public async Task PersistsSigningKey() { var cred1 = await signingStore.GetSigningCredentialsAsync(); var cred2 = await CreateSut().GetSigningCredentialsAsync(); Assert.Equal(cred1.Kid, cred2.Kid); Assert.Equal(Time(14), scd.CacheExpiresAt); }
private async Task <SecurityToken> CreateSecurityTokenAsync(SignInValidationResult result, ClaimsIdentity outgoingSubject) { var credentials = await _keys.GetSigningCredentialsAsync().ConfigureAwait(false); var x509Key = new X509SecurityKey(credentials.Key.GetX509Certificate(_keys)); var relyingParty = result.RelyingParty; var descriptor = new SecurityTokenDescriptor { Audience = result.Client.ClientId, IssuedAt = DateTime.UtcNow, NotBefore = DateTime.UtcNow, Expires = DateTime.UtcNow.AddSeconds(result.Client.IdentityTokenLifetime), SigningCredentials = new SigningCredentials(x509Key, relyingParty.SignatureAlgorithm, relyingParty.DigestAlgorithm), Subject = outgoingSubject, #if DUENDE Issuer = await _issuerNameService.GetCurrentAsync().ConfigureAwait(false), #else Issuer = _contextAccessor.HttpContext.GetIdentityServerIssuerUri(), #endif }; if (result.RelyingParty.EncryptionCertificate != null) { descriptor.EncryptingCredentials = new X509EncryptingCredentials(result.RelyingParty.EncryptionCertificate); } var handler = CreateTokenHandler(result.RelyingParty.TokenType); return(handler.CreateToken(descriptor)); }
public async Task <SigningCredentials> GetSigningCredentialsAsync() { if (_signingCredential != null) { return(await _signingCredential.GetSigningCredentialsAsync()); } return(null); }
public async Task <IActionResult> GetPublicKey() { var securityKey = (await _signingCredentialStore.GetSigningCredentialsAsync()).Key; if (securityKey is X509SecurityKey x509SecurityKey) { var publickey = x509SecurityKey.Certificate.ExportRSAPKCS8PublicKey(); return(Content(publickey)); } return(NoContent()); }
/// <summary> /// Generates the asynchronous. /// </summary> /// <param name="wsfedEndpoint">The wsfed endpoint.</param> /// <returns></returns> public async Task <WsFederationConfiguration> GenerateAsync(string wsfedEndpoint) { var credentials = await _keys.GetSigningCredentialsAsync().ConfigureAwait(false); var key = credentials.Key; var keyInfo = new KeyInfo(key.GetX509Certificate(_keys)); var issuer = _contextAccessor.HttpContext.GetIdentityServerIssuerUri(); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest); var config = new WsFederationConfiguration() { Issuer = issuer, TokenEndpoint = wsfedEndpoint, SigningCredentials = signingCredentials, }; config.SigningKeys.Add(key); config.KeyInfos.Add(keyInfo); return(config); }
/// <summary> /// Creates the JWT header /// </summary> /// <param name="token">The token.</param> /// <param name="credential">The credentials.</param> /// <returns>The JWT header</returns> protected virtual async Task <JwtHeader> CreateHeaderAsync(Token token) { var credential = await _credentialStore.GetSigningCredentialsAsync(); if (credential == null) { throw new InvalidOperationException("No signing credential is configured. Can't create JWT token"); } var header = new JwtHeader(credential); // emit x5t claim for backwards compatibility with v4 of MS JWT library var x509key = credential.Key as X509SecurityKey; if (x509key != null) { header.Add("x5t", Base64Url.Encode(x509key.Certificate.GetCertHash())); } return(header); }