public Func <byte[], byte[]> GetHashAlgorithm(IRequest req) { Func <byte[], byte[]> hashAlgorithm = null; if (HmacAlgorithms.TryGetValue(HashAlgorithm, out var hmac)) { var authKey = GetAuthKey(req); if (authKey == null) { throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm); } hashAlgorithm = data => hmac(authKey, data); } if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out var rsa)) { var privateKey = GetPrivateKey(req); if (privateKey == null) { throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm); } hashAlgorithm = data => rsa(privateKey.Value, data); } if (hashAlgorithm == null) { throw new NotSupportedException("Invalid algorithm: " + HashAlgorithm); } return(hashAlgorithm); }
public Func <byte[], byte[]> GetHashAlgorithm() { Func <byte[], byte[]> hashAlgoritm = null; Func <byte[], byte[], byte[]> hmac; if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac)) { if (AuthKey == null) { throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm); } hashAlgoritm = data => hmac(AuthKey, data); } Func <RSAParameters, byte[], byte[]> rsa; if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa)) { if (PrivateKey == null) { throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm); } hashAlgoritm = data => rsa(PrivateKey.Value, data); } if (hashAlgoritm == null) { throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm); } return(hashAlgoritm); }
/// <summary> /// Returns the hash code. /// </summary> /// <returns> /// A hash code for the current <see cref="T:System.Object"/>. /// </returns> public override int GetHashCode() { var hmac = HmacAlgorithms.Create(HmacAlgorithms.HmacSha1, this.SecretKey); try { CryptoStream cs = new CryptoStream(Stream.Null, hmac, CryptoStreamMode.Write); byte[] hbytes = ASCIIEncoding.ASCII.GetBytes(this.Handle); cs.Write(hbytes, 0, hbytes.Length); cs.Close(); byte[] hash = hmac.Hash; hmac.Clear(); long val = 0; for (int i = 0; i < hash.Length; i++) { val = val ^ (long)hash[i]; } val = val ^ this.Expires.ToFileTimeUtc(); return((int)val); } finally { ((IDisposable)hmac).Dispose(); } }
protected override string GetSignature(ITamperResistantOAuthMessage message) { string key = GetConsumerAndTokenSecretString(message); using (var hasher = HmacAlgorithms.Create(HmacAlgorithms.HmacSha1, Encoding.ASCII.GetBytes(key))) { string baseString = ConstructSignatureBaseString(message, this.Channel.MessageDescriptions.GetAccessor(message)); byte[] digest = hasher.ComputeHash(Encoding.ASCII.GetBytes(baseString)); return(Convert.ToBase64String(digest)); } }
public string CreateJwtBearerToken(IAuthSession session, IEnumerable <string> roles = null, IEnumerable <string> perms = null) { var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms); CreatePayloadFilter?.Invoke(jwtPayload, session); if (EncryptPayload) { if (PrivateKey == null || PublicKey == null) { throw new NotSupportedException("PrivateKey is required to EncryptPayload"); } return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value)); } var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId()); CreateHeaderFilter?.Invoke(jwtHeader, session); Func <byte[], byte[]> hashAlgoritm = null; Func <byte[], byte[], byte[]> hmac; if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac)) { if (AuthKey == null) { throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm); } hashAlgoritm = data => hmac(AuthKey, data); } Func <RSAParameters, byte[], byte[]> rsa; if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa)) { if (PrivateKey == null) { throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm); } hashAlgoritm = data => rsa(PrivateKey.Value, data); } if (hashAlgoritm == null) { throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm); } var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm); return(bearerToken); }
/// <summary> /// Gets the return to signature. /// </summary> /// <param name="returnTo">The return to.</param> /// <param name="cryptoKey">The crypto key.</param> /// <returns> /// The generated signature. /// </returns> /// <remarks> /// Only the parameters in the return_to URI are signed, rather than the base URI /// itself, in order that OPs that might change the return_to's implicit port :80 part /// or other minor changes do not invalidate the signature. /// </remarks> private byte[] GetReturnToSignature(Uri returnTo, CryptoKey cryptoKey = null) { Requires.NotNull(returnTo, "returnTo"); // Assemble the dictionary to sign, taking care to remove the signature itself // in order to accurately reproduce the original signature (which of course didn't include // the signature). // Also we need to sort the dictionary's keys so that we sign in the same order as we did // the last time. var returnToParameters = HttpUtility.ParseQueryString(returnTo.Query); returnToParameters.Remove(ReturnToSignatureParameterName); var sortedReturnToParameters = new SortedDictionary <string, string>(StringComparer.OrdinalIgnoreCase); foreach (string key in returnToParameters) { sortedReturnToParameters.Add(key, returnToParameters[key]); } Logger.Bindings.DebugFormat("ReturnTo signed data: {0}{1}", Environment.NewLine, sortedReturnToParameters.ToStringDeferred()); // Sign the parameters. byte[] bytesToSign = KeyValueFormEncoding.GetBytes(sortedReturnToParameters); byte[] signature; try { if (cryptoKey == null) { cryptoKey = this.cryptoKeyStore.GetKey(SecretUri.AbsoluteUri, returnToParameters[ReturnToSignatureHandleParameterName]); ErrorUtilities.VerifyProtocol( cryptoKey != null, MessagingStrings.MissingDecryptionKeyForHandle, SecretUri.AbsoluteUri, returnToParameters[ReturnToSignatureHandleParameterName]); } using (var signer = HmacAlgorithms.Create(HmacAlgorithms.HmacSha256, cryptoKey.Key)) { signature = signer.ComputeHash(bytesToSign); } } catch (ProtocolException ex) { throw ErrorUtilities.Wrap(ex, OpenIdStrings.MaximumAuthenticationTimeExpired); } return(signature); }
public string CreateJwtBearerToken(IAuthSession session) { IEnumerable <string> roles = null, perms = null; var authRepo = HostContext.TryResolve <IAuthRepository>() as IManageRoles; if (authRepo != null) { roles = authRepo.GetRoles(session.UserAuthId); perms = authRepo.GetPermissions(session.UserAuthId); } var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms); if (CreatePayloadFilter != null) { CreatePayloadFilter(jwtPayload, session); } if (EncryptPayload) { if (PrivateKey == null || PublicKey == null) { throw new NotSupportedException("PrivateKey is required to EncryptPayload"); } return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value)); } var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId()); if (CreateHeaderFilter != null) { CreateHeaderFilter(jwtHeader, session); } Func <byte[], byte[]> hashAlgoritm = null; Func <byte[], byte[], byte[]> hmac; if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac)) { hashAlgoritm = data => hmac(AuthKey, data); } Func <RSAParameters, byte[], byte[]> rsa; if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa)) { if (PrivateKey == null) { throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm); } hashAlgoritm = data => rsa(PrivateKey.Value, data); } if (hashAlgoritm == null) { throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm); } var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm); return(bearerToken); }
/// <summary> /// Creates the <see cref="HashAlgorithm"/> using a given shared secret for the mac. /// </summary> /// <param name="secret">The HMAC secret.</param> /// <returns>The algorithm.</returns> internal HashAlgorithm CreateHasher(byte[] secret) { return(HmacAlgorithms.Create(this.HmacAlgorithmName, secret)); }