Exemplo n.º 1
0
        public static bool ValidateMaaJwt(string attestDnsName, AttestationToken token, AttestationSigner signer, bool includeDetails)
        {
            var tenantName = attestDnsName.Split('.')[0];
            var attestUri  = new Uri($"https://{attestDnsName}");

            AttestationResult result = token.GetBody <AttestationResult>();

            ValidateJwtIssuerIsTenant(result, attestUri, includeDetails);
            ValidateSigningCertIssuerMatchesJwtIssuer(result, signer, includeDetails);

            X509Certificate2 signingCertificate = signer.SigningCertificates[0];

            byte[] certificateBytes = signingCertificate.RawData;
            string x5c = Convert.ToBase64String(certificateBytes);

#if LOG_BOUNCY_CASTLE
            if (includeDetails)
            {
                var bouncyCertParser   = new X509CertificateParser();
                var bouncyCert         = bouncyCertParser.ReadCertificate(certificateBytes);
                var bouncyAsn1Sequence = (DerSequence)bouncyCert.CertificateStructure.ToAsn1Object();

                for (int i = 0; i < bouncyAsn1Sequence.Count; i++)
                {
                    var asn1 = bouncyAsn1Sequence[i];
                    Logger.WriteLine(53, 128, $"{asn1.GetType().ToString(),50} : ", BitConverter.ToString(asn1.GetEncoded()).Replace("-", ""));
                }
            }
#endif

            Logger.WriteBanner("VALIDATING MAA JWT TOKEN - MAA EMBEDDED QUOTE IN SIGNING CERTIFICATE FOR JWT");
            MaaQuoteValidator.ValidateMaaQuote(x5c, includeDetails);

            return(true);
        }
        public static TokenValidationResult ValidateMaaJwt(string attestDnsName, string serviceJwt, bool includeDetails)
        {
            var tenantName = attestDnsName.Split('.')[0];
            var attestUri  = $"https://{attestDnsName}";

            var jwksTrustedSigningKeys     = RetrieveTrustedSigningKeys(serviceJwt, attestDnsName, tenantName, includeDetails);
            var jwksTrustedSigningKeysJWKS = new JsonWebKeySet(jwksTrustedSigningKeys);

            var validatedToken = ValidateSignedToken(serviceJwt, jwksTrustedSigningKeysJWKS, includeDetails);

            ValidateJwtIssuerIsTenant(validatedToken, attestUri, includeDetails);
            ValidateSigningCertIssuerMatchesJwtIssuer(validatedToken, includeDetails);

            X509SecurityKey  signingKey         = (X509SecurityKey)validatedToken.SecurityToken.SigningKey;
            X509Certificate2 signingCertificate = signingKey.Certificate;

            byte[] certificateBytes = signingCertificate.RawData;
            string x5c = Convert.ToBase64String(certificateBytes);

#if LOG_BOUNCY_CASTLE
            if (includeDetails)
            {
                var bouncyCertParser   = new X509CertificateParser();
                var bouncyCert         = bouncyCertParser.ReadCertificate(certificateBytes);
                var bouncyAsn1Sequence = (DerSequence)bouncyCert.CertificateStructure.ToAsn1Object();

                for (int i = 0; i < bouncyAsn1Sequence.Count; i++)
                {
                    var asn1 = bouncyAsn1Sequence[i];
                    Logger.WriteLine(53, 128, $"{asn1.GetType().ToString(),50} : ", BitConverter.ToString(asn1.GetEncoded()).Replace("-", ""));
                }
            }
#endif

            Logger.WriteBanner("VALIDATING MAA JWT TOKEN - MAA EMBEDDED QUOTE IN SIGNING CERTIFICATE FOR JWT");
            MaaQuoteValidator.ValidateMaaQuote(x5c, includeDetails);

            return(validatedToken);
        }