public Task <TokenValidationResult> ValidateAccessTokenAsync(string token, string expectedScope = null)
{
// this key should store in the KeyVault service, then we can securely access in anywhere
var key = "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=".UrlSafe64Decode();
var jwt64Token = SimpleFernet.Decrypt(key, token, out var timestamp);
var jwtToken = jwt64Token.UrlSafe64Encode().FromBase64String();
if (string.IsNullOrEmpty(jwtToken))
{
return(Task.FromResult(new TokenValidationResult
{
IsError = true
}));
}
var result = new TokenValidationResult
{
IsError = false,
Claims = new List <Claim>
{
new Claim(JwtClaimTypes.Scope, jwtToken)
}
};
return(Task.FromResult(result));
}
public static string Decrypt(string encrypted, string key)
{
var keyBytes = key.UrlSafe64Decode();
var decryptedBytes = SimpleFernet.Decrypt(keyBytes, encrypted, out DateTime _);
var decrypted = decryptedBytes.UrlSafe64Encode().FromBase64String().Replace("\0", "");
return(decrypted);
}
public static (string encryptedPassword, string key) Encrypt(string password)
{
byte[] keyBytes = SimpleFernet.GenerateKey().UrlSafe64Decode();
var passwordBytes = System.Text.Encoding.Unicode.GetBytes(password);
string encrypted = SimpleFernet.Encrypt(keyBytes, passwordBytes);
string key = keyBytes.UrlSafe64Encode();
return(encrypted, key);
}
protected override Task <string> CreateJwtAsync(JwtSecurityToken jwt)
{
// this is just for demo so that we will put the required scope into the fernet token
var jwtToken = "api1";
var jwt64Token = jwtToken.ToBase64String();
// this key should store in the KeyVault service, then we can securely access in anywhere
var key = "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=".UrlSafe64Decode();
var fernetToken = SimpleFernet.Encrypt(key, jwt64Token.UrlSafe64Decode());
return(Task.FromResult(fernetToken));
}
public void CanGenerateFernet()
{
// Arrange
var data = JsonData.DeserializeObject <FernetTokenData>();
var src64 = data.Src.ToBase64String();
// Act
var encoded = SimpleFernet.Encrypt(data.Secret.UrlSafe64Decode(), src64.UrlSafe64Decode(), data.Now, data.Iv);
// Assert
Assert.Equal(encoded, data.Token);
}
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey)
{
var secretBytes = secretKey?.GetSecretBytes();
try
{
return(SimpleFernet.Encrypt(secretBytes, textBytes));
}
finally
{
SecretKeyFactory.ShuffleSecretKey(secretBytes);
}
}
public void CanEncodeDecode()
{
// Arrange
var key = SimpleFernet.GenerateKey().UrlSafe64Decode();
var src = "hello";
var src64 = src.ToBase64String();
// Act
var token = SimpleFernet.Encrypt(key, src64.UrlSafe64Decode());
var decoded64 = SimpleFernet.Decrypt(key, token, out var timestamp);
var decoded = decoded64.UrlSafe64Encode().FromBase64String();
// Assert
Assert.Equal(src, decoded);
}
public void CanVerifyFernetToken()
{
// Arrange
var data = JsonData.DeserializeObject <FernetTokenData>();
// Act
var resultByte =
SimpleFernet.Decrypt(
data.Secret.UrlSafe64Decode(),
data.Token,
out var timestamp);
var result = resultByte.UrlSafe64Encode().FromBase64String();
// Assert
Assert.Equal(result, data.Src);
}
public void CanTestInvalidFernetToken()
{
// Arrange
var data = JsonData.DeserializeObject <List <FernetTokenData> >();
// Act
foreach (var fernetToken in data)
{
// Assert
Assert.Throws <FernetException>(() =>
{
var resultByte = SimpleFernet.Decrypt(
fernetToken.Secret.UrlSafe64Decode(),
fernetToken.Token,
out var timestamp,
fernetToken.TtlSec);
});
}
}
