JWT Verify

FIT5032-Assignment/Controllers/HomeController.cs

@@ -10,11 +10,87 @@ using System.Text;
 using BCryptNet = BCrypt.Net.BCrypt;
 using System.Diagnostics;
 using System.Net;
+using System.IdentityModel.Tokens.Jwt;
+using Microsoft.IdentityModel.Tokens;
+using System.IO;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.OpenSsl;
+using Org.BouncyCastle.Security;
 
 namespace FIT5032_Assignment.Controllers
 {
     public class HomeController : Controller
     {
+        public static RsaSecurityKey LoadRsaSecurityKeyFromPem(string pem)
+        {
+            TextReader textReader = new StringReader(pem);
+            PemReader pemReader = new PemReader(textReader);
+            AsymmetricKeyParameter keyParameter = (AsymmetricKeyParameter)pemReader.ReadObject();
+
+            RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters((Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)keyParameter);
+            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
+            rsa.ImportParameters(rsaParameters);
+
+            return new RsaSecurityKey(rsa);
+        }
+        private String loginVerify(string token)
+        {
+
+            var jwtHandler = new JwtSecurityTokenHandler();
+            var jwtToken = jwtHandler.ReadJwtToken(token);
+
+            string base64Publickey = "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQTRUWEQwVEh4NnJjNXlQcXM0Skw5M01nVEgvTS95Z2s3V1pYWWsrS01XTTA0bDdzM3owRlMKODlDRE56SFJkbVpJb3RCbDgrcUJ5TUwvck5VcUhXMnJ1Uzg0dmxFaWdza2djK2RsaitCZXFsaGsySFRpQitpegpQcGdCU1FJc2YrZjdSU3dkYktFS2hRQm1La3MxVGF4YWNDUndPVWJKT1VQbjJXZmhVSHhRd0FwZGNCQWdNdHVNCld3QzJZRThGblFRZDhxc3dMTTBGQWhoSzUrdXRXY0s0bHdCVlFxUGJRaUJZYnZmWXkwYVF6UFB2V2NMR1JvR00KUVA1b1JCTmRuRzQ4Sm9Eb2tCSEJkbCt4RzM1L1U2N1BvejFKY0VVSnpWTHdIUFNHa0xyRU1OYlFrbnJSK2tHZwpnS1dWNFpvYWVOSHZVeFE3YVg3SElFMlc1UnIwRmxGUG1RSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K";
+            RsaSecurityKey rsaKey = LoadRsaSecurityKeyFromPem(Encoding.UTF8.GetString(Convert.FromBase64String(base64Publickey)));
+            // Valid time 3600s
+            var validationParameters = new TokenValidationParameters()
+            {
+                ValidIssuer = "https://auth.passage.id/v1/apps/ZHM5whW5xsZEczTn2loffzjN",
+                ValidateAudience = false,
+                IssuerSigningKey = rsaKey,
+                ValidateLifetime = true,
+                ClockSkew = TimeSpan.FromSeconds(3600)
+            };
+
+            try
+            {
+                var claimsPrincipal = jwtHandler.ValidateToken(token, validationParameters, out var rawValidatedToken);
+            }
+            catch (SecurityTokenExpiredException)
+            {
+                Trace.WriteLine("Token has expired");
+                return null;
+            }
+            catch (SecurityTokenInvalidSignatureException)
+            {
+                Trace.WriteLine("Token has invalid signature");
+                return null;
+            }
+            catch (SecurityTokenInvalidIssuerException)
+            {
+                Trace.WriteLine("Token has invalid issuer");
+                return null;
+            }
+            catch (SecurityTokenInvalidAudienceException)
+            {
+                Trace.WriteLine("Token has invalid audience");
+                return null;
+            }
+            catch (SecurityTokenValidationException)
+            {
+                Trace.WriteLine("Token failed validation");
+                return null;
+            }
+            catch (ArgumentException)
+            {
+                Trace.WriteLine("Token was empty or null");
+                return null;
+            }
+
+            string sub = jwtToken.Claims.First(claim => claim.Type == "sub").Value;
+
+            return sub;
+        }
+
         private Database1Entities db = new Database1Entities();
 
         private string GenerateRandomString(int length)
@@ -41,6 +117,17 @@ namespace FIT5032_Assignment.Controllers
             // See cookies
             var psg_auth_token = Request.Cookies["psg_auth_token"];
             Trace.WriteLine(psg_auth_token.Value);
+            // JWT Verify
+            string sub = loginVerify(psg_auth_token.Value);
+            if (sub == null)
+            {
+                return RedirectToAction("Login");
+            }
+            else
+            {
+                Trace.WriteLine(sub);
+            }
+            
             return View();
         }
 

FIT5032-Assignment/FIT5032-Assignment.csproj

@@ -49,6 +49,9 @@
     <Reference Include="BCrypt.Net-Next, Version=4.0.3.0, Culture=neutral, PublicKeyToken=1e11be04b6288443, processorArchitecture=MSIL">
       <HintPath>..\packages\BCrypt.Net-Next.4.0.3\lib\net48\BCrypt.Net-Next.dll</HintPath>
     </Reference>
+    <Reference Include="BouncyCastle.Crypto, Version=1.8.9.0, Culture=neutral, PublicKeyToken=0e99375e54769942">
+      <HintPath>..\packages\BouncyCastle.1.8.9\lib\BouncyCastle.Crypto.dll</HintPath>
+    </Reference>
     <Reference Include="EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL">
       <HintPath>..\packages\EntityFramework.6.4.4\lib\net45\EntityFramework.dll</HintPath>
     </Reference>
@@ -62,6 +65,18 @@
       <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.6.0.0\lib\net461\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
+    <Reference Include="Microsoft.IdentityModel.Abstractions, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Abstractions.7.0.0\lib\net472\Microsoft.IdentityModel.Abstractions.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.7.0.0\lib\net472\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.7.0.0\lib\net472\Microsoft.IdentityModel.Logging.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.7.0.0\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    </Reference>
     <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
       <HintPath>..\packages\Newtonsoft.Json.13.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
@@ -71,8 +86,11 @@
     </Reference>
     <Reference Include="System.Data" />
     <Reference Include="System.Drawing" />
-    <Reference Include="System.Memory, Version=4.0.1.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Memory.4.5.4\lib\net461\System.Memory.dll</HintPath>
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.7.0.0\lib\net472\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Memory, Version=4.0.1.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Memory.4.5.5\lib\net461\System.Memory.dll</HintPath>
     </Reference>
     <Reference Include="System.Numerics" />
     <Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">

FIT5032-Assignment/Web.config

@@ -56,6 +56,18 @@
         <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.0.0.7" newVersion="6.0.0.7" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>

FIT5032-Assignment/packages.config

@@ -3,6 +3,7 @@
   <package id="Antlr" version="3.5.0.2" targetFramework="net48" />
   <package id="BCrypt.Net-Next" version="4.0.3" targetFramework="net48" />
   <package id="bootstrap" version="5.2.3" targetFramework="net48" />
+  <package id="BouncyCastle" version="1.8.9" targetFramework="net48" />
   <package id="EntityFramework" version="6.4.4" targetFramework="net48" />
   <package id="jQuery" version="3.4.1" targetFramework="net48" />
   <package id="jQuery.Validation" version="1.17.0" targetFramework="net48" />
@@ -13,12 +14,17 @@
   <package id="Microsoft.AspNet.WebPages" version="3.2.9" targetFramework="net48" />
   <package id="Microsoft.Bcl.AsyncInterfaces" version="6.0.0" targetFramework="net48" />
   <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="2.0.1" targetFramework="net48" />
+  <package id="Microsoft.IdentityModel.Abstractions" version="7.0.0" targetFramework="net48" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="7.0.0" targetFramework="net48" />
+  <package id="Microsoft.IdentityModel.Logging" version="7.0.0" targetFramework="net48" />
+  <package id="Microsoft.IdentityModel.Tokens" version="7.0.0" targetFramework="net48" />
   <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.11" targetFramework="net48" />
   <package id="Microsoft.Web.Infrastructure" version="2.0.1" targetFramework="net48" />
   <package id="Modernizr" version="2.8.3" targetFramework="net48" />
   <package id="Newtonsoft.Json" version="13.0.2" targetFramework="net48" />
   <package id="System.Buffers" version="4.5.1" targetFramework="net48" />
-  <package id="System.Memory" version="4.5.4" targetFramework="net48" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="7.0.0" targetFramework="net48" />
+  <package id="System.Memory" version="4.5.5" targetFramework="net48" />
   <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net48" />
   <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net48" />
   <package id="System.Text.Encodings.Web" version="6.0.0" targetFramework="net48" />