Created
November 20, 2019 11:38
-
-
Save damithg/1c781d100f1981073e3923722e5a4ade to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Security.Cryptography; | |
using FluentAssertions; | |
using Jose; | |
using JWT.Serializers; | |
using JwtTest.JwtToken; | |
using Newtonsoft.Json; | |
using NUnit.Framework; | |
using Org.BouncyCastle.Crypto; | |
using Org.BouncyCastle.Crypto.Parameters; | |
using Org.BouncyCastle.OpenSsl; | |
using Org.BouncyCastle.Security; | |
namespace JwtTest | |
{ | |
public class TestUsingJoseJwt | |
{ | |
public string Identifier { get; set; } | |
public string Nonce { get; set; } | |
public JsonNetSerializer JsonNetSerializer { get; set; } | |
[SetUp] | |
public void SetupTest() | |
{ | |
Identifier = Guid.NewGuid().ToString(); | |
Nonce = Guid.NewGuid().ToString(); | |
JsonNetSerializer = new JsonNetSerializer(); | |
} | |
[Test] | |
public void CanGenerateSignedJwtUsingJose() | |
{ | |
// Get the private/ public keys | |
var privateKeyTexts = File.ReadAllText("FULL PATH TO MY PRIVATE KEY"); | |
var publicKeyTexts = File.ReadAllText("FULL PATH TO MY PUBLIC KEY"); | |
var signedClaim = CreateJwtToken("AAC_1c0b51b0-d673-4872-898e-ce9d6d3f0482", Identifier, Nonce); | |
var token = CreateToken(signedClaim, privateKeyTexts); | |
var payload = DecodeToken(token, publicKeyTexts); | |
var expected = JsonNetSerializer.Serialize(signedClaim); | |
payload.Should() | |
.Be(expected, "provided object should be correctly serialized in the token"); | |
} | |
public static string CreateToken(SignedClaim signedClaim, string privateRsaKey) | |
{ | |
RSAParameters rsaParams; | |
using (var tr = new StringReader(privateRsaKey)) | |
{ | |
var pemReader = new PemReader(tr); | |
var keyPair = pemReader.ReadObject() as AsymmetricCipherKeyPair; | |
if (keyPair == null) | |
{ | |
throw new Exception("Could not read RSA private key"); | |
} | |
var privateRsaParams = keyPair.Private as RsaPrivateCrtKeyParameters; | |
rsaParams = DotNetUtilities.ToRSAParameters(privateRsaParams); | |
} | |
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) | |
{ | |
rsa.ImportParameters(rsaParams); | |
//Dictionary<string, object> payload = claims.ToDictionary(k => k.Type, v => (object)v.Value); | |
var payload = JsonConvert.SerializeObject(signedClaim); | |
return Jose.JWT.Encode(payload, rsa, JwsAlgorithm.RS256); | |
} | |
} | |
public string DecodeToken(string token, string publicRsaKey) | |
{ | |
RSAParameters rsaParams; | |
using (var tr = new StringReader(publicRsaKey)) | |
{ | |
var pemReader = new PemReader(tr); | |
var publicKeyParams = pemReader.ReadObject() as RsaKeyParameters; | |
if (publicKeyParams == null) | |
{ | |
throw new Exception("Could not read RSA public key"); | |
} | |
rsaParams = DotNetUtilities.ToRSAParameters(publicKeyParams); | |
} | |
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) | |
{ | |
rsa.ImportParameters(rsaParams); | |
// This will throw if the signature is invalid | |
return Jose.JWT.Decode(token, rsa, JwsAlgorithm.RS256); | |
} | |
} | |
public SignedClaim CreateJwtToken(string consentId, string identifier, string nonce) | |
{ | |
return new SignedClaim | |
{ | |
Aud = "https://sandbox.api.barclays", | |
Scope = "openid accounts", | |
Iss = "bdn-8Zpkl9dCbN2tArm2TrgretrtKSexT2XxQ26uL8B", | |
ResponseType = "code id_token", | |
RedirectUri = "TEST_REDIRECT_URL", | |
State = identifier, | |
Exp = DateTimeOffset.UtcNow.AddMinutes(10).ToUnixTimeSeconds(), | |
Nonce = nonce, | |
ClientId = "bdn-8Zpkl9dCbN2tAeerertreterexT2XxQ26uL8B", | |
Claims = new Claims | |
{ | |
IdToken = new IdToken | |
{ | |
Acr = new Acr | |
{ | |
Essential = true, | |
Value = "urn:openbanking:psd2:sca", | |
}, | |
OpenbankingIntentId = new Acr | |
{ | |
Essential = true, | |
Value = consentId, | |
}, | |
}, | |
Userinfo = new Userinfo | |
{ | |
OpenbankingIntentId = new Acr | |
{ | |
Value = consentId, | |
Essential = true, | |
}, | |
}, | |
}, | |
}; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment