From e4c507b95ff6948f07b01ffe3fc64bedbaad0e3b Mon Sep 17 00:00:00 2001 From: Bud Marrical Date: Tue, 22 Jun 2021 13:57:57 -0500 Subject: [PATCH 1/2] Upgraded to System.IdentityModel.Tokens.Jwt 5.6.0 --- .../Platibus.IntegrationTests.csproj | 7 ++-- .../Platibus.SampleApi.csproj | 6 +-- .../App_Start/Startup.cs | 40 +++++++++++-------- .../Platibus.SampleWebApp.csproj | 13 +++++- Source/Platibus.SampleWebApp/Web.config | 2 +- Source/Platibus.SampleWebApp/packages.config | 5 ++- .../Platibus.UnitTests.csproj | 9 +++-- Source/Platibus/Platibus.csproj | 7 ++-- 8 files changed, 55 insertions(+), 34 deletions(-) diff --git a/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj b/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj index 83f4fb4c..4b083295 100644 --- a/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj +++ b/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj @@ -14,6 +14,7 @@ + @@ -60,7 +61,7 @@ - + @@ -78,9 +79,9 @@ - + - + diff --git a/Source/Platibus.SampleApi/Platibus.SampleApi.csproj b/Source/Platibus.SampleApi/Platibus.SampleApi.csproj index b6a90e58..ab2afb82 100644 --- a/Source/Platibus.SampleApi/Platibus.SampleApi.csproj +++ b/Source/Platibus.SampleApi/Platibus.SampleApi.csproj @@ -10,9 +10,9 @@ - - - + + + diff --git a/Source/Platibus.SampleWebApp/App_Start/Startup.cs b/Source/Platibus.SampleWebApp/App_Start/Startup.cs index b4af49b8..29ad76c1 100644 --- a/Source/Platibus.SampleWebApp/App_Start/Startup.cs +++ b/Source/Platibus.SampleWebApp/App_Start/Startup.cs @@ -12,12 +12,14 @@ using Platibus.SampleWebApp.IdentityServer; using System; using System.IdentityModel.Tokens; +using System.Linq; using System.Security.Claims; using System.Security.Cryptography.X509Certificates; using System.Threading.Tasks; using Platibus.Diagnostics; using Platibus.SampleWebApp.Controllers; using AuthenticationOptions = IdentityServer3.Core.Configuration.AuthenticationOptions; +using JwtSecurityTokenHandler = System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler; [assembly: OwinStartup(typeof(Startup))] @@ -147,26 +149,11 @@ private static ClaimsIdentity CreateIdentity(AuthenticationTicket authentication return new ClaimsIdentity(authenticationType); } - public static async Task AddUserInfoClaims(ClaimsIdentity identity, OpenIdConnectAuthenticationOptions options, string accessToken) + private static async Task AddUserInfoClaims(ClaimsIdentity identity, OpenIdConnectAuthenticationOptions options, string accessToken) { var userInfoClient = new UserInfoClient(options.Authority + "/connect/userinfo"); var userInfo = await userInfoClient.GetAsync(accessToken); - foreach (var claim in userInfo.Claims) - { - // JWT specifies claim types like "sub", "iss", "aud", etc. whereas the .NET - // platform has claim types that are more verbose - // ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" for example). To - // ensure good interop with Windows/.NET claims and other security primitives the - // JwtSecurityTokenHandler.InboundClaimsMap can be leveraged to map the JWT claims - // onto their .NET equivalents. - var inboundClaimType = claim.Type; - string mappedClaimType; - if (!JwtSecurityTokenHandler.InboundClaimTypeMap.TryGetValue(inboundClaimType, out mappedClaimType)) - { - mappedClaimType = inboundClaimType; - } - identity.AddClaim(new Claim(mappedClaimType, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer, claim.Subject)); - } + identity = userInfo.Claims.Aggregate(identity, (current, claim) => AddDotNetEquivalentClaim(current, claim)); // The "sub" claim is (rightly) mapped to the .NET // "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" claim. @@ -185,6 +172,25 @@ public static async Task AddUserInfoClaims(ClaimsIdentity identity, OpenIdConnec } } + private static ClaimsIdentity AddDotNetEquivalentClaim(ClaimsIdentity identity, Claim claim) + { + // JWT specifies claim types like "sub", "iss", "aud", etc. whereas the .NET + // platform has claim types that are more verbose + // ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" for example). To + // ensure good interop with Windows/.NET claims and other security primitives the + // JwtSecurityTokenHandler.InboundClaimsMap can be leveraged to map the JWT claims + // onto their .NET equivalents. + var inboundClaimType = claim.Type; + string mappedClaimType; + if (!JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.TryGetValue(inboundClaimType, out mappedClaimType)) + { + mappedClaimType = inboundClaimType; + } + + identity.AddClaim(new Claim(mappedClaimType, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer, claim.Subject)); + return identity; + } + private static X509Certificate2 LoadCertificate() { return new X509Certificate2( diff --git a/Source/Platibus.SampleWebApp/Platibus.SampleWebApp.csproj b/Source/Platibus.SampleWebApp/Platibus.SampleWebApp.csproj index d29740f9..0eb1480c 100644 --- a/Source/Platibus.SampleWebApp/Platibus.SampleWebApp.csproj +++ b/Source/Platibus.SampleWebApp/Platibus.SampleWebApp.csproj @@ -68,9 +68,18 @@ ..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.7\lib\net45\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll + + ..\packages\Microsoft.IdentityModel.JsonWebTokens.5.6.0\lib\net451\Microsoft.IdentityModel.JsonWebTokens.dll + + + ..\packages\Microsoft.IdentityModel.Logging.5.6.0\lib\net451\Microsoft.IdentityModel.Logging.dll + ..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.0\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll + + ..\packages\Microsoft.IdentityModel.Tokens.5.6.0\lib\net451\Microsoft.IdentityModel.Tokens.dll + ..\packages\Microsoft.Owin.3.1.0\lib\net45\Microsoft.Owin.dll @@ -102,8 +111,8 @@ - - ..\packages\System.IdentityModel.Tokens.Jwt.4.0.4.403061554\lib\net45\System.IdentityModel.Tokens.Jwt.dll + + ..\packages\System.IdentityModel.Tokens.Jwt.5.6.0\lib\net451\System.IdentityModel.Tokens.Jwt.dll ..\packages\Microsoft.AspNet.WebApi.Client.5.2.0\lib\net45\System.Net.Http.Formatting.dll diff --git a/Source/Platibus.SampleWebApp/Web.config b/Source/Platibus.SampleWebApp/Web.config index e2dbb445..41bd1fc5 100644 --- a/Source/Platibus.SampleWebApp/Web.config +++ b/Source/Platibus.SampleWebApp/Web.config @@ -146,7 +146,7 @@ - + diff --git a/Source/Platibus.SampleWebApp/packages.config b/Source/Platibus.SampleWebApp/packages.config index de07dfbd..84e350b8 100644 --- a/Source/Platibus.SampleWebApp/packages.config +++ b/Source/Platibus.SampleWebApp/packages.config @@ -18,7 +18,10 @@ + + + @@ -33,7 +36,7 @@ - + diff --git a/Source/Platibus.UnitTests/Platibus.UnitTests.csproj b/Source/Platibus.UnitTests/Platibus.UnitTests.csproj index a475ffd9..4462f2a9 100644 --- a/Source/Platibus.UnitTests/Platibus.UnitTests.csproj +++ b/Source/Platibus.UnitTests/Platibus.UnitTests.csproj @@ -14,7 +14,8 @@ - + + @@ -48,7 +49,7 @@ - + @@ -59,8 +60,8 @@ - - + + diff --git a/Source/Platibus/Platibus.csproj b/Source/Platibus/Platibus.csproj index 70c29255..aba98f3e 100644 --- a/Source/Platibus/Platibus.csproj +++ b/Source/Platibus/Platibus.csproj @@ -17,6 +17,7 @@ + @@ -31,7 +32,7 @@ - + @@ -45,9 +46,9 @@ - + - + \ No newline at end of file From 44710060b31190a328bc76a36ef257e99feccbd0 Mon Sep 17 00:00:00 2001 From: Bud Marrical Date: Tue, 22 Jun 2021 17:08:34 -0500 Subject: [PATCH 2/2] Cleared up build issues for the new version of Tokens.Jwt and the differences between standard and framework --- .../Platibus.IntegrationTests.csproj | 2 +- ...ervicesProviderMessageQueueingServiceTests.cs | 3 +-- ...ervicesProviderMessageQueueingServiceTests.cs | 2 +- .../Platibus.UnitTests/Platibus.UnitTests.csproj | 2 +- .../SQLite/AesEncryptedSQLiteFixture.cs | 1 - .../Security/AesMessageEncryptionServiceTests.cs | 10 ---------- .../Security/JwtSecurityTokenServiceTests.cs | 16 ++-------------- .../Platibus.UnitTests/Security/KeyGenerator.cs | 12 +----------- Source/Platibus/Platibus.csproj | 2 +- .../Security/AesMessageEncryptionOptions.cs | 5 ----- .../Security/AesMessageEncryptionService.cs | 12 ------------ .../Platibus/Security/HexEncodedSecurityKey.cs | 12 +----------- .../Platibus/Security/JwtSecurityTokenService.cs | 15 +++------------ .../Security/JwtSecurityTokenServiceOptions.cs | 5 ----- 14 files changed, 12 insertions(+), 87 deletions(-) diff --git a/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj b/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj index 4b083295..00d5fe22 100644 --- a/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj +++ b/Source/Platibus.IntegrationTests/Platibus.IntegrationTests.csproj @@ -62,7 +62,7 @@ - + diff --git a/Source/Platibus.UnitTests/Filesystem/FilesystemServicesProviderMessageQueueingServiceTests.cs b/Source/Platibus.UnitTests/Filesystem/FilesystemServicesProviderMessageQueueingServiceTests.cs index 79798e73..7e77545f 100644 --- a/Source/Platibus.UnitTests/Filesystem/FilesystemServicesProviderMessageQueueingServiceTests.cs +++ b/Source/Platibus.UnitTests/Filesystem/FilesystemServicesProviderMessageQueueingServiceTests.cs @@ -38,7 +38,6 @@ public FilesystemServicesProviderMessageQueueingServiceTests(FilesystemFixture f Configuration = new ConfigurationBuilder() .AddInMemoryCollection() .Build(); - #endif Path = fixture.BaseDirectory; Message = new Message(new MessageHeaders @@ -86,7 +85,7 @@ protected void GivenEncryption() { Enabled = true, Provider = "AES", - Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().GetSymmetricKey()) + Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().Key) }; #endif #if NETCOREAPP2_0 diff --git a/Source/Platibus.UnitTests/MongoDB/MongoDBServicesProviderMessageQueueingServiceTests.cs b/Source/Platibus.UnitTests/MongoDB/MongoDBServicesProviderMessageQueueingServiceTests.cs index 574079e8..0bfc9a77 100644 --- a/Source/Platibus.UnitTests/MongoDB/MongoDBServicesProviderMessageQueueingServiceTests.cs +++ b/Source/Platibus.UnitTests/MongoDB/MongoDBServicesProviderMessageQueueingServiceTests.cs @@ -123,7 +123,7 @@ protected void GivenEncryption() { Enabled = true, Provider = "AES", - Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().GetSymmetricKey()) + Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().Key) }; #endif #if NETCOREAPP2_0 diff --git a/Source/Platibus.UnitTests/Platibus.UnitTests.csproj b/Source/Platibus.UnitTests/Platibus.UnitTests.csproj index 4462f2a9..ffa53b87 100644 --- a/Source/Platibus.UnitTests/Platibus.UnitTests.csproj +++ b/Source/Platibus.UnitTests/Platibus.UnitTests.csproj @@ -50,7 +50,7 @@ - + diff --git a/Source/Platibus.UnitTests/SQLite/AesEncryptedSQLiteFixture.cs b/Source/Platibus.UnitTests/SQLite/AesEncryptedSQLiteFixture.cs index bd352553..ef18ef4b 100644 --- a/Source/Platibus.UnitTests/SQLite/AesEncryptedSQLiteFixture.cs +++ b/Source/Platibus.UnitTests/SQLite/AesEncryptedSQLiteFixture.cs @@ -1,5 +1,4 @@ using System; -using System.Data; using System.IO; using Platibus.Diagnostics; using Platibus.Security; diff --git a/Source/Platibus.UnitTests/Security/AesMessageEncryptionServiceTests.cs b/Source/Platibus.UnitTests/Security/AesMessageEncryptionServiceTests.cs index c8658271..d3325d22 100644 --- a/Source/Platibus.UnitTests/Security/AesMessageEncryptionServiceTests.cs +++ b/Source/Platibus.UnitTests/Security/AesMessageEncryptionServiceTests.cs @@ -31,12 +31,7 @@ using Platibus.IO; using Platibus.Security; using Xunit; -#if NET452 -using System.IdentityModel.Tokens; -#endif -#if NETCOREAPP2_0 using Microsoft.IdentityModel.Tokens; -#endif namespace Platibus.UnitTests.Security { @@ -135,12 +130,7 @@ protected void GivenIncorrectKey() protected async Task GivenInvalidSignature() { -#if NET452 - var key = Options.Key.GetSymmetricKey(); -#endif -#if NETCOREAPP2_0 var key = Options.Key.Key; -#endif using (var hmac = new HMACSHA256(key)) { var originalMessageHeaders = Message.Headers; diff --git a/Source/Platibus.UnitTests/Security/JwtSecurityTokenServiceTests.cs b/Source/Platibus.UnitTests/Security/JwtSecurityTokenServiceTests.cs index 6ae8a121..a09eac27 100644 --- a/Source/Platibus.UnitTests/Security/JwtSecurityTokenServiceTests.cs +++ b/Source/Platibus.UnitTests/Security/JwtSecurityTokenServiceTests.cs @@ -22,11 +22,11 @@ using System; using System.Collections.Generic; +using Microsoft.IdentityModel.Tokens; #if NET452 -using System.IdentityModel.Tokens; +using JwtSecurityTokenHandler = System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler; #endif #if NETCOREAPP2_0 -using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; #endif using System.Linq; @@ -116,17 +116,6 @@ public async Task MessageSecurityTokenSignedWithFallbackKeyCanBeValidated() AssertIssuedTokenIsValid(); } -#if NET452 - protected SymmetricSecurityKey GenerateSecurityKey() - { - var signingKeyBytes = new byte[16]; - RNG.GetBytes(signingKeyBytes); - // Output for testing/verification on jwt.io - Console.WriteLine(Convert.ToBase64String(signingKeyBytes)); - return new InMemorySymmetricSecurityKey(signingKeyBytes); - } -#endif -#if NETCOREAPP2_0 protected SymmetricSecurityKey GenerateSecurityKey() { var signingKeyBytes = new byte[16]; @@ -135,7 +124,6 @@ protected SymmetricSecurityKey GenerateSecurityKey() Console.WriteLine(Convert.ToBase64String(signingKeyBytes)); return new SymmetricSecurityKey(signingKeyBytes); } -#endif protected void GivenNoSigningKey() { diff --git a/Source/Platibus.UnitTests/Security/KeyGenerator.cs b/Source/Platibus.UnitTests/Security/KeyGenerator.cs index 3e9c13ca..2437a15d 100644 --- a/Source/Platibus.UnitTests/Security/KeyGenerator.cs +++ b/Source/Platibus.UnitTests/Security/KeyGenerator.cs @@ -1,9 +1,4 @@ -#if NET452 -using System.IdentityModel.Tokens; -#endif -#if NETCOREAPP2_0 -using Microsoft.IdentityModel.Tokens; -#endif +using Microsoft.IdentityModel.Tokens; using System.Security.Cryptography; namespace Platibus.UnitTests.Security @@ -16,12 +11,7 @@ public static SymmetricSecurityKey GenerateAesKey() { csp.KeySize = 256; csp.GenerateKey(); -#if NET452 - return new InMemorySymmetricSecurityKey(csp.Key); -#endif -#if NETCOREAPP2_0 return new SymmetricSecurityKey(csp.Key); -#endif } } } diff --git a/Source/Platibus/Platibus.csproj b/Source/Platibus/Platibus.csproj index aba98f3e..a60d08a8 100644 --- a/Source/Platibus/Platibus.csproj +++ b/Source/Platibus/Platibus.csproj @@ -33,7 +33,7 @@ - + diff --git a/Source/Platibus/Security/AesMessageEncryptionOptions.cs b/Source/Platibus/Security/AesMessageEncryptionOptions.cs index d93ec529..4da062f0 100644 --- a/Source/Platibus/Security/AesMessageEncryptionOptions.cs +++ b/Source/Platibus/Security/AesMessageEncryptionOptions.cs @@ -20,12 +20,7 @@ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. -#if NET452 || NET461 -using System.IdentityModel.Tokens; -#endif -#if NETSTANDARD2_0 using Microsoft.IdentityModel.Tokens; -#endif using Platibus.Diagnostics; using System; using System.Collections.Generic; diff --git a/Source/Platibus/Security/AesMessageEncryptionService.cs b/Source/Platibus/Security/AesMessageEncryptionService.cs index 0b2caf24..6defd8d4 100644 --- a/Source/Platibus/Security/AesMessageEncryptionService.cs +++ b/Source/Platibus/Security/AesMessageEncryptionService.cs @@ -53,17 +53,6 @@ public AesMessageEncryptionService(AesMessageEncryptionOptions options) if (options == null) throw new ArgumentNullException(nameof(options)); _diagnosticService = options.DiagnosticService; -#if NET452 || NET461 - _encryptionKey = options.Key.GetSymmetricKey(); - _decryptionKeys = new[] {_encryptionKey}.Union( - options.FallbackKeys? - .Where(k => k != null) - .Select(k => k.GetSymmetricKey()) - .ToList() - ?? Enumerable.Empty()) - .ToList(); -#endif -#if NETSTANDARD2_0 _encryptionKey = options.Key.Key; _decryptionKeys = new[] {_encryptionKey}.Union( options.FallbackKeys? @@ -72,7 +61,6 @@ public AesMessageEncryptionService(AesMessageEncryptionOptions options) .ToList() ?? Enumerable.Empty()) .ToList(); -#endif } public async Task Encrypt(Message message) diff --git a/Source/Platibus/Security/HexEncodedSecurityKey.cs b/Source/Platibus/Security/HexEncodedSecurityKey.cs index 1e8ead7f..539079f1 100644 --- a/Source/Platibus/Security/HexEncodedSecurityKey.cs +++ b/Source/Platibus/Security/HexEncodedSecurityKey.cs @@ -20,13 +20,7 @@ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. -#if NET452 || NET461 -using System.IdentityModel.Tokens; -#endif -#if NETSTANDARD2_0 using Microsoft.IdentityModel.Tokens; -#endif - namespace Platibus.Security { /// @@ -34,12 +28,8 @@ namespace Platibus.Security /// A implementation based on a bytes represented as hexadecimal /// degits /// -#if NET452 || NET461 - public class HexEncodedSecurityKey : InMemorySymmetricSecurityKey -#endif -#if NETSTANDARD2_0 + public class HexEncodedSecurityKey : SymmetricSecurityKey -#endif { /// /// diff --git a/Source/Platibus/Security/JwtSecurityTokenService.cs b/Source/Platibus/Security/JwtSecurityTokenService.cs index 443ba71d..bfa69858 100644 --- a/Source/Platibus/Security/JwtSecurityTokenService.cs +++ b/Source/Platibus/Security/JwtSecurityTokenService.cs @@ -27,12 +27,12 @@ using System.Security.Principal; using System.Threading.Tasks; using Platibus.Diagnostics; +using Microsoft.IdentityModel.Tokens; #if NET452 || NET461 -using System.IdentityModel.Tokens; using System.IdentityModel.Protocols.WSTrust; +using JwtSecurityTokenHandler = System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler; #endif #if NETSTANDARD2_0 -using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; #endif @@ -70,6 +70,7 @@ public JwtSecurityTokenService() : this (new JwtSecurityTokenServiceOptions()) /// public JwtSecurityTokenService(JwtSecurityTokenServiceOptions options) { + // here var myOptions = options ?? new JwtSecurityTokenServiceOptions(); _diagnosticService = myOptions.DiagnosticService ?? DiagnosticService.DefaultInstance; _signingKey = myOptions.SigningKey; @@ -109,21 +110,11 @@ public Task Issue(IPrincipal principal, DateTime? expires = null) var identity = principal.Identity; var claimsIdentity = identity as ClaimsIdentity ?? new ClaimsIdentity(identity); - -#if NET452 || NET461 - var tokenDescriptor = new SecurityTokenDescriptor - { - Subject = claimsIdentity, - Lifetime = new Lifetime(DateTime.UtcNow, myExpires) - }; -#endif -#if NETSTANDARD2_0 var tokenDescriptor = new SecurityTokenDescriptor { Subject = claimsIdentity, Expires = myExpires }; -#endif if (_signingKey != null) { diff --git a/Source/Platibus/Security/JwtSecurityTokenServiceOptions.cs b/Source/Platibus/Security/JwtSecurityTokenServiceOptions.cs index c5487b4c..8390f1d5 100644 --- a/Source/Platibus/Security/JwtSecurityTokenServiceOptions.cs +++ b/Source/Platibus/Security/JwtSecurityTokenServiceOptions.cs @@ -1,11 +1,6 @@ using System; using Platibus.Diagnostics; -#if NET452 || NET461 -using System.IdentityModel.Tokens; -#endif -#if NETSTANDARD2_0 using Microsoft.IdentityModel.Tokens; -#endif namespace Platibus.Security {