public EntityDescriptor Generate(string wsfedEndpoint)
        {
            var tokenServiceDescriptor = GetTokenServiceDescriptor(wsfedEndpoint);

            var id     = new EntityId(_settings.GetIssuerUri());
            var entity = new EntityDescriptor(id);

            entity.SigningCredentials = new X509SigningCredentials(_settings.GetSigningCertificate());
            entity.RoleDescriptors.Add(tokenServiceDescriptor);

            return(entity);
        }
Exemplo n.º 2
0
        protected virtual Task <TokenValidationResult> ValidateJwtAccessTokenAsync(string jwt)
        {
            var handler = new JwtSecurityTokenHandler();

            handler.Configuration = new SecurityTokenHandlerConfiguration();
            handler.Configuration.CertificateValidationMode = X509CertificateValidationMode.None;
            handler.Configuration.CertificateValidator      = X509CertificateValidator.None;

            var parameters = new TokenValidationParameters
            {
                ValidIssuer     = _settings.GetIssuerUri(),
                SigningToken    = new X509SecurityToken(_settings.GetSigningCertificate()),
                AllowedAudience = string.Format(Constants.AccessTokenAudience, _settings.GetIssuerUri())
            };

            try
            {
                var id = handler.ValidateToken(jwt, parameters);

                return(Task.FromResult(new TokenValidationResult
                {
                    Claims = id.Claims
                }));
            }
            catch (Exception ex)
            {
                _logger.ErrorFormat("JWT token validation error: {0}", ex.ToString());

                return(Task.FromResult(new TokenValidationResult
                {
                    IsError = true,
                    Error = Constants.ProtectedResourceErrors.InvalidToken
                }));
            }
        }
Exemplo n.º 3
0
        private SecurityToken CreateSecurityToken(SignInValidationResult validationResult, ClaimsIdentity outgoingSubject)
        {
            var descriptor = new SecurityTokenDescriptor
            {
                AppliesToAddress   = validationResult.RelyingParty.Realm,
                Lifetime           = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(validationResult.RelyingParty.TokenLifeTime)),
                ReplyToAddress     = validationResult.ReplyUrl,
                SigningCredentials = new X509SigningCredentials(_settings.GetSigningCertificate()),
                Subject            = outgoingSubject,
                TokenIssuerName    = _settings.GetIssuerUri(),
                TokenType          = validationResult.RelyingParty.TokenType
            };

            return(CreateSupportedSecurityTokenHandler().CreateToken(descriptor));
        }
Exemplo n.º 4
0
        public virtual async Task <string> CreateSecurityTokenAsync(Token token)
        {
            if (token.Type == Constants.TokenTypes.AccessToken)
            {
                if (token.Client.AccessTokenType == AccessTokenType.JWT)
                {
                    return(CreateJsonWebToken(
                               token,
                               new X509SigningCredentials(_settings.GetSigningCertificate())));
                }
                else
                {
                    var handle = Guid.NewGuid().ToString("N");
                    await _tokenHandles.StoreAsync(handle, token);

                    return(handle);
                }
            }

            if (token.Type == Constants.TokenTypes.IdentityToken)
            {
                SigningCredentials credentials;
                if (token.Client.IdentityTokenSigningKeyType == SigningKeyTypes.ClientSecret)
                {
                    credentials = new HmacSigningCredentials(token.Client.ClientSecret);
                }
                else
                {
                    credentials = new X509SigningCredentials(_settings.GetSigningCertificate());
                }

                return(CreateJsonWebToken(token, credentials));
            }

            throw new InvalidOperationException("Invalid token type.");
        }
Exemplo n.º 5
0
        public dynamic GetKeyData()
        {
            var cert       = _settings.GetSigningCertificate();
            var cert64     = Convert.ToBase64String(cert.RawData);
            var thumbprint = Base64Url.Encode(cert.GetCertHash());

            var key = new
            {
                kty = "RSA",
                use = "sig",
                kid = thumbprint,
                x5t = thumbprint,
                x5c = new string[] { cert64 }
            };

            return(new { keys = new[] { key } });
        }