public void Encode_Decode(string enc, byte[] alg)
{
var writer = new JwtWriter();
var descriptor = new JweDescriptor(_bobKey, (KeyManagementAlgorithm)alg, (EncryptionAlgorithm)enc)
{
Payload = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
{ "sub", "Alice" }
}
}
};
var token = writer.WriteToken(descriptor);
var policy = new TokenValidationPolicyBuilder()
.RequireSignatureByDefault(_signingKey)
.WithDecryptionKey(_bobKey)
.Build();
var result = Jwt.TryParse(token, policy, out var jwt);
Assert.True(result);
Assert.True(jwt.Payload.TryGetClaim("sub", out var sub));
Assert.Equal("Alice", sub.GetString());
jwt.Dispose();
}
public string Transform(IConsole console, string data)
{
if (_password != null)
{
var alg = KeyManagementAlgorithm.Pbes2HS256A128KW;
var enc = EncryptionAlgorithm.A128CbcHS256;
console.Verbose(
$@"Encrypting the JWK...
Algorithm: {alg}
Encryption algorithm: {enc}
Password derivation iteration count: {_iterationCount}
Password derivation salt size: {_saltSize} bits");
var encryptionKey = PasswordBasedJwk.FromPassphrase(_password, iterationCount: _iterationCount, saltSizeInBytes: _saltSize);
var writer = new JwtWriter();
var descriptor = new PlaintextJweDescriptor(encryptionKey, alg, enc)
{
Payload = data
};
console.Verbose("JWK encrypted.");
return(writer.WriteTokenString(descriptor));
}
return(data);
}
public void Encode_Decode(EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
var writer = new JwtWriter();
var encryptionKey = SelectKey(enc.Name, alg.Name);
var descriptor = new JweDescriptor
{
EncryptionKey = encryptionKey,
EncryptionAlgorithm = enc,
Algorithm = alg,
Payload = new JwsDescriptor
{
SigningKey = _signingKey,
Algorithm = SignatureAlgorithm.HmacSha256,
Subject = "Alice"
}
};
var token = writer.WriteToken(descriptor);
var reader = new JwtReader(encryptionKey);
var policy = new TokenValidationPolicyBuilder()
.RequireSignature(_signingKey)
.Build();
var result = reader.TryReadToken(token, policy);
Assert.Equal(TokenValidationStatus.Success, result.Status);
Assert.Equal("Alice", result.Token.Subject);
}
public void Create()
{
var descriptor = new IdTokenDescriptor();
descriptor.Algorithm = SignatureAlgorithm.None;
descriptor.Issuer = "http://server.example.com";
descriptor.Subject = "248289761001";
descriptor.Audience = "s6BhdRkqt3";
descriptor.Nonce = "n-0S6_WzA2Mj";
descriptor.ExpirationTime = EpochTime.ToDateTime(1311281970);
descriptor.IssuedAt = EpochTime.ToDateTime(1311280970);
descriptor.AddClaim(Encoding.UTF8.GetBytes("name"), "Jane Doe");
descriptor.GivenName = "Jane";
descriptor.FamilyName = "Doe";
descriptor.Gender = "female";
descriptor.Birthdate = "0000-10-31";
descriptor.Email = "*****@*****.**";
descriptor.Picture = "http://example.com/janedoe/me.jpg";
var writer = new JwtWriter();
var jwt = writer.WriteTokenString(descriptor);
Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwiZXhwIjoxMzExMjgxOTcwLCJpYXQiOjEzMTEyODA5NzAsIm5hbWUiOiJKYW5lIERvZSIsImdpdmVuX25hbWUiOiJKYW5lIiwiZmFtaWx5X25hbWUiOiJEb2UiLCJnZW5kZXIiOiJmZW1hbGUiLCJiaXJ0aGRhdGUiOiIwMDAwLTEwLTMxIiwiZW1haWwiOiJqYW5lZG9lQGV4YW1wbGUuY29tIiwicGljdHVyZSI6Imh0dHA6Ly9leGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyJ9.", jwt);
//Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOlx1MDAyZlx1MDAyZnNlcnZlci5leGFtcGxlLmNvbSIsInN1YiI6IjI0ODI4OTc2MTAwMSIsImF1ZCI6InM2QmhkUmtxdDMiLCJub25jZSI6Im4tMFM2X1d6QTJNaiIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwLCJuYW1lIjoiSmFuZSBEb2UiLCJnaXZlbl9uYW1lIjoiSmFuZSIsImZhbWlseV9uYW1lIjoiRG9lIiwiZ2VuZGVyIjoiZmVtYWxlIiwiYmlydGhkYXRlIjoiMDAwMC0xMC0zMSIsImVtYWlsIjoiamFuZWRvZUBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJodHRwOlx1MDAyZlx1MDAyZmV4YW1wbGUuY29tXHUwMDJmamFuZWRvZVx1MDAyZm1lLmpwZyJ9.", jwt);
}
public void Create()
{
var descriptor = new IdTokenDescriptor(SignatureAlgorithm.None, Jwk.None)
{
Payload = new JwtPayload
{
{ "iss", "http://server.example.com" },
{ "sub", "248289761001" },
{ "aud", "s6BhdRkqt3" },
{ "nonce", "n-0S6_WzA2Mj" },
{ "exp", 1311281970 },
{ "iat", 1311280970 },
{ "name", "Jane Doe" },
{ "given_name", "Jane" },
{ "family_name", "Doe" },
{ "gender", "female" },
{ "birthdate", "0000-10-31" },
{ "email", "*****@*****.**" },
{ "picture", "http://example.com/janedoe/me.jpg" }
}
};
var writer = new JwtWriter();
var jwt = writer.WriteTokenString(descriptor);
Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwiZXhwIjoxMzExMjgxOTcwLCJpYXQiOjEzMTEyODA5NzAsIm5hbWUiOiJKYW5lIERvZSIsImdpdmVuX25hbWUiOiJKYW5lIiwiZmFtaWx5X25hbWUiOiJEb2UiLCJnZW5kZXIiOiJmZW1hbGUiLCJiaXJ0aGRhdGUiOiIwMDAwLTEwLTMxIiwiZW1haWwiOiJqYW5lZG9lQGV4YW1wbGUuY29tIiwicGljdHVyZSI6Imh0dHA6Ly9leGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyJ9.", jwt);
//Assert.Equal("eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOlx1MDAyZlx1MDAyZnNlcnZlci5leGFtcGxlLmNvbSIsInN1YiI6IjI0ODI4OTc2MTAwMSIsImF1ZCI6InM2QmhkUmtxdDMiLCJub25jZSI6Im4tMFM2X1d6QTJNaiIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwLCJuYW1lIjoiSmFuZSBEb2UiLCJnaXZlbl9uYW1lIjoiSmFuZSIsImZhbWlseV9uYW1lIjoiRG9lIiwiZ2VuZGVyIjoiZmVtYWxlIiwiYmlydGhkYXRlIjoiMDAwMC0xMC0zMSIsImVtYWlsIjoiamFuZWRvZUBleGFtcGxlLmNvbSIsInBpY3R1cmUiOiJodHRwOlx1MDAyZlx1MDAyZmV4YW1wbGUuY29tXHUwMDJmamFuZWRvZVx1MDAyZm1lLmpwZyJ9.", jwt);
}
private static JwsWrapper CreateDescriptor(SignatureAlgorithm algorithm)
{
var jwk = algorithm.Category switch
{
Cryptography.AlgorithmCategory.None => Jwk.None,
Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm),
Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
_ => throw new InvalidOperationException()
};
var descriptor = new JwsDescriptor(jwk, algorithm)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
};
var policy = new TokenValidationPolicyBuilder()
.RequireSignature("https://idp.example.com/", jwk, algorithm)
.Build();
var writer = new JwtWriter();
return(new JwsWrapper(writer.WriteToken(descriptor), algorithm, policy));
}
}
public void Encode_Decode(string alg)
{
var(signingKey, validationKey) = SelectKeys(alg);
var writer = new JwtWriter();
var descriptor = new JwsDescriptor(signingKey, (SignatureAlgorithm)alg)
{
Payload = new JwtPayload
{
{ "sub", "Alice" }
}
};
var token = writer.WriteTokenString(descriptor);
var policy = new TokenValidationPolicyBuilder()
.RequireSignatureByDefault(validationKey, (SignatureAlgorithm)alg)
.Build();
var result = Jwt.TryParse(token, policy, out var jwt);
Assert.True(result);
Assert.True(jwt.Payload.TryGetClaim("sub", out var sub));
Assert.Equal("Alice", sub.GetString());
jwt.Dispose();
}
public void Write()
{
var descriptor = new SecurityEventTokenDescriptor
{
Type = "secevent+jwt",
Algorithm = SignatureAlgorithm.None,
Issuer = "https://scim.example.com",
IssuedAt = EpochTime.ToDateTime(1458496404),
JwtId = "4d3559ec67504aaba65d40b0363faad8",
Audiences = new List <string> {
"https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7"
}
};
var @event = new ScimCreateEvent
{
Ref = "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9",
Attributes = { "id", "name", "userName", "password", "emails" }
};
descriptor.AddEvent("urn:ietf:params:scim:event:create", @event);
var writer = new JwtWriter();
var jwt = writer.WriteTokenString(descriptor);
#if !NETSTANDARD2_0
Assert.Equal("eyJ0eXAiOiJzZWNldmVudCtqd3QiLCJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJpYXQiOjE0NTg0OTY0MDQsImp0aSI6IjRkMzU1OWVjNjc1MDRhYWJhNjVkNDBiMDM2M2ZhYWQ4IiwiYXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0ZlZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybjppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1MjFkOSIsImF0dHJpYnV0ZSI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxzIl19fX0.", jwt);
#else
Assert.Equal("eyJ0eXAiOiJzZWNldmVudFx1MDAyQmp3dCIsImFsZyI6Im5vbmUifQ.eyJpc3MiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJpYXQiOjE0NTg0OTY0MDQsImp0aSI6IjRkMzU1OWVjNjc1MDRhYWJhNjVkNDBiMDM2M2ZhYWQ4IiwiYXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0ZlZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybjppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1MjFkOSIsImF0dHJpYnV0ZSI6WyJpZCIsIm5hbWUiLCJ1c2VyTmFtZSIsInBhc3N3b3JkIiwiZW1haWxzIl19fX0.", jwt);
#endif
}
protected string EncryptKey(IConsole console, JsonWebToken.Jwk key)
{
if (_password is null)
{
return(key.ToString());
}
var alg = KeyManagementAlgorithm.Pbes2HS256A128KW;
var enc = EncryptionAlgorithm.A128CbcHS256;
console.Verbose(
$@"Encrypting the JWK...
Algorithm: {alg}
Encryption algorithm: {enc}
Password derivation iteration count: {_iterationCount}
Password derivation salt size: {_saltSize} bits");
var encryptionKey = PasswordBasedJwk.FromPassphrase(_password, iterationCount: _iterationCount, saltSizeInBytes: _saltSize);
var writer = new JwtWriter();
var descriptor = new JwkJweDescriptor(encryptionKey, alg, enc)
{
Payload = key
};
var result = writer.WriteTokenString(descriptor);
console.Verbose("JWK encrypted.");
return(result);
}
public void Write_Valid(string token)
{
var descriptor = _tokens.Descriptors[token];
JwtWriter writer = new JwtWriter();
var value = writer.WriteToken(descriptor);
var policy = new TokenValidationPolicyBuilder()
.WithDecryptionKeys(_keys.Jwks)
.IgnoreSignatureByDefault()
.Build();
var result = Jwt.TryParse(value, policy, out var jwt);
Assert.True(result);
if (!(descriptor is JwsDescriptor jwsPayload))
{
if (!(descriptor is JweDescriptor jwePayload))
{
throw new Xunit.Sdk.IsNotTypeException(typeof(JwtDescriptor), descriptor);
}
jwsPayload = jwePayload.Payload;
}
Assert.NotNull(jwsPayload);
if (jwsPayload.Payload.Count > 0)
{
Assert.True(jwt.Payload.TryGetClaim("iat", out var iat));
Assert.True(jwt.Payload.TryGetClaim("exp", out var exp));
Assert.True(jwt.Payload.TryGetClaim("iss", out var iss));
Assert.True(jwt.Payload.TryGetClaim("aud", out var aud));
Assert.True(jwt.Payload.TryGetClaim("jti", out var jti));
}
}
public void Compatible(EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
var writer = new JwtWriter();
foreach (var encryptionKey in SelectEncryptionKey(enc.Name.ToString(), alg.Name.ToString()))
{
var descriptor = new JweDescriptor(encryptionKey, alg, enc)
{
Payload = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
{ "sub", "Alice" }
}
}
};
var token = writer.WriteToken(descriptor);
var policy = new TokenValidationPolicyBuilder()
.RequireSignatureByDefault(_signingKey)
.WithDecryptionKeys(_keys.Jwks)
.Build();
var result = Jwt.TryParse(token, policy, out var jwt);
Assert.True(result);
Assert.True(jwt.Payload.TryGetClaim("sub", out var sub));
Assert.Equal("Alice", sub.GetString());
jwt.Dispose();
}
}
/// <summary>
///
/// </summary>
/// <param name="eventEndpoint"></param>
public AuditTrailClient(string eventEndpoint, string scope, TokenClientOptions tokenClientOptions)
{
if (eventEndpoint is null)
{
throw new ArgumentNullException(nameof(eventEndpoint));
}
if (scope is null)
{
throw new ArgumentNullException(nameof(scope));
}
if (tokenClientOptions is null)
{
throw new ArgumentNullException(nameof(tokenClientOptions));
}
_httpClient = new HttpClient();
_sink = new NullSink();
_logger = new ConsoleLogger <AuditTrailClient>();
_writer = new JwtWriter();
_store = new NullStore();
_options = new AuditTrailClientOptions
{
DeliveryEndpoint = eventEndpoint,
AccessTokenScope = scope,
TokenClientOptions = tokenClientOptions
};
_accessTokenAcquirer = new DefaultAccessTokenAcquirer(
new ConsoleLogger <DefaultAccessTokenAcquirer>(),
new TokenClient(new HttpClient(), tokenClientOptions),
Options.Create(_options));
}
public void Write_Success()
{
var descriptor = new SecEventDescriptor(Jwk.None, SignatureAlgorithm.None)
{
Payload = new JwtPayload
{
{ "iss", "https://scim.example.com" },
{ "iat", 1458496404 },
{ "jti", "4d3559ec67504aaba65d40b0363faad8" },
{ "aud", new [] { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } },
{ "events", new JsonObject
{
{ "urn:ietf:params:scim:event:create", new ScimCreateEvent
{
Ref = "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9",
Attributes = { "id", "name", "userName", "password", "emails" }
} }
} }
}
};
var writer = new JwtWriter();
var jwt = writer.WriteTokenString(descriptor);
AssertJwt.Equal("eyJhbGciOiJub25lIiwidHlwIjoic2VjZXZlbnQrand0In0.eyJpc3MiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20iLCJpYXQiOjE0NTg0OTY0MDQsImp0aSI6IjRkMzU1OWVjNjc1MDRhYWJhNjVkNDBiMDM2M2ZhYWQ4IiwiYXVkIjpbImh0dHBzOi8vc2NpbS5leGFtcGxlLmNvbS9GZWVkcy85OGQ1MjQ2MWZhNWJiYzg3OTU5M2I3NzU0IiwiaHR0cHM6Ly9zY2ltLmV4YW1wbGUuY29tL0ZlZWRzLzVkNzYwNDUxNmIxZDA4NjQxZDc2NzZlZTciXSwiZXZlbnRzIjp7InVybjppZXRmOnBhcmFtczpzY2ltOmV2ZW50OmNyZWF0ZSI6eyJyZWYiOiJodHRwczovL3NjaW0uZXhhbXBsZS5jb20vVXNlcnMvNDRmNjE0MmRmOTZiZDZhYjYxZTc1MjFkOSIsImF0dHJpYnV0ZXMiOlsiaWQiLCJuYW1lIiwidXNlck5hbWUiLCJwYXNzd29yZCIsImVtYWlscyJdfX19.", jwt);
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var signatureKey = new SymmetricJwk("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a symmetric key for encryption
var encryptionKey = new SymmetricJwk("R9MyWaEoyiMYViVWo8Fk4T");
// Creates a JWE descriptor with all its properties
var descriptor = new JweDescriptor <JwsDescriptor>()
{
EncryptionKey = encryptionKey,
EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256,
Algorithm = KeyManagementAlgorithm.Aes128KW,
Payload = new JwsDescriptor
{
SigningKey = signatureKey,
Algorithm = SignatureAlgorithm.HmacSha256,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = "https://idp.example.com/",
Audience = "636C69656E745F6964"
}
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor()
{
SigningKey = key,
Algorithm = SignatureAlgorithm.HmacSha256,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = "https://idp.example.com/",
Audience = "636C69656E745F6964"
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public void Write_Valid(string token)
{
var descriptor = _tokens.Descriptors[token];
JwtWriter writer = new JwtWriter();
var value = writer.WriteToken(descriptor);
var reader = new JwtReader(_keys.Jwks);
var result = reader.TryReadToken(value, TokenValidationPolicy.NoValidation);
Assert.Equal(TokenValidationStatus.Success, result.Status);
var jwt = result.Token;
if (!(descriptor is JwsDescriptor jwsPayload))
{
if (!(descriptor is JweDescriptor jwePayload))
{
throw new Xunit.Sdk.IsNotTypeException(typeof(JwtDescriptor), descriptor);
}
jwsPayload = jwePayload.Payload;
}
Assert.NotNull(jwsPayload);
Assert.Equal(jwsPayload.IssuedAt, jwt.IssuedAt);
Assert.Equal(jwsPayload.ExpirationTime, jwt.ExpirationTime);
Assert.Equal(jwsPayload.Issuer, jwt.Issuer);
Assert.Equal(jwsPayload.Audiences?.FirstOrDefault(), jwt.Audiences?.FirstOrDefault());
Assert.Equal(jwsPayload.JwtId, jwt.Id);
}
private static void Main()
{
Console.WriteLine("Starting...");
//var span = _jws.Span;
var writer = new JwtWriter();
while (true)
{
//ParseSimpleJson();
//ParseComplexJson();
//Encode6(writer);
Core();
Managed();
}
}
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwtDescriptor descriptor, string?claim = null)
{
switch (status)
{
case TokenValidationStatus.SignatureKeyNotFound:
descriptor.Header.Add(JwtHeaderParameterNames.Kid, "x");
break;
case TokenValidationStatus.MissingEncryptionAlgorithm:
descriptor.Header.Add(JwtHeaderParameterNames.Enc, (object)null !);
break;
}
var token = descriptor;
var writer = new JwtWriter();
writer.IgnoreTokenValidation = true;
var jwt = writer.WriteTokenString(token);
switch (status)
{
case TokenValidationStatus.MalformedToken:
jwt = "/" + jwt.Substring(0, jwt.Length - 1);
break;
case TokenValidationStatus.InvalidSignature:
var parts = jwt.Split('.');
parts[2] = new string(parts[2].Reverse().ToArray());
jwt = parts[0] + "." + parts[1] + "." + parts[2];
break;
case TokenValidationStatus.MalformedSignature:
jwt = jwt.Substring(0, jwt.Length - 2);
break;
case TokenValidationStatus.MissingSignature:
parts = jwt.Split('.');
jwt = parts[0] + "." + parts[1] + ".";
break;
default:
break;
}
return(new TokenState(jwt, status));
}
private static byte[] Encode6(JwtWriter writer)
{
JweDescriptor descriptor = new JweDescriptor(encryptionKey1, KeyManagementAlgorithm.Dir, EncryptionAlgorithm.A256Gcm)
{
Payload = new JwsDescriptor(signingKey3, SignatureAlgorithm.RS256)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, 1500000000L },
{ JwtClaimNames.Exp, 2000000000L },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" },
{ JwtClaimNames.Sub, "*****@*****.**" },
{ JwtClaimNames.Jti, "12345667890" }
}
}
};
return(writer.WriteToken(descriptor));
}
public void Write_Success()
{
const string expectedToken = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwic3ViIjoiMjQ4Mjg5NzYxMDAxIiwiYXVkIjoiczZCaGRSa3F0MyIsImV4cCI6MTMxMTI4MTk3MCwiaWF0IjoxMzExMjgwOTcwfQ.";
var descriptor = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None)
{
Payload = new JwtPayload
{
{ "iss", "http://server.example.com" },
{ "sub", "248289761001" },
{ "aud", "s6BhdRkqt3" },
{ "exp", 1311281970 },
{ "iat", 1311280970 }
}
};
var writer = new JwtWriter();
var jwt = writer.WriteTokenString(descriptor);
Assert.Equal(expectedToken, jwt);
}
public void Encode_Decode_NotSupported()
{
var writer = new JwtWriter();
var descriptor = new JweDescriptor(Jwk.None, KeyManagementAlgorithm.Dir, new EncryptionAlgorithm(AlgorithmId.Undefined, "unsupported", 0, SignatureAlgorithm.None, 0, EncryptionType.NotSupported))
{
Payload = new JwsDescriptor(_signingKey, SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
{ "sub", "Alice" }
}
}
};
Assert.Throws <NotSupportedException>(() =>
{
var token = writer.WriteToken(descriptor);
});
}
public void Encode_Decode_NotSupported()
{
var writer = new JwtWriter();
var descriptor = new JweDescriptor
{
EncryptionAlgorithm = new EncryptionAlgorithm(-99, "unsupported", 0, SignatureAlgorithm.None, 0, EncryptionType.Undefined),
Algorithm = KeyManagementAlgorithm.Direct,
Payload = new JwsDescriptor
{
SigningKey = _signingKey,
Algorithm = SignatureAlgorithm.HmacSha256,
Subject = "Alice"
}
};
Assert.Throws <NotSupportedException>(() =>
{
var token = writer.WriteToken(descriptor);
});
}
public string GenerateToken(User user)
{
var descriptor = new JwsDescriptor {
SigningKey = _key,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = _configuration["ISSUER"],
Audience = _configuration["AUDIENCE"],
Subject = user.Id,
Algorithm = SignatureAlgorithm.RsaSha256
};
descriptor.AddClaim("https://hasura.io/jwt/claims", JsonSerializer.Serialize(new HasuraClaim {
UserId = user.Id,
DefaultRole = "user",
Roles = new[] { "user" }
}));
var writer = new JwtWriter();
return(writer.WriteTokenString(descriptor));
}
public AuditTrailClient(HttpClient httpClient, IOptions <AuditTrailClientOptions> options, IAuditTrailSink sink, IAuditTrailStore store, ILogger <AuditTrailClient> logger, IAccessTokenAcquirer tokenAcquirer, IHostEnvironment?env = null)
{
if (options is null)
{
throw new ArgumentNullException(nameof(options));
}
_httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
_sink = sink ?? throw new ArgumentNullException(nameof(sink));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_accessTokenAcquirer = tokenAcquirer ?? throw new ArgumentNullException(nameof(tokenAcquirer));
_store = store ?? throw new ArgumentNullException(nameof(store));
_env = env;
_options = options.Value;
if (_options.DeliveryEndpoint is null)
{
throw new ArgumentException("The delivery endpoint is not defined.", nameof(options));
}
_writer = new JwtWriter();
}
static void Main()
{
// Creates a symmetric key for encryption
var encryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");
// Creates a JWE descriptor with all its properties
var descriptor = new PlaintextJweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
{
Payload = "Life long and prosper."
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
private static TokenState CreateInvalidToken(TokenValidationStatus status, JwtDescriptor descriptor)
{
switch (status)
{
case TokenValidationStatus.SignatureKeyNotFound:
descriptor.Header.Replace(new JwtProperty(HeaderParameters.KidUtf8, (string)descriptor.Header[HeaderParameters.KidUtf8].Value + "x"));
break;
case TokenValidationStatus.MissingEncryptionAlgorithm:
descriptor.Header.Replace(new JwtProperty(HeaderParameters.EncUtf8));
break;
}
var token = descriptor;
var writer = new JwtWriter();
//writer.IgnoreTokenValidation = true;
var jwt = writer.WriteTokenString(token);
switch (status)
{
case TokenValidationStatus.MalformedToken:
jwt = "/" + jwt.Substring(0, jwt.Length - 1);
break;
case TokenValidationStatus.InvalidSignature:
var parts = jwt.Split('.');
parts[2] = new string(parts[2].Reverse().ToArray());
jwt = parts[0] + "." + parts[1] + "." + parts[2];
break;
case TokenValidationStatus.MalformedSignature:
jwt = jwt.Substring(0, jwt.Length - 2);
break;
case TokenValidationStatus.MissingSignature:
parts = jwt.Split('.');
jwt = parts[0] + "." + parts[1] + ".";
break;
default:
break;
}
return new TokenState(jwt, status);
}
public void Write_Binary()
{
var data = new byte[256];
FillData(data);
var key = new RsaJwk
(
n: "sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1WlUzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDprecbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBIY2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw",
e: "AQAB",
d: "VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-rynq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-KyvjT1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ",
p: "9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEPkrdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM",
q: "uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-yBhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0",
dp: "w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuvngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcraHawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs",
dq: "o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU",
qi: "eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlCtUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZB9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo"
)
{
Alg = KeyManagementAlgorithm.RsaPkcs1.Utf8Name
};
var descriptor = new BinaryJweDescriptor(data);
descriptor.EncryptionKey = key;
descriptor.EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256;
descriptor.Algorithm = KeyManagementAlgorithm.RsaPkcs1;
JwtWriter writer = new JwtWriter();
var value = writer.WriteToken(descriptor);
Assert.NotNull(value);
var reader = new JwtReader(key);
var result = reader.TryReadToken(value, TokenValidationPolicy.NoValidation);
Assert.Equal(TokenValidationStatus.Success, result.Status);
var jwt = result.Token;
Assert.Equal(data, jwt.Binary);
}
public void Write_Utf8ToEscape()
{
var plaintext = "Live long and prosper!€";
var descriptor = new PlaintextJweDescriptor(RsaKey, KeyManagementAlgorithm.Rsa1_5, EncryptionAlgorithm.A128CbcHS256);
descriptor.Payload = plaintext;
JwtWriter writer = new JwtWriter();
var value = writer.WriteToken(descriptor);
var policy = new TokenValidationPolicyBuilder()
.WithDecryptionKey(RsaKey)
.IgnoreSignatureByDefault()
.Build();
var result = Jwt.TryParse(value, policy, out var jwt);
Assert.True(result);
Assert.Equal(plaintext, jwt.Plaintext);
}
static void Main()
{
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor()
{
Algorithm = SignatureAlgorithm.None,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = "https://idp.example.com/",
Audience = "636C69656E745F6964"
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public void Write_Utf8ToEscape()
{
var plaintext = "Live long and prosper!€";
var descriptor = new PlaintextJweDescriptor(plaintext);
descriptor.EncryptionKey = RsaKey;
descriptor.EncryptionAlgorithm = EncryptionAlgorithm.Aes128CbcHmacSha256;
descriptor.Algorithm = KeyManagementAlgorithm.RsaPkcs1;
JwtWriter writer = new JwtWriter();
var value = writer.WriteToken(descriptor);
var reader = new JwtReader(RsaKey);
var result = reader.TryReadToken(value, TokenValidationPolicy.NoValidation);
Assert.Equal(TokenValidationStatus.Success, result.Status);
var jwt = result.Token;
Assert.Equal(plaintext, jwt.Plaintext);
}
