public Task <ClaimsPrincipal> ValidateAssertionAsync(
RFC7523RequestModel request,
UserDeviceCredentialDto userDeviceCredential,
SigningCredentials signingCredentials)
{
var validator = new RFC7523AssertionValidator(userDeviceCredential);
var tokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = signingCredentials.Key,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
IssuerValidator = validator.ValidateIssuer,
ValidateAudience = true,
AudienceValidator = validator.ValidateAudience,
RequireSignedTokens = true,
RequireExpirationTime = true
};
var handler = new JwtSecurityTokenHandler();
var result = handler.ValidateToken(request.Assertion, tokenValidationParameters, out var _);
return(Task.FromResult(result));
}
public Task <SigningCredentials> CreateSigningCredentialsAsync(UserDeviceCredentialDto userDeviceCredential)
{
var rsaParameters = new RSAParameters
{
Exponent = Convert.FromBase64String(userDeviceCredential.Exponent),
Modulus = Convert.FromBase64String(userDeviceCredential.Modulus)
};
var key = new RsaSecurityKey(rsaParameters)
{
KeyId = userDeviceCredential.UserDeviceCredentialId.ToString("D")
};
var signingCredentials = new SigningCredentials(key, "RS256");
return(Task.FromResult(signingCredentials));
}
public Task <UserDeviceCredentialDto> CreateAsync(UserDeviceCredentialDto userDeviceCredentialDto)
{
Database.Add(userDeviceCredentialDto);
return(Task.FromResult(userDeviceCredentialDto));
}
internal RFC7523AssertionValidator(UserDeviceCredentialDto userDeviceCredential)
{
this.userDeviceCredential = userDeviceCredential;
}
