public static TokenVerificationKey AsTokenVerificationKey(this JsonWebKey jwk)
{
X509Certificate2 cert = null;
X509CertTokenVerificationKey key = null;
if (jwk.X5c != null && jwk.X5c.Count > 0)
{
cert = new X509Certificate2(Convert.FromBase64String(jwk.X5c.First()));
key = new X509CertTokenVerificationKey(cert);
return(key);
}
if (!String.IsNullOrEmpty(jwk.N) && !String.IsNullOrEmpty(jwk.E))
{
RsaTokenVerificationKey rsaToken = new RsaTokenVerificationKey();
RSAParameters rsaParams = new RSAParameters()
{
Modulus = EncodeUtilities.Base64UrlDecode(jwk.N),
Exponent = EncodeUtilities.Base64UrlDecode(jwk.E)
};
rsaToken.InitFromRsaParameters(rsaParams);
return(rsaToken);
}
throw new NotSupportedException(StringTable.NotSupportedJwkToTokenVerificationKeyConversion);
}
public void RSATokenVerificationKeyRoundTrip()
{
TokenRestrictionTemplate template = new TokenRestrictionTemplate(TokenType.JWT);
RsaTokenVerificationKey tokenVerificationKey = new RsaTokenVerificationKey();
RSAParameters inputRsaParameters;
using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider())
{
inputRsaParameters = provider.ExportParameters(true);
tokenVerificationKey.InitFromRsaParameters(inputRsaParameters);
}
Assert.IsNotNull(tokenVerificationKey.RawBody);
template.Audience = _sampleAudience;
template.Issuer = _sampleIssuer;
template.PrimaryVerificationKey = tokenVerificationKey;
var templateAsString = TokenRestrictionTemplateSerializer.Serialize(template);
Assert.IsTrue(templateAsString.Contains("<PrimaryVerificationKey i:type=\"RsaTokenVerificationKey\">"));
TokenRestrictionTemplate output = TokenRestrictionTemplateSerializer.Deserialize(templateAsString);
Assert.AreEqual(TokenType.JWT, output.TokenType);
Assert.IsNotNull(output.PrimaryVerificationKey);
Assert.IsNotNull(output.PrimaryVerificationKey as RsaTokenVerificationKey);
RsaTokenVerificationKey key = output.PrimaryVerificationKey as RsaTokenVerificationKey;
Assert.IsNotNull(key.RawBody);
RSAParameters outputRsaParametersutParameters = key.GetRsaParameters();
Assert.IsNotNull(outputRsaParametersutParameters);
Assert.IsNotNull(outputRsaParametersutParameters.Exponent);
Assert.IsNotNull(outputRsaParametersutParameters.Modulus);
//Check that we are storing only public signing key
Assert.IsNull(outputRsaParametersutParameters.P);
Assert.IsNull(outputRsaParametersutParameters.Q);
Assert.IsNull(outputRsaParametersutParameters.D);
Assert.IsNull(outputRsaParametersutParameters.DP);
Assert.IsNull(outputRsaParametersutParameters.DQ);
//Checking that public key matching
Assert.IsTrue(inputRsaParameters.Exponent.SequenceEqual(outputRsaParametersutParameters.Exponent), "Exponent value mismatch");
Assert.IsTrue(inputRsaParameters.Modulus.SequenceEqual(outputRsaParametersutParameters.Modulus), "Modulus value mismatch");
}
public void FetchKeyWithRSATokenValidationKeyAsPrimaryVerificationKey()
{
//Create a new RSACryptoServiceProvider object.
using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
{
//Export the key information to an RSAParameters object.
//Pass false to export the public key information or pass
//true to export public and private key information.
RSAParameters RSAParams = RSA.ExportParameters(true);
TokenRestrictionTemplate tokenRestrictionTemplate = new TokenRestrictionTemplate(TokenType.JWT);
var tokenVerificationKey = new RsaTokenVerificationKey();
tokenVerificationKey.InitFromRsaParameters(RSAParams);
tokenRestrictionTemplate.PrimaryVerificationKey = tokenVerificationKey;
tokenRestrictionTemplate.Audience = "http://sampleIssuerUrl";
tokenRestrictionTemplate.Issuer = "http://sampleAudience";
string requirements = TokenRestrictionTemplateSerializer.Serialize(tokenRestrictionTemplate);
}
}