public bool IsValid(AssertionModel assertionModel) { try { if (!_decodedJwtValidator.IsIShareCompliant(CreateTokenValidationArgs(assertionModel))) { return(false); } if (!IsRootCertificateTrusted(CertificateUtilities.FromBase64Der(assertionModel.Certificates.Last()))) { _logger.LogWarning("SO root certificate is untrusted."); return(false); } var x509Certificate = CertificateUtilities.FromBase64Der(assertionModel.Certificates.First()); var additionalCertificates = assertionModel.Certificates.Skip(1) .Select(CertificateUtilities.FromBase64Der) .ToArray(); return(IsChainValid(x509Certificate, additionalCertificates) && DoesBelongToSchemeOwner(x509Certificate)); } catch (Exception e) { _logger.LogError(e, "Error occurred while validating token response retrieved from Scheme Owner."); return(false); } }
public async Task <bool> IsValidAsync( TokenValidationArgs args, string schemeOwnerAccessToken, CancellationToken token = default) { if (!_decodedJwtValidator.IsIShareCompliant(args)) { return(false); } try { var validationArgs = new CertificateValidationArgs( CertificateUtilities.FromBase64Der(args.AssertionModel.Certificates.First()), args.Issuer, args.AssertionModel.Certificates.Skip(1).Select(CertificateUtilities.FromBase64Der)); return(await _jwtCertificateValidator.IsValidAsync(validationArgs, schemeOwnerAccessToken, token)); } catch (Exception e) { _logger.LogError(e, "Couldn't create proper CertificateValidationArgs. Certificates are corrupted."); return(false); } }
public void IsIShareCompliant_KeysNotFound_ReturnsFalse() { var assertionModel = new AssertionModel(new string[0], null, null); var args = new TokenValidationArgs(assertionModel, "issuer", "audience"); var result = _sut.IsIShareCompliant(args); result.Should().BeFalse(); }