Skip to content

Instantly share code, notes, and snippets.

@damithg

damithg/sign-token.txt

Created November 20, 2019 11:38
Show Gist options
  • Save damithg/1c781d100f1981073e3923722e5a4ade to your computer and use it in GitHub Desktop.
Save damithg/1c781d100f1981073e3923722e5a4ade to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sign-token.txt
using System;
using System.IO;
using System.Security.Cryptography;
using FluentAssertions;
using Jose;
using JWT.Serializers;
using JwtTest.JwtToken;
using Newtonsoft.Json;
using NUnit.Framework;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
namespace JwtTest
{
public class TestUsingJoseJwt
{
public string Identifier { get; set; }
public string Nonce { get; set; }
public JsonNetSerializer JsonNetSerializer { get; set; }
[SetUp]
public void SetupTest()
{
Identifier = Guid.NewGuid().ToString();
Nonce = Guid.NewGuid().ToString();
JsonNetSerializer = new JsonNetSerializer();
}
[Test]
public void CanGenerateSignedJwtUsingJose()
{
// Get the private/ public keys
var privateKeyTexts = File.ReadAllText("FULL PATH TO MY PRIVATE KEY");
var publicKeyTexts = File.ReadAllText("FULL PATH TO MY PUBLIC KEY");
var signedClaim = CreateJwtToken("AAC_1c0b51b0-d673-4872-898e-ce9d6d3f0482", Identifier, Nonce);
var token = CreateToken(signedClaim, privateKeyTexts);
var payload = DecodeToken(token, publicKeyTexts);
var expected = JsonNetSerializer.Serialize(signedClaim);
payload.Should()
.Be(expected, "provided object should be correctly serialized in the token");
}
public static string CreateToken(SignedClaim signedClaim, string privateRsaKey)
{
RSAParameters rsaParams;
using (var tr = new StringReader(privateRsaKey))
{
var pemReader = new PemReader(tr);
var keyPair = pemReader.ReadObject() as AsymmetricCipherKeyPair;
if (keyPair == null)
{
throw new Exception("Could not read RSA private key");
}
var privateRsaParams = keyPair.Private as RsaPrivateCrtKeyParameters;
rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
//Dictionary<string, object> payload = claims.ToDictionary(k => k.Type, v => (object)v.Value);
var payload = JsonConvert.SerializeObject(signedClaim);
return Jose.JWT.Encode(payload, rsa, JwsAlgorithm.RS256);
}
}
public string DecodeToken(string token, string publicRsaKey)
{
RSAParameters rsaParams;
using (var tr = new StringReader(publicRsaKey))
{
var pemReader = new PemReader(tr);
var publicKeyParams = pemReader.ReadObject() as RsaKeyParameters;
if (publicKeyParams == null)
{
throw new Exception("Could not read RSA public key");
}
rsaParams = DotNetUtilities.ToRSAParameters(publicKeyParams);
}
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.ImportParameters(rsaParams);
// This will throw if the signature is invalid
return Jose.JWT.Decode(token, rsa, JwsAlgorithm.RS256);
}
}
public SignedClaim CreateJwtToken(string consentId, string identifier, string nonce)
{
return new SignedClaim
{
Aud = "https://sandbox.api.barclays",
Scope = "openid accounts",
Iss = "bdn-8Zpkl9dCbN2tArm2TrgretrtKSexT2XxQ26uL8B",
ResponseType = "code id_token",
RedirectUri = "TEST_REDIRECT_URL",
State = identifier,
Exp = DateTimeOffset.UtcNow.AddMinutes(10).ToUnixTimeSeconds(),
Nonce = nonce,
ClientId = "bdn-8Zpkl9dCbN2tAeerertreterexT2XxQ26uL8B",
Claims = new Claims
{
IdToken = new IdToken
{
Acr = new Acr
{
Essential = true,
Value = "urn:openbanking:psd2:sca",
},
OpenbankingIntentId = new Acr
{
Essential = true,
Value = consentId,
},
},
Userinfo = new Userinfo
{
OpenbankingIntentId = new Acr
{
Value = consentId,
Essential = true,
},
},
},
};
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment