public void VerifyGoogleToken(string idToken) { if (idToken != null) { try { JwtSecurityToken token = new JwtSecurityToken(idToken); JwtSecurityTokenHandler jsth = new JwtSecurityTokenHandler(); string audience = token.Audiences.ToString(); Byte[][] certBytes = SOSCodecs.getGoogleCertBytes(); Dictionary <String, X509Certificate2> certificates = new Dictionary <string, X509Certificate2>(); for (int i = 0; i < certBytes.Length; i++) { X509Certificate2 certificate = new X509Certificate2(certBytes[i]); certificates.Add(certificate.Thumbprint, certificate); } // Set up token validation TokenValidationParameters tvp = new TokenValidationParameters() { ValidateActor = false, ValidAudience = ConfigProvider.ConfigurationStore.GoogleClientID, ValidateIssuer = true, ValidIssuer = "accounts.google.com", ValidateIssuerSigningKey = true, RequireSignedTokens = true, CertificateValidator = X509CertificateValidator.None, IssuerSigningKeyResolver = (s, securityToken, identifier, parameter) => { return(identifier.Select(x => { if (certificates.ContainsKey(x.Id.ToUpper())) { return new X509SecurityKey(certificates[x.Id.ToUpper()]); } return null; }).First(x => x != null)); }, ValidateLifetime = false, RequireExpirationTime = true, ClockSkew = TimeSpan.FromHours(12) }; SecurityToken validateToken; ClaimsPrincipal cp = jsth.ValidateToken(idToken, tvp, out validateToken); if (cp != null) { _IsTokenValid = true; } } catch (Exception e) { _IsTokenValid = false; } } }
private void ExtractEnvelopeInfo() { string envelopeText = _RawToken.Envelope; try { _Envelope = SOSCodecs.Deserialize(envelopeText, typeof(JWTEnvelope)) as JWTEnvelope; } catch (Exception ex) { throw new SerializationException(string.Format("Failed To Deserialize Base 64 encoded JWT Envelope to JSON Object. Text:{0}", envelopeText), ex); } }
private void ExtractClaimsInfo() { string claimsText = _RawToken.Claims; try { _Claims = SOSCodecs.Deserialize(claimsText, typeof(JWTClaims)) as JWTClaims; } catch (Exception ex) { throw new SerializationException(string.Format("Failed To Deserialize Base 64 encoded JWT Claims to JSON Object. Text:{0}", claimsText), ex); } }
private void VerifySignatureInfo() { int ikid = 0; if (!int.TryParse(_Envelope.kid, out ikid)) { throw new ArgumentOutOfRangeException("Key ID should be a number more than 0, PassedVal:" + _Envelope.kid); } if (ikid > ConfigProvider.ConfigurationStore.LiveAuthKeyCount) { throw new ArgumentOutOfRangeException(string.Format("Key ID: {0}, is not configured properly or not loaded.", ikid)); } _CurrentSecretKey = ConfigProvider.ConfigurationStore.LiveAuthKeys[ikid]; byte[] bKey = SOSCodecs.UTF8Encoder.GetBytes(_CurrentSecretKey + "JWTSig"); SHA256Managed SHAprovider = SecurityCodecs.SHA256CryptoProvider; byte[] bCryptKey = SHAprovider.ComputeHash(bKey); byte[] bCombined = SOSCodecs.UTF8Encoder.GetBytes(_RawToken.Envelope + "." + _RawToken.Claims); SecurityCodecs codec = new SecurityCodecs(); HMACSHA256 HMACHACryptoProvider = codec.HMACSHA256Provider(bCryptKey); _IsTokenValid = SOSCodecs.UrlEncode(HMACHACryptoProvider.ComputeHash(bCombined)) == _RawToken.Signature; codec.Dispose(); SHAprovider.Clear(); SHAprovider.Dispose(); HMACHACryptoProvider.Clear(); HMACHACryptoProvider.Dispose(); }