| public Sign ( IClientAssertionCertificate credential ) : ClientAssertion | ||
| credential | IClientAssertionCertificate | |
| Результат | ClientAssertion | |
public IDictionary <string, string> ToParameters()
{
IDictionary <string, string> parameters = new Dictionary <string, string>();
if (this.ClientId != null)
{
parameters[OAuth2Parameter.ClientId] = this.ClientId;
}
if (this.Credential != null)
{
if (!string.IsNullOrEmpty(this.Credential.Secret))
{
parameters[OAuth2Parameter.ClientSecret] = this.Credential.Secret;
}
else
{
ClientAssertion clientAssertion = this.Credential.ClientAssertion;
if (clientAssertion == null || this.Credential.ValidTo != 0)
{
bool assertionNearExpiry = (this.Credential.ValidTo <=
JsonWebToken.ConvertToTimeT(DateTime.UtcNow +
TimeSpan.FromMinutes(
Constants.ExpirationMarginInMinutes)));
if (assertionNearExpiry)
{
JsonWebToken jwtToken = new JsonWebToken(this.ClientId,
this.Authority.SelfSignedJwtAudience);
clientAssertion = jwtToken.Sign(this.Credential.Certificate);
this.Credential.ValidTo = jwtToken.Payload.ValidTo;
this.Credential.ClientAssertion = clientAssertion;
}
}
parameters[OAuth2Parameter.ClientAssertionType] = clientAssertion.AssertionType;
parameters[OAuth2Parameter.ClientAssertion] = clientAssertion.Assertion;
}
}
else if (this.Assertion != null)
{
parameters[OAuth2Parameter.ClientAssertionType] = this.Assertion.AssertionType;
parameters[OAuth2Parameter.ClientAssertion] = this.Assertion.Assertion;
}
return(parameters);
}
public void AddConfidentialClientParameters(
OAuth2Client oAuth2Client,
ICoreLogger logger,
ICryptographyManager cryptographyManager,
string clientId,
Authority authority,
bool sendX5C)
{
using (logger.LogMethodDuration())
{
switch (AuthenticationType)
{
case ConfidentialClientAuthenticationType.ClientCertificate:
string tokenEndpoint = authority.GetTokenEndpoint();
var jwtToken2 = new JsonWebToken(
cryptographyManager,
clientId,
tokenEndpoint);
string assertion2 = jwtToken2.Sign(this, sendX5C);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion2);
break;
case ConfidentialClientAuthenticationType.ClientCertificateWithClaims:
tokenEndpoint = authority.GetTokenEndpoint();
var jwtToken = new JsonWebToken(
cryptographyManager,
clientId,
tokenEndpoint,
ClaimsToSign,
AppendDefaultClaims);
string assertion = jwtToken.Sign(this, sendX5C);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion);
break;
case ConfidentialClientAuthenticationType.ClientSecret:
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientSecret, Secret);
break;
case ConfidentialClientAuthenticationType.SignedClientAssertion:
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, SignedAssertion);
break;
case ConfidentialClientAuthenticationType.SignedClientAssertionDelegate:
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, SignedAssertionDelegate.Invoke());
break;
default:
throw new NotImplementedException();
}
}
}
public void AddToParameters(IDictionary<string, string> parameters)
{
if (this.ClientId != null)
{
parameters[OAuthParameter.ClientId] = this.ClientId;
}
if (this.Credential != null)
{
if (!string.IsNullOrEmpty(this.Credential.Secret))
{
parameters[OAuthParameter.ClientSecret] = this.Credential.Secret;
}
else
{
ClientAssertion clientAssertion = this.Credential.ClientAssertion;
if (clientAssertion == null || this.Credential.ValidTo != 0)
{
bool assertionNearExpiry = (this.Credential.ValidTo <=
JsonWebToken.ConvertToTimeT(DateTime.UtcNow +
TimeSpan.FromMinutes(
Constant.ExpirationMarginInMinutes)));
if (assertionNearExpiry)
{
JsonWebToken jwtToken = new JsonWebToken(this.ClientId, this.Authenticator.SelfSignedJwtAudience);
clientAssertion = jwtToken.Sign(this.Credential.Certificate);
this.Credential.ValidTo = jwtToken.Payload.ValidTo;
this.Credential.ClientAssertion = clientAssertion;
}
}
parameters[OAuthParameter.ClientAssertionType] = clientAssertion.AssertionType;
parameters[OAuthParameter.ClientAssertion] = clientAssertion.Assertion;
}
}
else if (this.Assertion != null)
{
parameters[OAuthParameter.ClientAssertionType] = this.Assertion.AssertionType;
parameters[OAuthParameter.ClientAssertion] = this.Assertion.Assertion;
}
}