Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Identity model upgrade 5.6.0 #37

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
<ItemGroup>
<PackageReference Include="Castle.Core" Version="4.2.1" />
<PackageReference Include="CompareNETObjects" Version="4.1.0" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.5.0" />
<PackageReference Include="MongoDB.Bson" Version="2.5.0" />
<PackageReference Include="MongoDB.Driver" Version="2.5.0" />
Expand Down Expand Up @@ -60,8 +61,8 @@
<PackageReference Include="Microsoft.Owin.Hosting" Version="3.1.0" />
<PackageReference Include="Microsoft.Owin.SelfHost" Version="3.1.0" />
<PackageReference Include="System.Data.SQLite.Core" Version="1.0.106.0" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="1.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="4.0.4.403061554" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.0'">
Expand All @@ -78,9 +79,9 @@
<PackageReference Include="Microsoft.Extensions.Logging.Configuration" Version="2.0.0" />
<PackageReference Include="Microsoft.Extensions.Logging.Console" Version="2.0.0" />
<PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="2.0.0" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.1.5" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.6.0" />
<PackageReference Include="System.Data.SqlClient" Version="4.4.2" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
</ItemGroup>

<ItemGroup>
Expand Down
6 changes: 3 additions & 3 deletions Source/Platibus.SampleApi/Platibus.SampleApi.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@

<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.9" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="1.1.5" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.1.5" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.6.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
</ItemGroup>

<ItemGroup>
Expand Down
40 changes: 23 additions & 17 deletions Source/Platibus.SampleWebApp/App_Start/Startup.cs
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@
using Platibus.SampleWebApp.IdentityServer;
using System;
using System.IdentityModel.Tokens;
using System.Linq;
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Platibus.Diagnostics;
using Platibus.SampleWebApp.Controllers;
using AuthenticationOptions = IdentityServer3.Core.Configuration.AuthenticationOptions;
using JwtSecurityTokenHandler = System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler;

[assembly: OwinStartup(typeof(Startup))]

Expand Down Expand Up @@ -147,26 +149,11 @@ private static ClaimsIdentity CreateIdentity(AuthenticationTicket authentication
return new ClaimsIdentity(authenticationType);
}

public static async Task AddUserInfoClaims(ClaimsIdentity identity, OpenIdConnectAuthenticationOptions options, string accessToken)
private static async Task AddUserInfoClaims(ClaimsIdentity identity, OpenIdConnectAuthenticationOptions options, string accessToken)
{
var userInfoClient = new UserInfoClient(options.Authority + "/connect/userinfo");
var userInfo = await userInfoClient.GetAsync(accessToken);
foreach (var claim in userInfo.Claims)
{
// JWT specifies claim types like "sub", "iss", "aud", etc. whereas the .NET
// platform has claim types that are more verbose
// ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" for example). To
// ensure good interop with Windows/.NET claims and other security primitives the
// JwtSecurityTokenHandler.InboundClaimsMap can be leveraged to map the JWT claims
// onto their .NET equivalents.
var inboundClaimType = claim.Type;
string mappedClaimType;
if (!JwtSecurityTokenHandler.InboundClaimTypeMap.TryGetValue(inboundClaimType, out mappedClaimType))
{
mappedClaimType = inboundClaimType;
}
identity.AddClaim(new Claim(mappedClaimType, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer, claim.Subject));
}
identity = userInfo.Claims.Aggregate(identity, (current, claim) => AddDotNetEquivalentClaim(current, claim));

// The "sub" claim is (rightly) mapped to the .NET
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" claim.
Expand All @@ -185,6 +172,25 @@ public static async Task AddUserInfoClaims(ClaimsIdentity identity, OpenIdConnec
}
}

private static ClaimsIdentity AddDotNetEquivalentClaim(ClaimsIdentity identity, Claim claim)
{
// JWT specifies claim types like "sub", "iss", "aud", etc. whereas the .NET
// platform has claim types that are more verbose
// ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" for example). To
// ensure good interop with Windows/.NET claims and other security primitives the
// JwtSecurityTokenHandler.InboundClaimsMap can be leveraged to map the JWT claims
// onto their .NET equivalents.
var inboundClaimType = claim.Type;
string mappedClaimType;
if (!JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.TryGetValue(inboundClaimType, out mappedClaimType))
{
mappedClaimType = inboundClaimType;
}

identity.AddClaim(new Claim(mappedClaimType, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer, claim.Subject));
return identity;
}

private static X509Certificate2 LoadCertificate()
{
return new X509Certificate2(
Expand Down
13 changes: 11 additions & 2 deletions Source/Platibus.SampleWebApp/Platibus.SampleWebApp.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,18 @@
<HintPath>..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.7\lib\net45\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll</HintPath>
</Reference>
<Reference Include="Microsoft.CSharp" />
<Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.5.6.0\lib\net451\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
</Reference>
<Reference Include="Microsoft.IdentityModel.Logging, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Logging.5.6.0\lib\net451\Microsoft.IdentityModel.Logging.dll</HintPath>
</Reference>
<Reference Include="Microsoft.IdentityModel.Protocol.Extensions, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.0\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
</Reference>
<Reference Include="Microsoft.IdentityModel.Tokens, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.6.0\lib\net451\Microsoft.IdentityModel.Tokens.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.Owin.3.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
</Reference>
Expand Down Expand Up @@ -102,8 +111,8 @@
<Reference Include="System.Data" />
<Reference Include="System.Drawing" />
<Reference Include="System.IdentityModel" />
<Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.4.403061554\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
<Reference Include="System.IdentityModel.Tokens.Jwt, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\System.IdentityModel.Tokens.Jwt.5.6.0\lib\net451\System.IdentityModel.Tokens.Jwt.dll</HintPath>
</Reference>
<Reference Include="System.Net.Http.Formatting, Version=5.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNet.WebApi.Client.5.2.0\lib\net45\System.Net.Http.Formatting.dll</HintPath>
Expand Down
2 changes: 1 addition & 1 deletion Source/Platibus.SampleWebApp/Web.config
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.40306.1554" newVersion="4.0.40306.1554" />
<bindingRedirect oldVersion="0.0.0.0-5.6.0.0" newVersion="5.6.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
Expand Down
5 changes: 4 additions & 1 deletion Source/Platibus.SampleWebApp/packages.config
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@
<package id="Microsoft.AspNet.WebApi.Owin" version="5.2.0" targetFramework="net452" />
<package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net452" />
<package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.7" targetFramework="net452" />
<package id="Microsoft.IdentityModel.JsonWebTokens" version="5.6.0" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Logging" version="5.6.0" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.0" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Tokens" version="5.6.0" targetFramework="net452" />
<package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net452" />
<package id="Microsoft.Net.Compilers" version="1.3.2" targetFramework="net452" developmentDependency="true" />
<package id="Microsoft.Owin" version="3.1.0" targetFramework="net452" />
Expand All @@ -33,7 +36,7 @@
<package id="Newtonsoft.Json" version="10.0.3" targetFramework="net452" />
<package id="Owin" version="1.0" targetFramework="net452" />
<package id="Respond" version="1.2.0" targetFramework="net452" />
<package id="System.IdentityModel.Tokens.Jwt" version="4.0.4.403061554" targetFramework="net452" />
<package id="System.IdentityModel.Tokens.Jwt" version="5.6.0" targetFramework="net452" />
<package id="System.Net.Http" version="4.3.3" targetFramework="net452" />
<package id="System.ValueTuple" version="4.4.0" targetFramework="net452" />
<package id="WebGrease" version="1.5.2" targetFramework="net452" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ public FilesystemServicesProviderMessageQueueingServiceTests(FilesystemFixture f
Configuration = new ConfigurationBuilder()
.AddInMemoryCollection()
.Build();

#endif
Path = fixture.BaseDirectory;
Message = new Message(new MessageHeaders
Expand Down Expand Up @@ -86,7 +85,7 @@ protected void GivenEncryption()
{
Enabled = true,
Provider = "AES",
Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().GetSymmetricKey())
Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().Key)
};
#endif
#if NETCOREAPP2_0
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ protected void GivenEncryption()
{
Enabled = true,
Provider = "AES",
Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().GetSymmetricKey())
Key = HexEncoding.GetString(KeyGenerator.GenerateAesKey().Key)
};
#endif
#if NETCOREAPP2_0
Expand Down
11 changes: 6 additions & 5 deletions Source/Platibus.UnitTests/Platibus.UnitTests.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@

<ItemGroup>
<PackageReference Include="Castle.Core" Version="4.2.1" />
<PackageReference Include="CompareNETObjects" Version="4.1.0" />
<PackageReference Include="CompareNETObjects" Version="4.1.0" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.5.0" />
<PackageReference Include="MongoDB.Bson" Version="2.5.0" />
<PackageReference Include="MongoDB.Driver" Version="2.5.0" />
Expand Down Expand Up @@ -48,8 +49,8 @@

<ItemGroup Condition="'$(TargetFramework)' == 'net452'">
<PackageReference Include="System.Data.SQLite.Core" Version="1.0.106.0" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="1.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="4.0.4.403061554" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.0'">
Expand All @@ -59,8 +60,8 @@
<PackageReference Include="Microsoft.Extensions.Configuration" Version="2.0.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="2.0.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.0.0" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.1.5" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.6.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using System.Data;
using System.IO;
using Platibus.Diagnostics;
using Platibus.Security;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,7 @@
using Platibus.IO;
using Platibus.Security;
using Xunit;
#if NET452
using System.IdentityModel.Tokens;
#endif
#if NETCOREAPP2_0
using Microsoft.IdentityModel.Tokens;
#endif

namespace Platibus.UnitTests.Security
{
Expand Down Expand Up @@ -135,12 +130,7 @@ protected void GivenIncorrectKey()

protected async Task GivenInvalidSignature()
{
#if NET452
var key = Options.Key.GetSymmetricKey();
#endif
#if NETCOREAPP2_0
var key = Options.Key.Key;
#endif
using (var hmac = new HMACSHA256(key))
{
var originalMessageHeaders = Message.Headers;
Expand Down
16 changes: 2 additions & 14 deletions Source/Platibus.UnitTests/Security/JwtSecurityTokenServiceTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@

using System;
using System.Collections.Generic;
using Microsoft.IdentityModel.Tokens;
#if NET452
using System.IdentityModel.Tokens;
using JwtSecurityTokenHandler = System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler;
#endif
#if NETCOREAPP2_0
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
#endif
using System.Linq;
Expand Down Expand Up @@ -116,17 +116,6 @@ public async Task MessageSecurityTokenSignedWithFallbackKeyCanBeValidated()
AssertIssuedTokenIsValid();
}

#if NET452
protected SymmetricSecurityKey GenerateSecurityKey()
{
var signingKeyBytes = new byte[16];
RNG.GetBytes(signingKeyBytes);
// Output for testing/verification on jwt.io
Console.WriteLine(Convert.ToBase64String(signingKeyBytes));
return new InMemorySymmetricSecurityKey(signingKeyBytes);
}
#endif
#if NETCOREAPP2_0
protected SymmetricSecurityKey GenerateSecurityKey()
{
var signingKeyBytes = new byte[16];
Expand All @@ -135,7 +124,6 @@ protected SymmetricSecurityKey GenerateSecurityKey()
Console.WriteLine(Convert.ToBase64String(signingKeyBytes));
return new SymmetricSecurityKey(signingKeyBytes);
}
#endif

protected void GivenNoSigningKey()
{
Expand Down
12 changes: 1 addition & 11 deletions Source/Platibus.UnitTests/Security/KeyGenerator.cs
Original file line number Diff line number Diff line change
@@ -1,9 +1,4 @@
#if NET452
using System.IdentityModel.Tokens;
#endif
#if NETCOREAPP2_0
using Microsoft.IdentityModel.Tokens;
#endif
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography;

namespace Platibus.UnitTests.Security
Expand All @@ -16,12 +11,7 @@ public static SymmetricSecurityKey GenerateAesKey()
{
csp.KeySize = 256;
csp.GenerateKey();
#if NET452
return new InMemorySymmetricSecurityKey(csp.Key);
#endif
#if NETCOREAPP2_0
return new SymmetricSecurityKey(csp.Key);
#endif
}
}
}
Expand Down
9 changes: 5 additions & 4 deletions Source/Platibus/Platibus.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
<PackageReference Include="Microsoft.Extensions.DependencyModel" Version="2.0.4" />
</ItemGroup>
Expand All @@ -31,8 +32,8 @@
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'net452' Or '$(TargetFramework)' == 'net461'">
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="1.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="4.0.4.403061554" />
<PackageReference Include="Microsoft.IdentityModel.Logging" Version="5.6.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
<PackageReference Include="Microsoft.Tpl.Dataflow" Version="4.5.24" />
</ItemGroup>

Expand All @@ -45,9 +46,9 @@
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
<PackageReference Include="System.Data.SqlClient" Version="4.4.2" />
<PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="2.0.0" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.1.5" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.6.0" />
<PackageReference Include="System.Net.Http" Version="4.3.3" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.1.5" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />
<PackageReference Include="System.Threading.Tasks.Dataflow" Version="4.8.0" />
</ItemGroup>
</Project>
5 changes: 0 additions & 5 deletions Source/Platibus/Security/AesMessageEncryptionOptions.cs
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,7 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.

#if NET452 || NET461
using System.IdentityModel.Tokens;
#endif
#if NETSTANDARD2_0
using Microsoft.IdentityModel.Tokens;
#endif
using Platibus.Diagnostics;
using System;
using System.Collections.Generic;
Expand Down
12 changes: 0 additions & 12 deletions Source/Platibus/Security/AesMessageEncryptionService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,6 @@ public AesMessageEncryptionService(AesMessageEncryptionOptions options)
if (options == null) throw new ArgumentNullException(nameof(options));

_diagnosticService = options.DiagnosticService;
#if NET452 || NET461
_encryptionKey = options.Key.GetSymmetricKey();
_decryptionKeys = new[] {_encryptionKey}.Union(
options.FallbackKeys?
.Where(k => k != null)
.Select(k => k.GetSymmetricKey())
.ToList()
?? Enumerable.Empty<byte[]>())
.ToList();
#endif
#if NETSTANDARD2_0
_encryptionKey = options.Key.Key;
_decryptionKeys = new[] {_encryptionKey}.Union(
options.FallbackKeys?
Expand All @@ -72,7 +61,6 @@ public AesMessageEncryptionService(AesMessageEncryptionOptions options)
.ToList()
?? Enumerable.Empty<byte[]>())
.ToList();
#endif
}

public async Task<Message> Encrypt(Message message)
Expand Down
Loading