public void TestPublicKeyIsStoredInPemFormat() { var result = SigningKey.Create(); Assert.IsTrue(result.PublicKey.StartsWith("-----BEGIN PUBLIC KEY-----\n")); Assert.IsTrue(result.PublicKey.EndsWith("-----END PUBLIC KEY-----\n")); }
protected override async Task ExecuteAsync(CancellationToken stoppingToken) { while (!stoppingToken.IsCancellationRequested) { _logger.LogInformation($"Worker running at {DateTime.Now}"); var key = SigningKey.Create(); var response = await _metrics.KeyGenerationWorker().RecordTimeToSavePublicKey(async() => await SaveKey(key.PublicKey, stoppingToken)); switch (response) { case KeyCreatedResponse createdResponse: key.KeyId = createdResponse.Id; _keyContainer.SetKey(key); break; case ProblemDetails _: _metrics.KeyGenerationWorker().MarkErrorSavingToKeyService(); _logger.LogError("problem while saving public key"); break; default: _metrics.KeyGenerationWorker().MarkErrorUnhandledType(); _logger.LogError("unhandled type"); break; } await Task.Delay(TimeSpan.FromSeconds(_keyGenerationConfig.TimeBetweenGenerationInSeconds), stoppingToken); } }
public void TestThatIsValidReturnsFalseForInvalidSignatures() { var signingKey = new SigningKey("secret"); var paymentCompletedResponse = PaymentCompletedResponse.CreateInstance("1", "CANCELLED", "ffb94fef027526bab3f98eaa432974daea4e743f09de86ab732208497805bb12", signingKey); Assert.IsNull(paymentCompletedResponse, "The given payment complete response was valid, but should be invalid"); }
public void GetSigningKeyAsyncCallResultShouldBe( string signingKey) { _scenarioContext .GetCallResult <SigningKey>() .ShouldBe(SigningKey.Parse(signingKey)); }
protected async Task <IActionResult> GenerateJWTToken(TUser user) { var rolesAndScopes = await AuthenticationHelper.GetRolesAndScopesAsync(user, _userManager, _roleManager); var roles = rolesAndScopes.Roles; var scopes = rolesAndScopes.Scopes; if (!string.IsNullOrWhiteSpace(_privateSigningKeyPath)) { var key = SigningKey.LoadPrivateRsaSigningKey(_privateSigningKeyPath); var results = JwtTokenHelper.CreateJwtTokenSigningWithRsaSecurityKey(user.Id, user.UserName, user.Email, roles, _tokenExpiryMinutes, key, _localIssuer, _audience, scopes.ToArray()); return(Created("", results)); } else if (!string.IsNullOrWhiteSpace(_privateSigningCertificatePassword)) { var key = SigningKey.LoadPrivateSigningCertificate(_privateSigningCertificatePath, _privateSigningCertificatePassword); var results = JwtTokenHelper.CreateJwtTokenSigningWithCertificateSecurityKey(user.Id, user.UserName, user.Email, roles, _tokenExpiryMinutes, key, _localIssuer, _audience, scopes.ToArray()); return(Created("", results)); } else { var key = SigningKey.LoadSymmetricSecurityKey(_privateSymmetricKey); var results = JwtTokenHelper.CreateJwtTokenSigningWithKey(user.Id, user.UserName, user.Email, roles, _tokenExpiryMinutes, key, _localIssuer, _audience, scopes.ToArray()); return(Created("", results)); } }
internal override TpmHash GetPolicyDigest(TpmAlgId hashAlg) { // Authorize results in a REPLACEMENT not an extend of the previous policy. var zeroHash = new TpmHash(hashAlg); TpmHash atEnd = PolicyUpdate(zeroHash, TpmCc.PolicyAuthorize, SigningKey.GetName(), PolicyRef); return(atEnd); }
public bool Equals(BusinessKey other) { if (other == null) { return(false); } return(ClientId.Equals(other.ClientId) && SigningKey.Equals(other.SigningKey)); }
public void TestCreateReturnsPrivateAndPublicKey() { var result = SigningKey.Create(); Assert.NotNull(result.PrivateKey); Assert.NotNull(result.PublicKey); Assert.NotNull(result.CreatedAt); }
public void TestThatLettersinOrderIdIsValid() { var signingKey = new SigningKey("secret"); var paymentCompletedResponse = PaymentCompletedResponse.CreateInstance("Test1234", "COMPLETED", "bf4f5b787d954296b9c2e15028c2311df5e31a3d94c540e361faf1d0951b7858041089d430e17730f1efd3a308881c094355f55e09b993ca53f2063859d1eb4b", signingKey); Assert.IsNotNull(paymentCompletedResponse); Assert.AreEqual("Test1234", paymentCompletedResponse.OrderId); Assert.AreEqual("COMPLETED", paymentCompletedResponse.Status); }
public void TestThatIsValidReturnsTrueForAValidSignature() { var signingKey = new SigningKey("secret"); var paymentCompletedResponse = PaymentCompletedResponse.CreateInstance("1", "COMPLETED", "b890b2f3c6f102bb853ed448dd58d2c13cc695541f5eecca713470e68ced6f2c1a5f5ddd529a732ff51a019126ffefa8bd1d0193b596b393339ffcbf6f335241", signingKey); Assert.IsNotNull(paymentCompletedResponse); Assert.AreEqual("1", paymentCompletedResponse.OrderId); Assert.AreEqual("COMPLETED", paymentCompletedResponse.Status); }
public void TestThatIsValidReturnsTrueForUnderscoreInStatus() { var signingKey = new SigningKey("secret"); var paymentCompletedResponse = PaymentCompletedResponse.CreateInstance("1", "IN_PROGRESS", "1a551027bc3cc041a56b9efa252640c76b2e5815f816dd123fa1b32b4683729e904b5fa711870b956f1d9b16c714168d129068a48f875c2f91185d6c18eccf61", signingKey); Assert.IsNotNull(paymentCompletedResponse); Assert.AreEqual("1", paymentCompletedResponse.OrderId); Assert.AreEqual("IN_PROGRESS", paymentCompletedResponse.Status); }
public void TestCalculateBase64EncodedKey() { var signingKey = new SigningKey(Convert.FromBase64String("AHwD9V0BWrG8I39BnWmcQQ==")); var left = new SignableSpy(new List <string> { "", "foo", "", "bar", "" }); Assert.AreEqual(left.GetCalculatedSignature(signingKey), "de414646b65ac54f045716e5e79e3b5ab2d78db1e5e5bd24e9c2c8e87ad21c2795814d7a0a551b7fc8c3cb75cbcc62ca556078a10f4591ba48025fe9096786ee"); }
public void Dispose() { if (SigningKey != null) { SigningKey.Dispose(); } if (EncryptionKey != null) { EncryptionKey.Dispose(); } }
public Task VASPSetItsContractSigningKeyTo( string signingKey) { return(_scenarioContext .GetContractByType <VASPContract>() .SetSigningKey ( owner: _accounts.Owner, signingKey: SigningKey.Parse(signingKey) )); }
public async Task VASPSetItsContractSigningKeyTo( string signingKey) { await _scenarioContext .GetContractByType <VASPContract>() .SetSigningKeyAsync ( owner: await _accounts.GetOwnerAsync(), signingKey: SigningKey.Parse(signingKey) ); }
public static T CreateInstance <T>(string json, SigningKey signingKey) where T : Response { if (string.IsNullOrWhiteSpace(json)) { return(default(T)); } var response = JsonHelper.Deserialize <T>(json); response.ValidateSignature(signingKey); return(response); }
public OmniKassaApiClient(string refreshToken, string signingKey, bool testMode = false) { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; var tokenProvider = new InMemoryTokenProvider(refreshToken); if (testMode) { _baseUrl += "-sandbox"; } _baseUrl += "/"; _connector = new ApiConnector(new HttpClientRestTemplate(_baseUrl), tokenProvider); _signingKey = new SigningKey(Convert.FromBase64String(signingKey)); }
public void TestCalculateSignatureNullIsEmptyString() { var signingKey = new SigningKey("testKey"); var left = new SignableSpy(new List <string> { null, "foo", null, "bar", null }); var right = new SignableSpy(new List <string> { "", "foo", "", "bar", "" }); Assert.AreEqual(left.GetCalculatedSignature(signingKey), right.GetCalculatedSignature(signingKey)); }
public PrivateKey(string label, bool eighteenByteRipe = false) { var startTime = DateTime.Now; Label = label; RNGCryptoServiceProvider rnd = new RNGCryptoServiceProvider(); byte[] potentialPrivSigningKey = new byte[32]; rnd.GetBytes(potentialPrivSigningKey); SigningKey = ECDSA.PointMult(potentialPrivSigningKey); int numberOfAddressesWeHadToMakeBeforeWeFoundOneWithTheCorrectRipePrefix = 0; byte[] ripemd160; byte[] potentialPrivEncryptionKey = new byte[32]; while (true) { numberOfAddressesWeHadToMakeBeforeWeFoundOneWithTheCorrectRipePrefix += 1; rnd.GetBytes(potentialPrivEncryptionKey); EncryptionKey = ECDSA.PointMult(potentialPrivEncryptionKey); byte[] buff = SigningKey.Concatenate(EncryptionKey); byte[] sha = new SHA512Managed().ComputeHash(buff); ripemd160 = RIPEMD160.Create().ComputeHash(sha); if (eighteenByteRipe) { if ((ripemd160[0] == 0) && (ripemd160[1] == 0)) { break; } } else { if (ripemd160[0] == 0) { break; } } } // NonceTrialsPerByte используется значение по умолчанию // payloadLengthExtraBytes используется значение по умолчанию PrivSigningKeyWif = PrivateKey2Wif(potentialPrivSigningKey); PrivEncryptionKeyWif = PrivateKey2Wif(potentialPrivEncryptionKey); Status = Status.Valid; }
protected async Task <IActionResult> GenerateJWTToken(TUser user) { //Add roles var roles = await _userManager.GetRolesAsync(user); var scopes = (await _userManager.GetClaimsAsync(user)).Where(c => c.Type == "scope").Select(c => c.Value).ToHashSet(); var ownerRole = await _roleManager.FindByNameAsync("authenticated"); if (ownerRole != null) { var roleScopes = (await _roleManager.GetClaimsAsync(ownerRole)).Where(c => c.Type == "scope").Select(c => c.Value).ToList(); foreach (var scope in roleScopes) { scopes.Add(scope); } } //Add role scopes. foreach (var roleName in roles) { var role = await _roleManager.FindByNameAsync(roleName); if (role != null) { var roleScopes = (await _roleManager.GetClaimsAsync(role)).Where(c => c.Type == "scope").Select(c => c.Value).ToList(); foreach (var scope in roleScopes) { scopes.Add(scope); } } } if (!string.IsNullOrWhiteSpace(_privateSigningKeyPath)) { var key = SigningKey.LoadPrivateRsaSigningKey(_privateSigningKeyPath); var results = JwtTokenHelper.CreateJwtTokenSigningWithRsaSecurityKey(user.Id, user.UserName, roles, _tokenExpiryMinutes, key, _localIssuer, "api", scopes.ToArray()); return(Created("", results)); } else if (!string.IsNullOrWhiteSpace(_privateSigningCertificatePassword)) { var key = SigningKey.LoadPrivateSigningCertificate(_privateSigningCertificatePassword, _privateSigningCertificatePassword); var results = JwtTokenHelper.CreateJwtTokenSigningWithCertificateSecurityKey(user.Id, user.UserName, roles, _tokenExpiryMinutes, key, _localIssuer, "api", scopes.ToArray()); return(Created("", results)); } else { var results = JwtTokenHelper.CreateJwtTokenSigningWithKey(user.Id, user.UserName, roles, _tokenExpiryMinutes, _privateSymmetricKey, _localIssuer, "api", scopes.ToArray()); return(Created("", results)); } }
public void TestCalculateBase64EncodedVsTextKey() { var leftKey = new SigningKey(Convert.FromBase64String("c2VjcmV0")); var left = new SignableSpy(new List <string> { "", "foo", "", "bar", "" }); var rightKey = new SigningKey("secret"); var right = new SignableSpy(new List <string> { "", "foo", "", "bar", "" }); Assert.AreEqual(left.GetCalculatedSignature(leftKey), right.GetCalculatedSignature(rightKey)); }
public void TestCalculateSignatureDifferentKey() { var left = new SignableSpy(new List <string> { "foo", "bar" }); var leftKey = new SigningKey("testKey1"); var right = new SignableSpy(new List <string> { "foo", "bar" }); var rightKey = new SigningKey("testKey2"); Assert.AreNotEqual(left.GetCalculatedSignature(leftKey), right.GetCalculatedSignature(rightKey)); }
public static void AddJwtCookieAuthentication(this IServiceCollection services, string secret_key, string issuer = "NC", string audience = "NCUser") { var tokenValidationParameters = new TokenValidationParameters { // The signing key must match! ValidateIssuerSigningKey = true, IssuerSigningKey = SigningKey.GetSigningKey(secret_key), // Validate the JWT Issuer (iss) claim ValidateIssuer = true, ValidIssuer = issuer, // Validate the JWT Audience (aud) claim ValidateAudience = true, ValidAudience = audience, // Validate the token expiry ValidateLifetime = true, // If you want to allow a certain amount of clock drift, set that here: ClockSkew = TimeSpan.Zero }; services.AddAuthentication(o => { o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; o.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme; o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; } ).AddCookie((options) => { options.Cookie.Name = "access_token"; options.Cookie.HttpOnly = true; options.TicketDataFormat = new CustomJwtDataFormat( SecurityAlgorithms.HmacSha256, tokenValidationParameters); options.Events.OnRedirectToAccessDenied = (context) => { return(Task.Run(() => { context.Response.StatusCode = 401; })); }; options.Events.OnRedirectToLogin = (context) => { return(Task.Run(() => { context.Response.StatusCode = 401; })); }; }); }
public void TestCreateJwt() { var keyContainer = new Mock <IKeyContainer>(); var mockOptions = new Mock <IOptions <IdentityOptions> >(); mockOptions.Setup(x => x.Value).Returns(new IdentityOptions { ClaimsIdentity = new ClaimsIdentityOptions { SecurityStampClaimType = "security" } }); var key = SigningKey.Create(); key.KeyId = "keyId"; keyContainer.Setup(x => x.GetKey()).Returns(key); var mockIdentityConfigOption = new Mock <IOptions <IdentityConfig> >(); mockIdentityConfigOption.Setup(x => x.Value).Returns(new IdentityConfig { Audiences = new List <string> { "aud1", "aud2" }, Issuer = "auth_test", IssueForAudience = "issuer" }); var tokenFactory = new TokenFactory(keyContainer.Object, mockOptions.Object, mockIdentityConfigOption.Object); var claims = new [] { new Claim("name", "Alice"), new Claim("role", "sudo"), new Claim("security", "secure_data"), }; var claimsPrincipal = new Mock <ClaimsPrincipal>(); claimsPrincipal.Setup(x => x.Claims).Returns(claims); var handler = new JwtSecurityTokenHandler(); var token = handler.ReadJwtToken(tokenFactory.GenerateJwtToken(claimsPrincipal.Object)); Assert.AreEqual("keyId", token.Header.Kid); Assert.AreEqual("Alice", token.Claims.FirstOrDefault(x => x.Type == "name")?.Value); Assert.AreEqual("sudo", token.Claims.FirstOrDefault(x => x.Type == "role")?.Value); Assert.IsNull(token.Claims.FirstOrDefault(x => x.Type == "security")?.Value); }
protected void Page_Load(object sender, EventArgs e) { var orderId = Request.QueryString["order_id"]; var status = Request.QueryString["status"]; var signature = Request.QueryString["signature"]; var signingKey = new SigningKey(Convert.FromBase64String(WebConfigurationManager.AppSettings["SigningKey"])); var paymentCompletedResponse = PaymentCompletedResponse.CreateInstance(orderId, status, signature, signingKey); if (paymentCompletedResponse == null) { throw new Exception("The payment completed response was invalid."); } // Use these variables instead of using the URL parameters ($orderId and $status). Input validation has been performed on these values. var validatedMerchantOrderId = paymentCompletedResponse.OrderId; var validatedStatus = paymentCompletedResponse.Status; // ... complete payment }
public static byte[] CreateSigningKeyMaterial(string userSecretsId, string scheme, string issuer, int signingKeyLength = 32, bool reset = false) { // Create signing material and save to user secrets var newKeyMaterial = System.Security.Cryptography.RandomNumberGenerator.GetBytes(signingKeyLength); var secretsFilePath = PathHelper.GetSecretsPathFromSecretsId(userSecretsId); Directory.CreateDirectory(Path.GetDirectoryName(secretsFilePath)); JsonObject secrets = null; if (File.Exists(secretsFilePath)) { using var secretsFileStream = new FileStream(secretsFilePath, FileMode.Open, FileAccess.Read); if (secretsFileStream.Length > 0) { secrets = JsonSerializer.Deserialize <JsonObject>(secretsFileStream); } } secrets ??= new JsonObject(); var signkingKeysPropertyName = GetSigningKeyPropertyName(scheme); var shortId = Guid.NewGuid().ToString("N").Substring(0, 8); var key = new SigningKey(shortId, issuer, Convert.ToBase64String(newKeyMaterial), signingKeyLength); if (secrets.ContainsKey(signkingKeysPropertyName)) { var signingKeys = secrets[signkingKeysPropertyName].AsArray(); if (reset) { var toRemove = signingKeys.SingleOrDefault(key => key["Issuer"].GetValue <string>() == issuer); signingKeys.Remove(toRemove); } signingKeys.Add(key); } else { secrets.Add(signkingKeysPropertyName, JsonValue.Create(new[] { key })); } using var secretsWriteStream = new FileStream(secretsFilePath, FileMode.Create, FileAccess.Write); JsonSerializer.Serialize(secretsWriteStream, secrets); return(newKeyMaterial); }
private void addTokenInCookie(HttpClient httpClient, string username, string[] roles, string cookieDomain, IList <KeyValuePair <string, string> > claims, string secretKey, string audience, string issuer) { httpClient.DefaultRequestHeaders.Remove("Cookie"); var signingKey = SigningKey.GetSigningKey(secretKey); var options = new TokenProviderOptions { Audience = audience, Issuer = issuer, SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256), }; var jwtService = new JwtService(); JsonWebToken token; if (claims != null) { claims.Add(new KeyValuePair <string, string>("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", username)); token = jwtService.GenerateJsonWebToken(username, roles, options, claims.ToArray()); } else { token = jwtService.GenerateJsonWebToken(username, roles, options, new KeyValuePair <string, string>("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", username)); } var cookieOptions = new CookieOptions { Domain = cookieDomain, Expires = DateTimeOffset.UtcNow.AddHours(8).AddDays(1).AddMinutes(-5) }; var cookies = new List <string> { $"access_token={token.AccessToken}", $"username={username}", $"expires_in={token.ExpiresIn}" }; httpClient.DefaultRequestHeaders.Add("Cookie", string.Join(";", cookies)); }
private async Task <Address> InnerCreateVASPContractAsync( Address vaspContractCreator, VASPCode vaspCode, Address vaspContractOwner, Channels channels, TransportKey transportKey, MessageKey messageKey, SigningKey signingKey) { var contract = Web3.Eth.GetContract(ABI, RealAddress); var function = contract.GetFunction("createVASPContract"); var functionInput = new object[] { (byte[])vaspCode, (string)vaspContractOwner, (byte[])channels, (byte[])transportKey, (byte[])messageKey, (byte[])signingKey }; var receipt = await function.SendTransactionAndWaitForReceiptAsync ( @from : vaspContractCreator, gas : await function.EstimateGasAsync(functionInput), value : new HexBigInteger(0), receiptRequestCancellationToken : null, functionInput : functionInput ); return(Address.Parse ( receipt.Logs[5]["topics"][2] .ToString() .Replace ( "0x000000000000000000000000", "0x", System.StringComparison.OrdinalIgnoreCase ) )); }
protected override async Task ExecuteAsync(CancellationToken stoppingToken) { while (!stoppingToken.IsCancellationRequested) { try { _logger.LogInformation($"Worker running at {DateTime.Now}"); try { var key = SigningKey.Create(); var response = await SaveKey(key.PublicKey, stoppingToken); switch (response) { case KeyCreatedResponse createdResponse: key.KeyId = createdResponse.Id; _signatureKeyContainer.Key = key; break; case ProblemDetails p: throw new Exception($"{p.Status} {p.TitleProperty} {p.Detail}"); default: throw new Exception("unhandled error"); } await Task.Delay(TimeSpan.FromSeconds(_config.SignatureTtl - 30), stoppingToken); } catch (Exception ex) { _logger.LogError(ex, "failed to obtain signature key"); await Task.Delay(TimeSpan.FromSeconds(5)); } } catch (Exception e) { _logger.LogError(e, "caught exception"); await Task.Delay(TimeSpan.FromSeconds(5), stoppingToken); } } }
public void TestCalculateSignatureDifferentData() { var signingKey = new SigningKey("testKey"); var left = new SignableSpy(new List <string> { "Foo", "Bar" }); var right = new SignableSpy(new List <string> { "foo", "bar" }); Assert.AreNotEqual(left.GetCalculatedSignature(signingKey), right.GetCalculatedSignature(signingKey)); left = new SignableSpy(new List <string> { "foo ", "bar " }); right = new SignableSpy(new List <string> { "foo", "bar" }); Assert.AreNotEqual(left.GetCalculatedSignature(signingKey), right.GetCalculatedSignature(signingKey)); left = new SignableSpy(new List <string> { " foo", " bar" }); right = new SignableSpy(new List <string> { "foo", "bar" }); Assert.AreNotEqual(left.GetCalculatedSignature(signingKey), right.GetCalculatedSignature(signingKey)); left = new SignableSpy(new List <string> { "bar", "foo" }); right = new SignableSpy(new List <string> { "foo", "bar" }); Assert.AreNotEqual(left.GetCalculatedSignature(signingKey), right.GetCalculatedSignature(signingKey)); }