returns(new PythiaCrypto().Blind(wrongPassword)); crypto.Deblind(Arg.Any <byte[]>(), Arg.Any <byte[]>()) .Returns((arg) => new PythiaCrypto().Deblind((byte[])arg[0], (byte[])arg[1])); crypto.GenerateSalt().Returns(new PythiaCrypto().GenerateSalt()); crypto.Verify(Arg.Any <PythiaProofParams>()).Returns(true, false, false, false, false); var virgilCrypto = new VirgilCrypto(); var signer = new VirgilAccessTokenSigner(); var apiKey = virgilCrypto.ImportPrivateKey(Bytes.FromString(AppSettings.Get.ApiKey, StringEncoding.BASE64)); var generator = new JwtGenerator(AppSettings.Get.AppId, apiKey, AppSettings.Get.ApiKeyId, TimeSpan.FromDays(1), signer); var jwt = generator.GenerateToken("PYTHIA-CLIENT"); var connection = new ServiceConnection(AppSettings.Get.ApiURL); var tokenProvider = new ConstAccessTokenProvider(jwt); var client = new PythiaClient(connection, new NewtonsoftJsonSerializer()); var protocol = new PythiaProtocol(client, crypto, tokenProvider, AppSettings.Get.ProofKeys.Skip(1)); var bpp = await protocol.CreateBreachProofPasswordAsync(correnctPassword); await Task.Delay(TimeSpan.FromSeconds(2)); var verifyResult1 = await protocol.VerifyBreachProofPasswordAsync(correnctPassword, bpp, false); verifyResult1.Should().BeTrue(); await Task.Delay(TimeSpan.FromSeconds(2)); Func <Task> verifyResult2 = async() => { await protocol.VerifyBreachProofPasswordAsync(correnctPassword, bpp, true); }; verifyResult2.Should().Throw <Exception>(); await Task.Delay(TimeSpan.FromSeconds(2)); var verifyResult3 = await protocol.VerifyBreachProofPasswordAsync(wrongPassword, bpp, false); verifyResult3.Should().BeFalse(); await Task.Delay(TimeSpan.FromSeconds(2)); Func <Task> verifyResult4 = async() => { await protocol.VerifyBreachProofPasswordAsync(wrongPassword, bpp, true); }; verifyResult4.Should().Throw <Exception>(); await Task.Delay(TimeSpan.FromSeconds(2)); }
public void Verify_Should_VerifyTestCreatedInAnotherSDK() { var jwt = new Jwt(AppSettings.ImportedJwt); var signer = new VirgilAccessTokenSigner(); var crypto = new VirgilCrypto(); var jwtVerifier = new JwtVerifier( signer, crypto.ImportPublicKey( Bytes.FromString(AppSettings.ImportedAccessPublicKey, StringEncoding.BASE64)), AppSettings.ImportedAccessPublicKeyId); Assert.IsTrue(jwtVerifier.VerifyToken(jwt)); }
public void JwtVerifier_Should_VerifyImportedJwt() { //STC-22 var signer = new VirgilAccessTokenSigner(); string apiPublicKeyId; string apiPublicKeyBase64; var crypto = new VirgilCrypto(); var token = faker.PredefinedToken(signer, TimeSpan.FromMinutes(10), out apiPublicKeyId, out apiPublicKeyBase64).Item1; var jwtVerifier = new JwtVerifier( signer, crypto.ImportPublicKey(Bytes.FromString(apiPublicKeyBase64, StringEncoding.BASE64)), apiPublicKeyId); Assert.IsTrue(jwtVerifier.VerifyToken(token)); }
public async Task <IActionResult> SecureLogin(LoginModel model) { var user = await _userManager.FindByNameAsync(model.Username); if (user != null && await _userManager.CheckPasswordAsync(user, model.Password)) { var role = await _userManager.GetRolesAsync(user); var crypto = new VirgilCrypto(); var appKey = crypto.ImportPrivateKey(Bytes.FromString(_appsettings.APPKEYBASE64, StringEncoding.BASE64), _appsettings.APP_KEY_PASSWORD.ToString()); var accessTokenSigner = new VirgilAccessTokenSigner(); var jwtGenerator = new JwtGenerator(_appsettings.APP_ID, appKey, _appsettings.APP_KEY_ID, TimeSpan.FromMinutes(5), accessTokenSigner); var token = jwtGenerator.GenerateToken(user.Id).ToString() + jwtGenerator.GenerateToken(user.UserName).ToString() + jwtGenerator.GenerateToken(role.FirstOrDefault()).ToString(); return(Ok(new { token, user.Id, user.UserName, user.Email })); } return(BadRequest(new { message = "Username or Password is Incorrect" })); }
static AuthenticationService() { NewtonsoftJsonSerializer njs = new NewtonsoftJsonSerializer(); var config = njs.Deserialize <Config>(File.ReadAllText(@"appsettings.json")); var apiKeyBase64 = config.API_KEY; var privateKeyData = Bytes.FromString(apiKeyBase64, StringEncoding.BASE64); var crypto = new VirgilCrypto(); var apiKey = crypto.ImportPrivateKey(privateKeyData); var accessTokenSigner = new VirgilAccessTokenSigner(); var appId = config.APP_ID; var apiKeyId = config.API_KEY_ID; var ttl = TimeSpan.FromHours(1); // 1 hour (JWT's lifetime) _jwtGenerator = new JwtGenerator(appId, apiKey, apiKeyId, ttl, accessTokenSigner); _authTokens = new Dictionary <string, string>(); }
public async Task <IActionResult> Login(LoginModel model) { var user = await _userManager.FindByNameAsync(model.Username); if (user != null && await _userManager.CheckPasswordAsync(user, model.Password)) { var role = await _userManager.GetRolesAsync(user); IdentityOptions _options = new IdentityOptions(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim("UserID", user.Id.ToString()), new Claim("Username", user.UserName.ToString()), new Claim(_options.ClaimsIdentity.RoleClaimType, role.FirstOrDefault()) }), Expires = DateTime.UtcNow.AddMinutes(5), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_appsettings.JWT_Secret)), SecurityAlgorithms.HmacSha256Signature) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var token = tokenHandler.WriteToken(securityToken); var SecureRole = await _userManager.GetRolesAsync(user); var crypto = new VirgilCrypto(); var appKey = crypto.ImportPrivateKey(Bytes.FromString(_appsettings.APPKEYBASE64, StringEncoding.BASE64), _appsettings.APP_KEY_PASSWORD.ToString()); var accessTokenSigner = new VirgilAccessTokenSigner(); var jwtGenerator = new JwtGenerator(_appsettings.APP_ID, appKey, _appsettings.APP_KEY_ID, TimeSpan.FromMinutes(5), accessTokenSigner); var SecureToken = jwtGenerator.GenerateToken(user.Id).ToString() + jwtGenerator.GenerateToken(user.UserName).ToString() + jwtGenerator.GenerateToken(role.FirstOrDefault()).ToString(); return(Ok(new { token, SecureToken, user.Id, user.UserName, user.Email })); } else { return(BadRequest(new { message = "Username or Password is Incorrect" })); } }