public async Task <JwsPayload> UnSign(string jws)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
var protectedHeader = _jwsParser.GetHeader(jws);
if (protectedHeader == null)
{
return(null);
}
var jsonWebKeySet = await _identityServerClientFactory.CreateJwksClient()
.ResolveAsync(_parametersProvider.GetOpenIdConfigurationUrl())
.ConfigureAwait(false);
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(jsonWebKeySet);
if (jsonWebKeys == null ||
!jsonWebKeys.Any(j => j.Kid == protectedHeader.Kid))
{
return(null);
}
var jsonWebKey = jsonWebKeys.First(j => j.Kid == protectedHeader.Kid);
if (protectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE)
{
return(_jwsParser.GetPayload(jws));
}
return(_jwsParser.ValidateSignature(jws, jsonWebKey));
}
public async Task <JwsPayload> UnSign(string jws, string openidProvider)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
if (string.IsNullOrWhiteSpace(openidProvider))
{
throw new ArgumentNullException(nameof(openidProvider));
}
var protectedHeader = _jwsParser.GetHeader(jws);
if (protectedHeader == null)
{
return(null);
}
if (protectedHeader.Alg == SimpleIdServer.Core.Jwt.Constants.JwsAlgNames.NONE)
{
return(_jwsParser.GetPayload(jws));
}
var jsonWebKeySet = await _identityServerClientFactory.CreateJwksClient().ResolveAsync(openidProvider).ConfigureAwait(false);
return(_jwsParser.ValidateSignature(jws, jsonWebKeySet));
}
public Task <JwsPayload> UnSign(string jws, PolicyRule policyRule)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
if (policyRule == null)
{
throw new ArgumentNullException(nameof(policyRule));
}
var protectedHeader = _jwsParser.GetHeader(jws);
if (protectedHeader == null)
{
return(null);
}
if (protectedHeader.Alg == SimpleIdentityServer.Core.Jwt.Constants.JwsAlgNames.NONE)
{
return(Task.FromResult(_jwsParser.GetPayload(jws)));
}
var jsonWebKey = new JsonWebKey
{
Kty = KeyType.RSA,
Kid = protectedHeader.Kid,
SerializedKey = policyRule.SerializedCertificate
};
return(Task.FromResult(_jwsParser.ValidateSignature(jws, jsonWebKey)));
}
private JwsPayload UnSignWithJsonWebKey(JsonWebKey jsonWebKey, JwsProtectedHeader jwsProtectedHeader, string jws)
{
if (jsonWebKey == null
&& jwsProtectedHeader.Alg != Jwt.Constants.JwsAlgNames.NONE)
{
return null;
}
if (jwsProtectedHeader.Alg == Jwt.Constants.JwsAlgNames.NONE)
{
return _jwsParser.GetPayload(jws);
}
return _jwsParser.ValidateSignature(jws, jsonWebKey);
}
public async Task <JwsPayload> UnSign(
string jws,
string jwks)
{
if (string.IsNullOrWhiteSpace(jws))
{
throw new ArgumentNullException(nameof(jws));
}
if (string.IsNullOrWhiteSpace(jwks))
{
throw new ArgumentNullException(nameof(jwks));
}
var protectedHeader = _jwsParser.GetHeader(jws);
if (protectedHeader == null)
{
return(null);
}
var jsonWebKey = await GetJsonWebKey(jwks, protectedHeader.Kid);
if (jsonWebKey == null &&
protectedHeader.Alg != Core.Jwt.Constants.JwsAlgNames.NONE)
{
return(null);
}
if (protectedHeader.Alg == Core.Jwt.Constants.JwsAlgNames.NONE)
{
return(_jwsParser.GetPayload(jws));
}
return(_jwsParser.ValidateSignature(jws, jsonWebKey));
}
public async Task <JwsInformationResult> Execute(GetJwsParameter getJwsParameter)
{
if (getJwsParameter == null || string.IsNullOrWhiteSpace(getJwsParameter.Jws))
{
throw new ArgumentNullException(nameof(getJwsParameter));
}
Uri uri = null;
if (!string.IsNullOrWhiteSpace(getJwsParameter.Url))
{
if (!Uri.TryCreate(getJwsParameter.Url, UriKind.Absolute, out uri))
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheUrlIsNotWellFormed, getJwsParameter.Url));
}
}
var jws = getJwsParameter.Jws;
var jwsHeader = _jwsParser.GetHeader(jws);
if (jwsHeader == null)
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidRequestCode,
ErrorDescriptions.TheTokenIsNotAValidJws);
}
if (!string.Equals(jwsHeader.Alg, Constants.JwsAlgNames.NONE, StringComparison.CurrentCultureIgnoreCase) &&
uri == null)
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidRequestCode,
ErrorDescriptions.TheSignatureCannotBeChecked);
}
var result = new JwsInformationResult
{
Header = jwsHeader
};
JwsPayload payload = null;
if (!string.Equals(jwsHeader.Alg, Constants.JwsAlgNames.NONE, StringComparison.CurrentCultureIgnoreCase))
{
var jsonWebKey = await _jsonWebKeyHelper.GetJsonWebKey(jwsHeader.Kid, uri).ConfigureAwait(false);
if (jsonWebKey == null)
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheJsonWebKeyCannotBeFound, jwsHeader.Kid, uri.AbsoluteUri));
}
payload = _jwsParser.ValidateSignature(jws, jsonWebKey);
if (payload == null)
{
throw new IdentityServerManagerException(
ErrorCodes.InvalidRequestCode,
ErrorDescriptions.TheSignatureIsNotCorrect);
}
var jsonWebKeyDic = _jsonWebKeyEnricher.GetJsonWebKeyInformation(jsonWebKey);
jsonWebKeyDic.AddRange(_jsonWebKeyEnricher.GetPublicKeyInformation(jsonWebKey));
result.JsonWebKey = jsonWebKeyDic;
}
else
{
payload = _jwsParser.GetPayload(jws);
}
result.Payload = payload;
return(result);
}
