Exemplo n.º 1
0
        public void When_Passing_Null_Parameter_Then_Exception_Is_Thrown()
        {
            // ARRANGE
            InitializeFakeObjects();

            // ACT & ASSERT
            Assert.Throws <ArgumentNullException>(() => _jsonWebKeyConverter.ExtractSerializedKeys(null));
        }
        public async Task <JsonWebKey> GetJsonWebKey(string kid, Uri uri)
        {
            if (string.IsNullOrWhiteSpace(kid))
            {
                throw new ArgumentNullException(nameof(kid));
            }

            if (uri == null)
            {
                throw new ArgumentNullException(nameof(uri));
            }

            try
            {
                var httpClient = _httpClientFactory.GetHttpClient();
                httpClient.BaseAddress = uri;
                var request = await httpClient.GetAsync(uri.AbsoluteUri).ConfigureAwait(false);

                request.EnsureSuccessStatusCode();
                var json          = request.Content.ReadAsStringAsync().Result;
                var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>();
                var jsonWebKeys   = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
                return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid));
            }
            catch (Exception)
            {
                throw new IdentityServerManagerException(
                          ErrorCodes.InvalidRequestCode,
                          string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, kid, uri.AbsoluteUri));
            }
        }
Exemplo n.º 3
0
        public async Task <JwsPayload> UnSign(string jws)
        {
            if (string.IsNullOrWhiteSpace(jws))
            {
                throw new ArgumentNullException(nameof(jws));
            }

            var protectedHeader = _jwsParser.GetHeader(jws);

            if (protectedHeader == null)
            {
                return(null);
            }

            var jsonWebKeySet = await _identityServerClientFactory.CreateJwksClient()
                                .ResolveAsync(_parametersProvider.GetOpenIdConfigurationUrl())
                                .ConfigureAwait(false);

            var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);

            if (jsonWebKeys == null ||
                !jsonWebKeys.Any(j => j.Kid == protectedHeader.Kid))
            {
                return(null);
            }

            var jsonWebKey = jsonWebKeys.First(j => j.Kid == protectedHeader.Kid);

            if (protectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE)
            {
                return(_jwsParser.GetPayload(jws));
            }

            return(_jwsParser.ValidateSignature(jws, jsonWebKey));
        }
Exemplo n.º 4
0
        /// <summary>
        /// Validate the signature and returns the JWSPayload.
        /// </summary>
        /// <param name="jws"></param>
        /// <param name="jsonWebKeySet"></param>
        /// <returns></returns>
        public JwsPayload ValidateSignature(string jws, JsonWebKeySet jsonWebKeySet)
        {
            if (string.IsNullOrWhiteSpace(jws))
            {
                throw new ArgumentNullException(nameof(jws));
            }

            if (jsonWebKeySet == null)
            {
                throw new ArgumentNullException(nameof(jsonWebKeySet));
            }

            if (jsonWebKeySet.Keys == null)
            {
                throw new ArgumentNullException(nameof(jsonWebKeySet.Keys));
            }

            var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);

            if (!jsonWebKeys.Any())
            {
                return(null);
            }

            var header     = GetHeader(jws);
            var jsonWebKey = jsonWebKeys.FirstOrDefault(s => s.Kid == header.Kid);

            if (jsonWebKey == null)
            {
                return(null);
            }

            return(ValidateSignature(jws, jsonWebKey));
        }
        private async Task <JsonWebKey> GetJsonWebKey(
            string jwksUri,
            string kid)
        {
            JsonWebKey result = null;

            if (!string.IsNullOrWhiteSpace(jwksUri))
            {
                Uri uri = null;
                if (!Uri.TryCreate(jwksUri, UriKind.Absolute, out uri))
                {
                    return(null);
                }

                var httpClient = _httpClientFactory.GetHttpClient();
                httpClient.BaseAddress = uri;
                var request = await httpClient.GetAsync(uri.AbsoluteUri).ConfigureAwait(false);

                try
                {
                    request.EnsureSuccessStatusCode();
                    var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false);

                    var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>();
                    var jsonWebKeys   = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
                    return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid));
                }
                catch (Exception)
                {
                    return(null);
                }
            }

            return(result);
        }
Exemplo n.º 6
0
        private async Task <JsonWebKey> GetJsonWebKeyFromClient(Core.Common.Models.Client client, string kid)
        {
            JsonWebKey result = null;

            // Fetch the json web key from the jwks_uri
            if (!string.IsNullOrWhiteSpace(client.JwksUri))
            {
                Uri uri = null;
                if (!Uri.TryCreate(client.JwksUri, UriKind.Absolute, out uri))
                {
                    return(null);
                }

                var httpClient = _httpClientFactory.GetHttpClient();
                httpClient.BaseAddress = uri;
                var request = httpClient.GetAsync(uri.AbsoluteUri).Result;
                try
                {
                    request.EnsureSuccessStatusCode();
                    var json = await request.Content.ReadAsStringAsync().ConfigureAwait(false);

                    var jsonWebKeySet = json.DeserializeWithJavascript <JsonWebKeySet>();
                    var jsonWebKeys   = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
                    return(jsonWebKeys.FirstOrDefault(j => j.Kid == kid));
                }
                catch (Exception)
                {
                    return(null);
                }
            }

            // Fetch the json web key from the jwks
            if (client.JsonWebKeys != null &&
                client.JsonWebKeys.Any())
            {
                result = client.JsonWebKeys.FirstOrDefault(j => j.Kid == kid);
            }

            return(result);
        }
Exemplo n.º 7
0
        public Models.Client Execute(RegistrationParameter registrationParameter)
        {
            if (registrationParameter == null)
            {
                throw new ArgumentNullException(nameof(registrationParameter));
            }

            // Validate the parameters
            _registrationParameterValidator.Validate(registrationParameter);
            // Generate the client
            var client = new Models.Client
            {
                RedirectionUrls = registrationParameter.RedirectUris,
                Contacts        = registrationParameter.Contacts,
                // TODO : should support different languages for the client_name
                ClientName          = registrationParameter.ClientName,
                ClientUri           = registrationParameter.ClientUri,
                PolicyUri           = registrationParameter.PolicyUri,
                TosUri              = registrationParameter.TosUri,
                JwksUri             = registrationParameter.JwksUri,
                SectorIdentifierUri = registrationParameter.SectorIdentifierUri,
                // TODO : should support both subject types
                SubjectType      = Constants.SubjectTypeNames.Public,
                DefaultMaxAge    = registrationParameter.DefaultMaxAge,
                DefaultAcrValues = registrationParameter.DefaultAcrValues,
                RequireAuthTime  = registrationParameter.RequireAuthTime,
                InitiateLoginUri = registrationParameter.InitiateLoginUri,
                RequestUris      = registrationParameter.RequestUris,
                LogoUri          = registrationParameter.LogoUri,
                ScimProfile      = registrationParameter.ScimProfile
            };

            // If omitted then the default value is authorization code response type
            if (registrationParameter.ResponseTypes == null ||
                !registrationParameter.ResponseTypes.Any())
            {
                client.ResponseTypes = new List <ResponseType>
                {
                    ResponseType.code
                };
            }
            else
            {
                client.ResponseTypes = registrationParameter.ResponseTypes;
            }

            // If omitted then the default value is authorization code grant type
            if (registrationParameter.GrantTypes == null ||
                !registrationParameter.GrantTypes.Any())
            {
                client.GrantTypes = new List <GrantType>
                {
                    GrantType.authorization_code
                };
            }
            else
            {
                client.GrantTypes = registrationParameter.GrantTypes;
            }

            client.ApplicationType = registrationParameter.ApplicationType == null ? ApplicationTypes.web
                : registrationParameter.ApplicationType.Value;

            if (registrationParameter.Jwks != null)
            {
                var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(registrationParameter.Jwks);
                if (jsonWebKeys != null &&
                    jsonWebKeys.Any())
                {
                    client.JsonWebKeys = jsonWebKeys.ToList();
                }
            }

            if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenSignedResponseAlg) &&
                Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.IdTokenSignedResponseAlg))
            {
                client.IdTokenSignedResponseAlg = registrationParameter.IdTokenSignedResponseAlg;
            }
            else
            {
                client.IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256;
            }

            if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseAlg) &&
                Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.IdTokenEncryptedResponseAlg))
            {
                client.IdTokenEncryptedResponseAlg = registrationParameter.IdTokenEncryptedResponseAlg;
            }
            else
            {
                client.IdTokenEncryptedResponseAlg = string.Empty;
            }

            if (!string.IsNullOrWhiteSpace(client.IdTokenEncryptedResponseAlg))
            {
                if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseEnc) &&
                    Constants.Supported.SupportedJweEncs.Contains(registrationParameter.IdTokenEncryptedResponseEnc))
                {
                    client.IdTokenEncryptedResponseEnc = registrationParameter.IdTokenEncryptedResponseEnc;
                }
                else
                {
                    client.IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
                }
            }

            if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoSignedResponseAlg) &&
                Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.UserInfoSignedResponseAlg))
            {
                client.UserInfoSignedResponseAlg = registrationParameter.UserInfoSignedResponseAlg;
            }
            else
            {
                client.UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.NONE;
            }

            if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseAlg) &&
                Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.UserInfoEncryptedResponseAlg))
            {
                client.UserInfoEncryptedResponseAlg = registrationParameter.UserInfoEncryptedResponseAlg;
            }
            else
            {
                client.UserInfoEncryptedResponseAlg = string.Empty;
            }

            if (!string.IsNullOrWhiteSpace(client.UserInfoEncryptedResponseAlg))
            {
                if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseEnc) &&
                    Constants.Supported.SupportedJweEncs.Contains(registrationParameter.UserInfoEncryptedResponseEnc))
                {
                    client.UserInfoEncryptedResponseEnc = registrationParameter.UserInfoEncryptedResponseEnc;
                }
                else
                {
                    client.UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
                }
            }

            if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectSigningAlg) &&
                Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.RequestObjectSigningAlg))
            {
                client.RequestObjectSigningAlg = registrationParameter.RequestObjectSigningAlg;
            }
            else
            {
                client.RequestObjectSigningAlg = string.Empty;
            }

            if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionAlg) &&
                Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.RequestObjectEncryptionAlg))
            {
                client.RequestObjectEncryptionAlg = registrationParameter.RequestObjectEncryptionAlg;
            }
            else
            {
                client.RequestObjectEncryptionAlg = string.Empty;
            }

            if (!string.IsNullOrWhiteSpace(client.RequestObjectEncryptionAlg))
            {
                if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionEnc) &&
                    Constants.Supported.SupportedJweEncs.Contains(registrationParameter.RequestObjectEncryptionEnc))
                {
                    client.RequestObjectEncryptionEnc = registrationParameter.RequestObjectEncryptionEnc;
                }
                else
                {
                    client.RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
                }
            }

            TokenEndPointAuthenticationMethods tokenEndPointAuthenticationMethod;

            if (string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthMethod) ||
                !Enum.TryParse(registrationParameter.TokenEndPointAuthMethod, out tokenEndPointAuthenticationMethod))
            {
                tokenEndPointAuthenticationMethod = TokenEndPointAuthenticationMethods.client_secret_basic;
            }

            client.TokenEndPointAuthMethod = tokenEndPointAuthenticationMethod;

            if (!string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthSigningAlg) &&
                Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.TokenEndPointAuthSigningAlg))
            {
                client.TokenEndPointAuthSigningAlg = registrationParameter.TokenEndPointAuthSigningAlg;
            }
            else
            {
                client.TokenEndPointAuthSigningAlg = string.Empty;
            }

            return(client);
        }