static void Main()
{
// This sample demonstrates how to validate a token that may come form different issuers.
// This is common if you have to support multiple Authorization Servers.
var keyIssuer1 = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
var keyIssuer2 = SymmetricJwk.FromBase64Url("9dobXhxMWH9PoLsKRdv1qp0bEqJm4YNd8JRaTxes8i4R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
var keyIssuer3 = SymmetricJwk.FromBase64Url("lh2TJcMdPyNLhfNp0nYLAFM_R0UEXVoZ9N7ife4ZT-A");
var policyMultiIssuer = new TokenValidationPolicyBuilder()
.RequireSignature("https://idp1.example.com/", keyIssuer1, SignatureAlgorithm.HS256)
.RequireSignature("https://idp2.example.com/", keyIssuer2, SignatureAlgorithm.HS512)
.RequireSignature("https://idp3.example.com/", keyIssuer3, SignatureAlgorithm.HS256)
.RequireAudience("F6964636C69656E745")
.Build();
var token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAzLmV4YW1wbGUuY29tLyIsImF1ZCI6IkY2OTY0NjM2QzY5NjU2RTc0NSJ9.a6RiTht8kyTDL9SZVX9kUye7dJL9YSZxJPbAyaaw3QE";
// Try to read the token with the different policies
if (Jwt.TryParse(token, policyMultiIssuer, out var jwt))
{
Console.WriteLine($"The token is issued by '{jwt.Payload["iss"].GetString()}':");
Console.WriteLine(jwt);
jwt.Dispose();
}
else
{
Console.WriteLine("Failed to read the token.");
Console.WriteLine(" Reason: " + jwt.Error.Status);
jwt.Dispose();
}
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor()
{
SigningKey = key,
Algorithm = SignatureAlgorithm.HmacSha256,
IssuedAt = DateTime.UtcNow,
ExpirationTime = DateTime.UtcNow.AddHours(1),
Issuer = "https://idp.example.com/",
Audience = "636C69656E745F6964"
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
var descriptor = new SecEventDescriptor(SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU"), SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
{ "iss", "https://client.example.com" },
{ "iat", EpochTime.UtcNow },
{ "jti", Guid.NewGuid().ToString("N") },
{ "aud", new[] { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } },
{ "events", new JsonObject
{
{ "urn:ietf:params:scim:event:create", new JsonObject
{
{ "ref", "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9" },
{ "attributes", new object[] { "id", "name", "userName", "password", "emails" } }
} }
} }
}
};
await _client.SendAuditTrailAsync(descriptor);
}
}
static async Task Main()
{
var client = new AuditTrailClient("https://example.com", "api", new TokenClientOptions {
});
var descriptor = new SecEventDescriptor(SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU"), SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
{ "iss", "https://client.example.com" },
{ "iat", EpochTime.UtcNow },
{ "jti", "4d3559ec67504aaba65d40b0363faad8" },
{ "aud", new[] { "https://scim.example.com/Feeds/98d52461fa5bbc879593b7754", "https://scim.example.com/Feeds/5d7604516b1d08641d7676ee7" } },
{ "events", new JsonObject
{
{ "urn:ietf:params:scim:event:create", new JsonObject
{
{ "ref", "https://scim.example.com/Users/44f6142df96bd6ab61e7521d9" },
{ "attributes", new object[] { "id", "name", "userName", "password", "emails" } }
} }
} }
}
};
var result = await client.SendAuditTrailAsync(descriptor);
Console.WriteLine(result.Status);
}
static void Main()
{
// Initializes the shared secret as a symmetric key of 256 bits
var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Defines the validation policy:
// - Require the issuer "https://idp.example.com/", with the predefined key, with the signature algorithm HS256
// - Require the audience "636C69656E745F6964"
var policy = new TokenValidationPolicyBuilder()
.RequireSignature("https://idp.example.com/", key, SignatureAlgorithm.HS256)
.RequireAudience("636C69656E745F6964")
.Build();
// Try to parse the JWT. Its return false
if (Jwt.TryParse("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vIiwiYXVkIjoiNjM2QzY5NjU2RTc0NUY2OTY0In0.YrrT1Ddp1ampsDd2GwYZoTz_bUnLt_h--f16wsWBedk", policy, out Jwt jwt))
{
Console.WriteLine("The token is " + jwt);
}
else
{
Console.WriteLine("Failed to read the token. Error: " + Environment.NewLine + jwt.Error);
}
// Do not forget to dispose the Jwt, or you may suffer of GC impacts
jwt.Dispose();
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var signatureKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a symmetric key for encryption
var decryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");
var policy = new TokenValidationPolicyBuilder()
.RequireSignature("https://idp.example.com/", signatureKey, SignatureAlgorithm.HS256)
.RequireAudience("636C69656E745F6964")
.WithDecryptionKey(decryptionKey)
.Build();
var result = Jwt.TryParse("eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZWFOTlpaMXBtREFXSWYzYkg3MFg2V3FfbldzUXhuMjFMUngza1daMG5MYyIsImN0eSI6IkpXVCJ9.PU18XXVByiJLE53zkg1m-SzjZXUdRYkl0X20JtsMKXW54RHn3fcK_w.Bu1SPUTuntwvPfwXTj1OhQ.OuCl09TjUMJk80GdY4n5r6HUnH21dWwT1BAbbvPJg75p_AfMvVNmaQ3dahrSmCkuCI5EF34ynE_qUBAuMH9bcplUWS9GDKJfGugEZgkciWORv5RzXvAAokpElpuaiV09SdBmaepi4FAXvTP4axJUWuOXt2MvjnlwbIXlVqUX9Lha1NnsseBLTjfCclhV0pQEKjnncqjuqTcxmqTqAsxZA1v8RJV_FbzBdVBWwQ-qrjYbsrqtsK13XazZEGwAHU7fJT1vlaBdlni6aTQIlwE7JuLA--6hRM9mr7NZ4SlihCFBLjW-DZ2QoQBd6XeFNGKMnNgUP0t6mYihPlmh1eC0BivPaTtCKf4CH6lrq42_17s.ajGQE7r5eAd9z8a-8mmq2g", policy, out var jwt);
if (result)
{
Console.WriteLine("The token is " + jwt);
}
else
{
Console.WriteLine("Failed to read the token. Reason: " + Environment.NewLine + jwt.Error.Status);
}
jwt.Dispose();
}
private static void ReadSymmetricKeyFromBase64Url()
{
// The SymmetricJwk.FromBase64Url method accept a Base64-URL encoded string as input
var b64SymmetricKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
b64SymmetricKey.Kid = "B64";
Console.WriteLine("JWK from Base64-URL:");
Console.WriteLine(b64SymmetricKey);
Console.WriteLine();
}
public async Task TryStoreToken_ValidToken_SinkOk_ReturnsSuccess()
{
var key = SymmetricJwk.FromBase64Url("YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE", false);
key.Kid = JsonEncodedText.Encode("key1");
var options = CreateOptions(key);
var service = new AuditTrailHubService(new TestEventSink(response: true), options);
var response = await service.TryStoreAuditTrail(new ReadOnlySequence <byte>(ValidToken), out var error);
Assert.True(response);
Assert.Null(error);
}
public async Task TryStoreToken_BadKey_ReturnsInvalidKey()
{
var key = SymmetricJwk.FromBase64Url(new string('b', 16));
key.Kid = JsonEncodedText.Encode("bad key");
var options = CreateOptions(key);
var service = new AuditTrailHubService(new TestEventSink(response: false), options);
var response = await service.TryStoreAuditTrail(new ReadOnlySequence <byte>(ValidToken), out var error);
Assert.False(response);
Assert.Equal(JsonEncodedText.Encode("invalid_key"), error !.Code);
Assert.Null(error.Description);
}
public async Task TryStoreToken_ValidToken_SinkDown_ReturnsErrorResponse()
{
var key = SymmetricJwk.FromBase64Url("YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE", false);
key.Kid = JsonEncodedText.Encode("key1");
var options = CreateOptions(key);
var service = new AuditTrailHubService(new TestEventSink(response: false), options);
var response = await service.TryStoreAuditTrail(new ReadOnlySequence <byte>(ValidToken), out var error);
Assert.False(response);
Assert.False(error !.Code.EncodedUtf8Bytes.IsEmpty);
Assert.Null(error.Description);
}
public void Rfc7516_Decrypt()
{
Jwk encryptionKey = SymmetricJwk.FromBase64Url("GawgguFyGrWKav7AX4VKUg");
string token = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.U0m_YmjN04DJvceFICbCVQ";
var policy = new TokenValidationPolicyBuilder()
.WithDecryptionKey(encryptionKey)
.IgnoreSignatureByDefault()
.Build();
var result = Jwt.TryParse(token, policy, out var jwt);
Assert.True(result);
Assert.Equal("Live long and prosper.", jwt.Plaintext);
jwt.Dispose();
}
static void Main()
{
// This sample demonstrates how to validate a token that may come form different issuers.
// This is common if you have to support multiple Authorization Servers.
var keyIssuer1 = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
var policyIssuer1 = new TokenValidationPolicyBuilder()
.RequireSignature(keyIssuer1, SignatureAlgorithm.HmacSha256)
.RequireAudience("636C69656E745F6964")
.RequireIssuer("https://idp1.example.com/")
.Build();
var keyIssuer2 = SymmetricJwk.FromBase64Url("9dobXhxMWH9PoLsKRdv1qp0bEqJm4YNd8JRaTxes8i4");
var policyIssuer2 = new TokenValidationPolicyBuilder()
.RequireSignature(keyIssuer2, SignatureAlgorithm.HmacSha256)
.RequireAudience("9656E745F6964636C6")
.RequireIssuer("https://idp2.example.com/")
.Build();
var keyIssuer3 = new SymmetricJwk("lh2TJcMdPyNLhfNp0nYLAFM_R0UEXVoZ9N7ife4ZT-A");
var policyIssuer3 = new TokenValidationPolicyBuilder()
.RequireSignature(keyIssuer3, SignatureAlgorithm.HmacSha256)
.RequireAudience("F6964636C69656E745")
.RequireIssuer("https://idp3.example.com/")
.Build();
var policies = new[] { policyIssuer1, policyIssuer2, policyIssuer3 };
var reader = new JwtReader();
var token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAzLmV4YW1wbGUuY29tLyIsImF1ZCI6IkY2OTY0NjM2QzY5NjU2RTc0NSJ9.a6RiTht8kyTDL9SZVX9kUye7dJL9YSZxJPbAyaaw3QE";
for (int i = 0; i < policies.Length; i++)
{
// Try to read the token with the different policies
var result = reader.TryReadToken(token, policies[i]);
if (result.Succedeed)
{
Console.WriteLine($"The token is issued by '{result.Token.Issuer}':");
Console.WriteLine(result.Token);
break;
}
Console.WriteLine($"Failed to read the token for the issuer '{policies[i].RequiredIssuer}'.");
Console.WriteLine(" Reason: " + result.Status);
}
}
static void Main()
{
// Creates a symmetric key for encryption
var encryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");
// Creates a JWE descriptor with all its properties
var descriptor = new PlaintextJweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
{
Payload = "Life long and prosper."
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
static void Main()
{
var key = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
var policy = new TokenValidationPolicyBuilder()
.RequireSignature(key, SignatureAlgorithm.HmacSha256)
.RequireAudience("636C69656E745F6964")
.RequireIssuer("https://idp.example.com/")
.Build();
var reader = new JwtReader();
var result = reader.TryReadToken("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDAwMDcyMDAsImlhdCI6MjAwMDAwNzIwMCwiaXNzIjoiaHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vIiwiYXVkIjoiNjM2QzY5NjU2RTc0NUY2OTY0In0.YrrT1Ddp1ampsDd2GwYZoTz_bUnLt_h--f16wsWBedk", policy);
if (result.Succedeed)
{
Console.WriteLine("The token is " + result.Token);
}
else
{
Console.WriteLine("Failed to read the token. Reason: " + Environment.NewLine + result.Status);
}
}
static void Main()
{
// Creates a symmetric key for encryption
var encryptionKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4T");
// Creates a JWE descriptor with all its properties
var payload = new byte[] { 76, 105, 102, 101, 32, 108, 111, 110, 103, 32, 97, 110, 100, 32, 112, 114, 111, 115, 112, 101, 114, 46 };
var descriptor = new BinaryJweDescriptor(encryptionKey, KeyManagementAlgorithm.A128KW, EncryptionAlgorithm.A128CbcHS256)
{
Payload = payload
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var signingKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a SecEvent descriptor with all its properties
var descriptor = new SecEventDescriptor(signingKey, SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Jti, "756E69717565206964656E746966696572" },
{ JwtClaimNames.Iat, 1508184845 },
{ JwtClaimNames.Aud, "636C69656E745F6964" },
{ SecEventClaimNames.Toe, EpochTime.UtcNow },
{ SecEventClaimNames.Txn, "6964656E74" },
{ SecEventClaimNames.Events, new JsonObject
{
new AccountDisabledSecEvent
{
{ SecEvent.SubjectAttribute, new EmailSubjectIdentifier("*****@*****.**") },
{ AccountDisabledSecEvent.ReasonAttribute, "hijacking" },
{ "custom_attribute", "hello world" }
}
} }
}
};
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public void ConfigureServices(IServiceCollection services)
{
var ecdsa = ECDsa.Create();
ecdsa.GenerateKey(ECCurve.NamedCurves.nistP256);
services.AddAuditTrailHub("636C69656E745F6964")
.RegisterClient(new AuditTrailHubRegistration("m2m", SignatureAlgorithm.HS256, SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU")))
.AddMongoDBStorage("mongodb://localhost")
.AddMongoDBMerkleTree(SupportedHashAlgorithm.Sha256, ecdsa.ExportParameters(true));
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(o =>
{
o.Authority = Configuration["authentication:authority"];
o.Audience = Configuration["authentication:audience"];
});
}
static void Main()
{
// Creates a symmetric key defined for the 'HS256' algorithm
var signingKey = SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8_XU");
// Creates a JWS descriptor with all its properties
var descriptor = new JwsDescriptor(signingKey, SignatureAlgorithm.HS256)
{
Payload = new JwtPayload
{
// You can use predefined claims
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" },
// Or use custom claims
{ "value", "ABCEDF" }
}
};
// Adds another claim
descriptor.Payload.Add("ClaimName", new JsonObject
{
{ "stuff1", "xyz789" },
{ "stuff2", "abc123" },
{
"subObject", new JsonObject
{
{ "prop1", "abc123" },
{ "prop2", "xyz789" }
}
},
{
"Modules", new []
{
new JsonObject
{
{ "name", "module1" },
{ "prop1", "abc123" },
{ "prop2", "xyz789" }
},
new JsonObject
{
{ "name", "module2" },
{ "prop1", "abc123" },
{ "prop2", "xyz789" }
}
}
}
});
// Adds anonymous object
descriptor.Payload.Add("ClaimName_anonymous_type", new
{
stuff1 = "xyz789",
stuff2 = "abc123",
subObject = new
{
prop1 = "abc123",
prop2 = "xyz789"
},
Modules = new[]
{
new {
name = "module1",
prop1 = "abc123",
prop2 = "xyz789"
},
new {
name = "module2",
prop1 = "abc123",
prop2 = "xyz789"
}
}
});
// Generates the UTF-8 string representation of the JWT
var writer = new JwtWriter();
var token = writer.WriteTokenString(descriptor);
Console.WriteLine("The JWT is:");
Console.WriteLine(descriptor);
Console.WriteLine();
Console.WriteLine("Its compact form is:");
Console.WriteLine(token);
}
public SymmetricJwk CreateEncryptionKey()
{
return(SymmetricJwk.FromBase64Url("vXOB3TzeAzoTy2gaiiraLA", KeyManagementAlgorithm.A128KW));
}
public SymmetricJwk CreateSigningKey()
{
return(SymmetricJwk.FromBase64Url("1ZwTfcBMuxcCltXX5b7rVw", SignatureAlgorithm.HS256));
}
private void NewConnectionHandler()
{
var server = new TcpListener(ip, port);
server.Start();
var policy = new TokenValidationPolicyBuilder()
.RequireSignature(SymmetricJwk.FromBase64Url(confWebSocket.JwsKey), SignatureAlgorithm.HmacSha512)
.RequireIssuer("Leierkasten Backend")
.Build();
var reader = new JwtReader();
while (running)
{
TcpClient client;
if (server.Pending())
{
client = server.AcceptTcpClient();
}
else
{
Thread.Sleep(100);
continue;
}
var stream = client.GetStream();
stream.WriteTimeout = 10;
while (client.Available < 3)
{
Thread.Sleep(100);
}
var bytes = new byte[client.Available];
stream.Read(bytes, 0, bytes.Length);
// This is a textual request, decode it
var request = Encoding.UTF8.GetString(bytes);
// Check if this is a websocket handshake. If no, skip.
if (!new Regex("^GET").IsMatch(request))
{
Log.Warn("Denied websocket because client used wrong method.");
stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
continue;
}
const string eol = "\r\n";
const string guid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
// HTML headers are case insensitive
var match = new Regex("Sec-WebSocket-Key: (.*)", RegexOptions.IgnoreCase).Match(request);
if (!match.Success)
{
Log.Warn("Sec-WebSocket-Key was not found in request.");
Log.Trace("Request was (base64-encoded): " + Convert.ToBase64String(Encoding.ASCII.GetBytes(request)));
stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
continue;
}
if (match.Groups.Count != 2)
{
InvalidMatchNumber(match, stream);
continue;
}
string key = match.Groups[1].Value.Trim();
byte[] hashedAcceptKey = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(key + guid));
string base64AcceptKey = Convert.ToBase64String(hashedAcceptKey);
Log.Trace("Received Sec-WebSocket-Key: " + key);
if (Log.IsTraceEnabled)
{
StringBuilder hex = new StringBuilder(hashedAcceptKey.Length * 2);
foreach (byte b in hashedAcceptKey)
{
hex.AppendFormat("{0:x2}", b);
}
Log.Trace("Hashed Sec-WebSocket-Key: " + hex);
}
Log.Trace("Base64 if Sec-WebSocket-Key Hash: " + base64AcceptKey);
string responseStr = "HTTP/1.1 101 Switching Protocols" + eol
+ "Connection: Upgrade" + eol
+ "Upgrade: websocket" + eol
+ "Sec-WebSocket-Accept: " + base64AcceptKey + eol + eol;
byte[] response = Encoding.UTF8.GetBytes(responseStr);
// Get cookie
match = new Regex("lk-session=([^;\r\n]*)", RegexOptions.IgnoreCase).Match(request);
if (!match.Success)
{
Log.Warn("Denied websocket because session cookie is missing.");
stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
continue;
}
if (match.Groups.Count != 2)
{
InvalidMatchNumber(match, stream);
continue;
}
// Validate session cookie of user
var sessionCookie = match.Groups[1].ToString();
var result = reader.TryReadToken(sessionCookie, policy);
if (!result.Succedeed)
{
Log.Warn($"Denied websocket because JWS token could not be validated: {result.ErrorHeader}, {result.ErrorClaim}.");
stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
continue;
}
if (result.Token?.Payload == null)
{
Log.Warn("Denied websocket because JWS token payload is empty.");
stream.Write(AccessDeniedResponse, 0, AccessDeniedResponse.Length);
continue;
}
var uid = JsonConvert.DeserializeObject <Dictionary <string, string> >(result.Token.Payload.ToString())["uid"];
// Send handshake response
stream.Write(response, 0, response.Length);
// Start handler for the connection
var handler = new WebSocketConnection(client, uid);
if (!ConnectedClients.TryAdd(clientCounter++, handler))
{
handler.Stop();
}
else
{
OnClientConnected?.Invoke(this, new ClientConnectedEventArgs(handler));
}
}
server.Stop();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuditTrailHub("636C69656E745F6964")
.RegisterClient(new AuditTrailHubRegistration("m2m", SignatureAlgorithm.HS256, SymmetricJwk.FromBase64Url("R9MyWaEoyiMYViVWo8Fk4TUGWiSoaW6U1nOqXri8ZXU")))
.AddFileSystemStorage();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(o =>
{
o.Authority = Configuration["authentication:authority"];
o.Audience = Configuration["authentication:audience"];
});
}