/// <summary>CreateJwtBearerTokenFlowAssertion</summary>
/// <param name="iss">client_id</param>
/// <param name="aud">Token2 EndPointのuri</param>
/// <param name="forExp">DateTimeOffset</param>
/// <param name="scopes">scopes</param>
/// <param name="xmlPrivateKey">RS256用のXML秘密鍵</param>
/// <returns>JwtAssertion</returns>
public static string CreateJwtBearerTokenFlowAssertion(
string iss, string aud, TimeSpan forExp, string scopes, string xmlPrivateKey)
{
string json = "";
string jwt = "";
#region ClaimSetの生成
Dictionary <string, object> jwtAssertionClaimSet = new Dictionary <string, object>();
jwtAssertionClaimSet.Add("iss", iss); // client_id
jwtAssertionClaimSet.Add("aud", aud); // Token2 EndPointのuri。
#if NET45
jwtAssertionClaimSet.Add("exp", PubCmnFunction.ToUnixTime(DateTimeOffset.Now.Add(forExp)).ToString());
jwtAssertionClaimSet.Add("iat", PubCmnFunction.ToUnixTime(DateTimeOffset.Now).ToString());
#else
jwtAssertionClaimSet.Add("exp", (DateTimeOffset.Now.Add(forExp)).ToUnixTimeSeconds().ToString());
jwtAssertionClaimSet.Add("iat", DateTimeOffset.Now.ToUnixTimeSeconds().ToString());
#endif
jwtAssertionClaimSet.Add("jti", Guid.NewGuid().ToString("N"));
jwtAssertionClaimSet.Add("scope", scopes); // scopes
json = JsonConvert.SerializeObject(jwtAssertionClaimSet);
#endregion
#region JWT化
JWT_RS256_XML jwtRS256 = null;
// 署名
jwtRS256 = new JWT_RS256_XML(xmlPrivateKey);
jwt = jwtRS256.Create(json);
// 検証
jwtRS256 = new JWT_RS256_XML(xmlPrivateKey);
if (jwtRS256.Verify(jwt))
{
return(jwt); // 検証できた。
}
else
{
return(""); // 検証できなかった。
}
#endregion
}
/// <summary>VerifyJwtBearerTokenFlowAssertion</summary>
/// <param name="jwtAssertion">string</param>
/// <param name="iss">client_id</param>
/// <param name="aud">Token2 EndPointのuri</param>
/// <param name="scopes">scopes</param>
/// <param name="jobj">JObject</param>
/// <param name="xmlPublicKey">RS256用のXML公開鍵</param>
/// <returns>検証結果</returns>
public static bool VerifyJwtBearerTokenFlowAssertion(string jwtAssertion,
out string iss, out string aud, out string scopes, out JObject jobj, string xmlPublicKey)
{
iss = "";
aud = "";
scopes = "";
jobj = null;
JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(xmlPublicKey);
if (jwtRS256.Verify(jwtAssertion))
{
Base64UrlTextEncoder base64UrlEncoder = new Base64UrlTextEncoder();
string jwtPayload = Encoding.UTF8.GetString(base64UrlEncoder.Decode(jwtAssertion.Split('.')[1]));
jobj = ((JObject)JsonConvert.DeserializeObject(jwtPayload));
iss = (string)jobj["iss"];
aud = (string)jobj["aud"];
//string iat = (string)jobj["iat"];
scopes = (string)jobj["scope"];
long unixTimeSeconds = 0;
#if NET45
unixTimeSeconds = PubCmnFunction.ToUnixTime(DateTimeOffset.Now);
#else
unixTimeSeconds = DateTimeOffset.Now.ToUnixTimeSeconds();
#endif
string exp = (string)jobj["exp"];
if (long.Parse(exp) >= unixTimeSeconds)
{
return(true);
}
else
{
// JWTの内容検証に失敗
}
}
else
{
// JWTの署名検証に失敗
}
// 認証に失敗
return(false);
}
static void Main(string[] args)
{
string iss = GetConfigParameter.GetConfigValue("iss");
string aud = GetConfigParameter.GetConfigValue("aud");
string scopes = "hoge1 hoge2 hoge3";
JObject jobj = null;
JWT_RS256_XML jwt_RS256 = new JWT_RS256_XML();
Console.WriteLine("PrivateKey:");
Console.WriteLine(CustomEncode.ToBase64String(
CustomEncode.StringToByte(jwt_RS256.XMLPrivateKey, CustomEncode.us_ascii)));
Console.WriteLine("");
Console.WriteLine("PublicKey:");
Console.WriteLine(CustomEncode.ToBase64String(
CustomEncode.StringToByte(jwt_RS256.XMLPublicKey, CustomEncode.us_ascii)));
Console.WriteLine("");
string jwtAssertion = JwtAssertion.CreateJwtBearerTokenFlowAssertion(
GetConfigParameter.GetConfigValue("iss"),
GetConfigParameter.GetConfigValue("aud"),
new System.TimeSpan(0, 30, 0), scopes,
jwt_RS256.XMLPrivateKey);
if (JwtAssertion.VerifyJwtBearerTokenFlowAssertion(
jwtAssertion, out iss, out aud, out scopes, out jobj, jwt_RS256.XMLPublicKey))
{
if (iss == GetConfigParameter.GetConfigValue("iss") &&
aud == GetConfigParameter.GetConfigValue("aud"))
{
Console.WriteLine("JwtAssertion:");
Console.WriteLine(jwtAssertion);
Console.WriteLine("");
Console.ReadLine();
return;
}
}
Console.WriteLine("Error");
Console.ReadLine();
}
/// <summary>JWT検証</summary>
private void btnJWTVerify_Click(object sender, EventArgs e)
{
bool ret = false;
if (rbnJWTHS256.Checked)
{
// HS256
// 入力
string[] temp = this.txtJWTSign.Text.Split('.');
// 改変可能なフィールドから入力
string newJWT =
CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8))
+ "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8))
+ "." + temp[2];
// 検証
//JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(this.txtJWTKey.Text, CustomEncode.UTF_8));
JWT_HS256 jwtHS256 = new JWT_HS256(this.txtJWTJWK.Text);
ret = jwtHS256.Verify(newJWT);
}
else if (rbnJWTRS256_XML.Checked)
{
// RS256 (XML)
// 入力
string[] temp = this.txtJWTSign.Text.Split('.');
// 改変可能なフィールドから入力
string newJWT =
CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8))
+ "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8))
+ "." + temp[2];
// 検証
JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(this.txtJWTKey.Text);
ret = jwtRS256.Verify(newJWT);
}
else if (rbnJWTRS256_Param.Checked)
{
// RS256 (Param)
// 入力
string[] temp = this.txtJWTSign.Text.Split('.');
// 改変可能なフィールドから入力
string newJWT =
CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8))
+ "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8))
+ "." + temp[2];
// 検証
//JWT_RS256_Param jwtRS256 = new JWT_RS256_Param(
// RS256_KeyConverter.XmlToProvider(this.txtJWTKey.Text).ExportParameters(false));
JWT_RS256_Param jwtRS256 = new JWT_RS256_Param(
RS256_KeyConverter.JwkToProvider(this.txtJWTJWK.Text).ExportParameters(false));
ret = jwtRS256.Verify(newJWT);
}
else
{
// RS256 (X509)
// 入力
string[] temp = this.txtJWTSign.Text.Split('.');
// 改変可能なフィールドから入力
string newJWT =
CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8))
+ "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8))
+ "." + temp[2];
// 検証
JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_cer, "");
ret = jwtRS256.Verify(newJWT);
}
if (ret)
{
MessageBox.Show("検証成功");
}
else
{
MessageBox.Show("検証失敗");
}
}
/// <summary>JWT生成</summary>
private void btnJWTSign_Click(object sender, EventArgs e)
{
if (rbnJWTHS256.Checked)
{
// HS256
string password = GetPassword.Generate(20, 10);
JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(password, CustomEncode.UTF_8));
// 生成
string jwt = jwtHS256.Create(this.txtJWTPayload.Text);
// 出力
this.txtJWTKey.Text = password;
this.txtJWTJWK.Text = jwtHS256.JWK;
this.txtJWTSign.Text = jwt;
// 改竄可能なフィールドに出力
string[] temp = jwt.Split('.');
this.txtJWTHeader.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8);
this.txtJWTPayload.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8);
}
else if (rbnJWTRS256_XML.Checked)
{
// RS256 (XML)
JWT_RS256_XML jwtRS256 = new JWT_RS256_XML();
// 生成
string jwt = jwtRS256.Create(this.txtJWTPayload.Text);
// 出力
this.txtJWTKey.Text = jwtRS256.XMLPublicKey;
this.txtJWTJWK.Text =
RS256_KeyConverter.ParamToJwkPublicKey(
RS256_KeyConverter.XmlToProvider(jwtRS256.XMLPublicKey).ExportParameters(false));
this.txtJWTSign.Text = jwt;
// 改竄可能なフィールドに出力
string[] temp = jwt.Split('.');
this.txtJWTHeader.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8);
this.txtJWTPayload.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8);
}
else if (rbnJWTRS256_Param.Checked)
{
// RS256 (Param)
JWT_RS256_Param jwtRS256 = new JWT_RS256_Param();
// 生成
string jwt = jwtRS256.Create(this.txtJWTPayload.Text);
// 出力
this.txtJWTKey.Text = RS256_KeyConverter.ParamToXmlPublicKey(jwtRS256.RsaPublicParameters);
this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey(jwtRS256.RsaPublicParameters);
this.txtJWTSign.Text = jwt;
// 改竄可能なフィールドに出力
string[] temp = jwt.Split('.');
this.txtJWTHeader.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8);
this.txtJWTPayload.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8);
}
else
{
// RS256 (X509)
JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_pfx, this.CertificateFilePassword,
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
// 生成
string jwt = jwtRS256.Create(this.txtJWTPayload.Text);
// 出力
this.txtJWTKey.Text = jwtRS256.DigitalSignX509.X509PublicKey;
this.txtJWTJWK.Text =
RS256_KeyConverter.ParamToJwkPublicKey(
RS256_KeyConverter.X509CerToProvider(
this.CertificateFilePath_cer).ExportParameters(false));
this.txtJWTSign.Text = jwt;
// 改竄可能なフィールドに出力
string[] temp = jwt.Split('.');
this.txtJWTHeader.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8);
this.txtJWTPayload.Text = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8);
}
}
