Sign a JWT Token with RS256 with a PEM private Key in .NET 4.0

Question

I need to interact with a GitHub integration API, but specifically from .NET 4.0, so I can't use Octokit.

Basically I'm given a PEM formated private rsa key (not supported by standard .NET API) and must send a RS256 jwt token to get an auth token to interact with the API.

The following ruby sample code was provided:

# Private key contents
private_pem = File.read(path_to_pem)
private_key = OpenSSL::PKey::RSA.new(private_pem)

# Generate the JWT
payload = {
  # issued at time
  iat: Time.now.to_i,
  # JWT expiration time
  exp: 1.minute.from_now.to_i,
  # Integration's GitHub identifier
  iss: 42
}

jwt = JWT.encode(payload, private_key, "RS256")

With the following curl example

curl -i -X POST \
-H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github.machine-man-preview+json" \
https://api.github.com/installations/:installation_id/access_tokens

And the following Result example:

Status: 201 Created
{
  "token": "v1.1f699f1069f60xxx",
  "expires_at": "2016-07-11T22:14:10Z",
  "on_behalf_of": null
}

Answer 1

Was able to successfullly interact with this authentication API using the following nuget packages on .net 4.0

• BouncyCastle 1.8.1
• jose-jwt 2.1.0
• Newtonsoft.Json 9.0.1
• FSharp.Data 2.3.2

F# Code:

open System
open System.Security.Cryptography
open Jose
open Org.BouncyCastle.Crypto
open Org.BouncyCastle.Security
open Org.BouncyCastle.OpenSsl
open Org.BouncyCastle.Crypto.Parameters
open Newtonsoft.Json
open FSharp.Data

let integrationID = 42 //sample
let installID = 10 // sample
let appUserAgent = "My-App-Name" //sample

//Result Format
type InstallToken = { token:string; expires_at:DateTime ; on_behalf_of: string}

let apiBase = "https://api.github.com"
let instBase = apiBase + sprintf "/installations/%i" installID

//.Net 4.0 doesn't have a method for seconds from Epoch
let epochSeconds (date:DateTime) =
      date.ToUniversalTime().Subtract(new DateTime(1970,1,1,0,0,0,DateTimeKind.Utc)).TotalSeconds |> Convert.ToInt64

let createBotToken (pemPath:string) =

    //Parse PEM file with BouncyCastle
    use streamRead = new StreamReader(pemPath)
    let pemRead = PemReader(streamRead)
    let bcRSA:AsymmetricCipherKeyPair = downcast (pemRead.ReadObject())

    //Convert to .NET RSA object with Bouncy Castle
    let dnRSA = bcRSA.Private :?> RsaPrivateCrtKeyParameters |> DotNetUtilities.ToRSAParameters
    use key = new RSACryptoServiceProvider()
    key.ImportParameters(dnRSA)


    //JWT needs literal Dictionary<string,obj> type
    let payload= dict [
                      "iat", (DateTime.Now |> epochSeconds) :> obj ; 
                      "exp", (DateTime.Now.AddMinutes(1.0) |> epochSeconds) :> obj;
                      "iss", integrationID :> obj; 
                     ]
                  |> Dictionary<string,obj>

    //Create token with JWT
    let bearer = JWT.Encode(payload, key, JwsAlgorithm.RS256)

    //Send Request with FSharp.Data
    let iresult = Http.RequestString( instBase + "/access_tokens", httpMethod=HttpMethod.Post ,
                                                         headers=[HttpRequestHeaders.Authorization (sprintf "Bearer %s" bearer); 
                                                                  HttpRequestHeaders.UserAgent appUserAgent;
                                                                  HttpRequestHeaders.Accept "application/vnd.github.machine-man-preview+json";
                                                                  ])
    //Use Newtonsoft.Json to convert to obj
    JsonConvert.DeserializeObject<InstallToken>(iresult)