/// <summary>CreateJwtBearerTokenFlowAssertion</summary> /// <param name="iss">client_id</param> /// <param name="aud">Token2 EndPointのuri</param> /// <param name="forExp">DateTimeOffset</param> /// <param name="scopes">scopes</param> /// <param name="xmlPrivateKey">RS256用のXML秘密鍵</param> /// <returns>JwtAssertion</returns> public static string CreateJwtBearerTokenFlowAssertion( string iss, string aud, TimeSpan forExp, string scopes, string xmlPrivateKey) { string json = ""; string jwt = ""; #region ClaimSetの生成 Dictionary <string, object> jwtAssertionClaimSet = new Dictionary <string, object>(); jwtAssertionClaimSet.Add("iss", iss); // client_id jwtAssertionClaimSet.Add("aud", aud); // Token2 EndPointのuri。 #if NET45 jwtAssertionClaimSet.Add("exp", PubCmnFunction.ToUnixTime(DateTimeOffset.Now.Add(forExp)).ToString()); jwtAssertionClaimSet.Add("iat", PubCmnFunction.ToUnixTime(DateTimeOffset.Now).ToString()); #else jwtAssertionClaimSet.Add("exp", (DateTimeOffset.Now.Add(forExp)).ToUnixTimeSeconds().ToString()); jwtAssertionClaimSet.Add("iat", DateTimeOffset.Now.ToUnixTimeSeconds().ToString()); #endif jwtAssertionClaimSet.Add("jti", Guid.NewGuid().ToString("N")); jwtAssertionClaimSet.Add("scope", scopes); // scopes json = JsonConvert.SerializeObject(jwtAssertionClaimSet); #endregion #region JWT化 JWT_RS256_XML jwtRS256 = null; // 署名 jwtRS256 = new JWT_RS256_XML(xmlPrivateKey); jwt = jwtRS256.Create(json); // 検証 jwtRS256 = new JWT_RS256_XML(xmlPrivateKey); if (jwtRS256.Verify(jwt)) { return(jwt); // 検証できた。 } else { return(""); // 検証できなかった。 } #endregion }
/// <summary>VerifyJwtBearerTokenFlowAssertion</summary> /// <param name="jwtAssertion">string</param> /// <param name="iss">client_id</param> /// <param name="aud">Token2 EndPointのuri</param> /// <param name="scopes">scopes</param> /// <param name="jobj">JObject</param> /// <param name="xmlPublicKey">RS256用のXML公開鍵</param> /// <returns>検証結果</returns> public static bool VerifyJwtBearerTokenFlowAssertion(string jwtAssertion, out string iss, out string aud, out string scopes, out JObject jobj, string xmlPublicKey) { iss = ""; aud = ""; scopes = ""; jobj = null; JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(xmlPublicKey); if (jwtRS256.Verify(jwtAssertion)) { Base64UrlTextEncoder base64UrlEncoder = new Base64UrlTextEncoder(); string jwtPayload = Encoding.UTF8.GetString(base64UrlEncoder.Decode(jwtAssertion.Split('.')[1])); jobj = ((JObject)JsonConvert.DeserializeObject(jwtPayload)); iss = (string)jobj["iss"]; aud = (string)jobj["aud"]; //string iat = (string)jobj["iat"]; scopes = (string)jobj["scope"]; long unixTimeSeconds = 0; #if NET45 unixTimeSeconds = PubCmnFunction.ToUnixTime(DateTimeOffset.Now); #else unixTimeSeconds = DateTimeOffset.Now.ToUnixTimeSeconds(); #endif string exp = (string)jobj["exp"]; if (long.Parse(exp) >= unixTimeSeconds) { return(true); } else { // JWTの内容検証に失敗 } } else { // JWTの署名検証に失敗 } // 認証に失敗 return(false); }
static void Main(string[] args) { string iss = GetConfigParameter.GetConfigValue("iss"); string aud = GetConfigParameter.GetConfigValue("aud"); string scopes = "hoge1 hoge2 hoge3"; JObject jobj = null; JWT_RS256_XML jwt_RS256 = new JWT_RS256_XML(); Console.WriteLine("PrivateKey:"); Console.WriteLine(CustomEncode.ToBase64String( CustomEncode.StringToByte(jwt_RS256.XMLPrivateKey, CustomEncode.us_ascii))); Console.WriteLine(""); Console.WriteLine("PublicKey:"); Console.WriteLine(CustomEncode.ToBase64String( CustomEncode.StringToByte(jwt_RS256.XMLPublicKey, CustomEncode.us_ascii))); Console.WriteLine(""); string jwtAssertion = JwtAssertion.CreateJwtBearerTokenFlowAssertion( GetConfigParameter.GetConfigValue("iss"), GetConfigParameter.GetConfigValue("aud"), new System.TimeSpan(0, 30, 0), scopes, jwt_RS256.XMLPrivateKey); if (JwtAssertion.VerifyJwtBearerTokenFlowAssertion( jwtAssertion, out iss, out aud, out scopes, out jobj, jwt_RS256.XMLPublicKey)) { if (iss == GetConfigParameter.GetConfigValue("iss") && aud == GetConfigParameter.GetConfigValue("aud")) { Console.WriteLine("JwtAssertion:"); Console.WriteLine(jwtAssertion); Console.WriteLine(""); Console.ReadLine(); return; } } Console.WriteLine("Error"); Console.ReadLine(); }
/// <summary>JWT検証</summary> private void btnJWTVerify_Click(object sender, EventArgs e) { bool ret = false; if (rbnJWTHS256.Checked) { // HS256 // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 //JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(this.txtJWTKey.Text, CustomEncode.UTF_8)); JWT_HS256 jwtHS256 = new JWT_HS256(this.txtJWTJWK.Text); ret = jwtHS256.Verify(newJWT); } else if (rbnJWTRS256_XML.Checked) { // RS256 (XML) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(this.txtJWTKey.Text); ret = jwtRS256.Verify(newJWT); } else if (rbnJWTRS256_Param.Checked) { // RS256 (Param) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 //JWT_RS256_Param jwtRS256 = new JWT_RS256_Param( // RS256_KeyConverter.XmlToProvider(this.txtJWTKey.Text).ExportParameters(false)); JWT_RS256_Param jwtRS256 = new JWT_RS256_Param( RS256_KeyConverter.JwkToProvider(this.txtJWTJWK.Text).ExportParameters(false)); ret = jwtRS256.Verify(newJWT); } else { // RS256 (X509) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_cer, ""); ret = jwtRS256.Verify(newJWT); } if (ret) { MessageBox.Show("検証成功"); } else { MessageBox.Show("検証失敗"); } }
/// <summary>JWT生成</summary> private void btnJWTSign_Click(object sender, EventArgs e) { if (rbnJWTHS256.Checked) { // HS256 string password = GetPassword.Generate(20, 10); JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(password, CustomEncode.UTF_8)); // 生成 string jwt = jwtHS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = password; this.txtJWTJWK.Text = jwtHS256.JWK; this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else if (rbnJWTRS256_XML.Checked) { // RS256 (XML) JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = jwtRS256.XMLPublicKey; this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey( RS256_KeyConverter.XmlToProvider(jwtRS256.XMLPublicKey).ExportParameters(false)); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else if (rbnJWTRS256_Param.Checked) { // RS256 (Param) JWT_RS256_Param jwtRS256 = new JWT_RS256_Param(); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = RS256_KeyConverter.ParamToXmlPublicKey(jwtRS256.RsaPublicParameters); this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey(jwtRS256.RsaPublicParameters); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else { // RS256 (X509) JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_pfx, this.CertificateFilePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = jwtRS256.DigitalSignX509.X509PublicKey; this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey( RS256_KeyConverter.X509CerToProvider( this.CertificateFilePath_cer).ExportParameters(false)); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } }