protected static string SerializeToken(SimpleWebToken swt, SecurityTokenResolver tokenResolver)
{
StringBuilder builder = new StringBuilder(64);
builder.Append("Id=");
builder.Append(swt.Id);
builder.Append('&');
builder.Append(IssuerLabel);
builder.Append('=');
builder.Append(swt.Issuer);
if (swt.Parameters.Count > 0)
{
builder.Append('&');
foreach (string key in swt.Parameters.AllKeys)
{
builder.Append(key);
builder.Append('=');
builder.Append(swt.Parameters[key]);
builder.Append('&');
}
}
else
{
builder.Append('&');
}
builder.Append(ExpiresOnLabel);
builder.Append('=');
builder.Append(GetExpiresOn(swt.TokenValidity));
if (!string.IsNullOrEmpty(swt.Audience))
{
builder.Append('&');
builder.Append(AudienceLabel);
builder.Append('=');
builder.Append(swt.Audience);
}
builder.Append('&');
builder.Append(SignatureAlgorithmLabel);
builder.Append('=');
builder.Append(SignatureAlgorithm);
var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(swt));
InMemorySymmetricSecurityKey securityKey;
try
{
securityKey = (InMemorySymmetricSecurityKey)tokenResolver.ResolveSecurityKey(keyIdentifierClause);
}
catch (InvalidOperationException)
{
throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, "Simmetryc key was not found for the key identifier clause: Keys='{0}', Values='{1}'", string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()), string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray())));
}
string signature = GenerateSignature(builder.ToString(), securityKey.GetSymmetricKey());
builder.Append("&" + SignatureLabel + "=");
builder.Append(signature);
return(builder.ToString());
}
protected static string SerializeToken(SimpleWebToken swt, SecurityTokenResolver tokenResolver)
{
StringBuilder builder = new StringBuilder(64);
builder.Append("Id=");
builder.Append(swt.Id);
builder.Append('&');
builder.Append(IssuerLabel);
builder.Append('=');
builder.Append(swt.Issuer);
if (swt.Parameters.Count > 0)
{
builder.Append('&');
foreach (string key in swt.Parameters.AllKeys)
{
builder.Append(key);
builder.Append('=');
builder.Append(swt.Parameters[key]);
builder.Append('&');
}
}
else
{
builder.Append('&');
}
builder.Append(ExpiresOnLabel);
builder.Append('=');
builder.Append(GetExpiresOn(swt.TokenValidity));
if (!string.IsNullOrEmpty(swt.Audience))
{
builder.Append('&');
builder.Append(AudienceLabel);
builder.Append('=');
builder.Append(swt.Audience);
}
builder.Append('&');
builder.Append(SignatureAlgorithmLabel);
builder.Append('=');
builder.Append(SignatureAlgorithm);
var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(swt));
InMemorySymmetricSecurityKey securityKey;
try
{
securityKey = (InMemorySymmetricSecurityKey)tokenResolver.ResolveSecurityKey(keyIdentifierClause);
}
catch (InvalidOperationException)
{
throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, "Simmetryc key was not found for the key identifier clause: Keys='{0}', Values='{1}'", string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()), string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray())));
}
string signature = GenerateSignature(builder.ToString(), securityKey.GetSymmetricKey());
builder.Append("&" + SignatureLabel + "=");
builder.Append(signature);
return builder.ToString();
}
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token is null");
}
if (this.SecurityTokenResolver == null)
{
throw new InvalidOperationException("SecurityTokenResolver is not configured");
}
if (this.IssuerNameRegistry == null)
{
throw new InvalidOperationException("IssuerNameRegistry is not configured");
}
if (this.AudienceRestriction == null)
{
throw new InvalidOperationException("AudienceRestriction is not configured");
}
SimpleWebToken accessToken = token as SimpleWebToken;
if (accessToken == null)
{
throw new ArgumentNullException("This handler expects a SimpleWebToken");
}
var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(accessToken));
InMemorySymmetricSecurityKey securityKey;
try
{
securityKey = (InMemorySymmetricSecurityKey)this.SecurityTokenResolver.ResolveSecurityKey(keyIdentifierClause);
}
catch (InvalidOperationException)
{
throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, "Simmetryc key was not found for the key identifier clause: Keys='{0}', Values='{1}'", string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()), string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray())));
}
if (!this.IsValidSignature(accessToken, securityKey.GetSymmetricKey()))
{
throw new SecurityTokenValidationException("Signature is invalid");
}
if (this.IsExpired(accessToken))
{
throw new SecurityTokenException(string.Format("Token has been expired for {0} seconds already", (DateTime.UtcNow - accessToken.ValidTo).TotalSeconds));
}
string issuerName;
if (!this.IsIssuerTrusted(accessToken, out issuerName))
{
throw new SecurityTokenException(string.Format("The Issuer {0} is not trusted", accessToken.Issuer));
}
if (!this.IsAudienceTrusted(accessToken))
{
throw new SecurityTokenException(string.Format("The audience {0} of the token is not trusted", accessToken.Audience));
}
var identity = this.CreateClaimsIdentity(accessToken.Parameters, issuerName);
return(new ClaimsIdentityCollection(new IClaimsIdentity[] { identity }));
}
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token is null");
}
if (this.SecurityTokenResolver == null)
{
throw new InvalidOperationException("SecurityTokenResolver is not configured");
}
if (this.IssuerNameRegistry == null)
{
throw new InvalidOperationException("IssuerNameRegistry is not configured");
}
if (this.AudienceRestriction == null)
{
throw new InvalidOperationException("AudienceRestriction is not configured");
}
SimpleWebToken accessToken = token as SimpleWebToken;
if (accessToken == null)
{
throw new ArgumentNullException("This handler expects a SimpleWebToken");
}
var keyIdentifierClause = new DictionaryBasedKeyIdentifierClause(ToDictionary(accessToken));
InMemorySymmetricSecurityKey securityKey;
try
{
securityKey = (InMemorySymmetricSecurityKey)this.SecurityTokenResolver.ResolveSecurityKey(keyIdentifierClause);
}
catch (InvalidOperationException)
{
throw new SecurityTokenValidationException(string.Format(
CultureInfo.InvariantCulture,
"Symmetric key was not found for the key identifier clause: Keys='{0}', Values='{1}'",
string.Join(",", keyIdentifierClause.Dictionary.Keys.ToArray()),
string.Join(",", keyIdentifierClause.Dictionary.Values.ToArray())));
}
if (!this.IsValidSignature(accessToken, securityKey.GetSymmetricKey()))
{
throw new SecurityTokenValidationException("Signature is invalid");
}
if (this.IsExpired(accessToken))
{
throw new SecurityTokenExpirationException(
string.Format("The token is expired",
(DateTime.UtcNow - accessToken.ValidTo).TotalSeconds));
}
string issuerName;
if (!this.IsIssuerTrusted(accessToken, out issuerName))
{
throw new SecurityTokenException(string.Format("The Issuer {0} is not trusted", accessToken.Issuer));
}
if (!this.IsAudienceTrusted(accessToken))
{
throw new SecurityTokenException(string.Format("The audience {0} of the token is not trusted", accessToken.Audience));
}
var identity = this.CreateClaimsIdentity(accessToken.Parameters, issuerName);
return new ClaimsIdentityCollection(new IClaimsIdentity[] { identity });
}