/// <summary>
/// 解密RS256
/// </summary>
/// <param name="token"></param>
/// <param name="secret"></param>
/// <param name="exponent"></param>
/// <param name="modulus"></param>
/// <returns></returns>
private static IDictionary <string, object> DecodeRs256(string token, string secret, string exponent, string modulus)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
var rS256Algorithm = new RSAlgorithmFactory(() =>
{
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters()
{
Modulus = FromBase64Url(modulus),
Exponent = FromBase64Url(exponent)
});
byte[] rsaBytes = rsa.ExportCspBlob(true);
var cert = new X509Certificate2(rsaBytes);
return(cert);
});
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, rS256Algorithm);
var json = decoder.DecodeToObject(token, secret, verify: false);
return(json);
}
catch (TokenExpiredException ex)
{
throw new InvalidOperationException("token已过期", ex);
}
catch (SignatureVerificationException ex)
{
throw new InvalidOperationException("token验证失败", ex);
}
}
public void Decode_Should_Throw_Exception_When_HMA_Algorithm_Is_Used_But_RSA_Was_Expected()
{
var serializer = new JsonNetSerializer();
var urlEncoder = new JwtBase64UrlEncoder();
var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder);
var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey);
var validTor = new JwtValidator(serializer, new UtcDateTimeProvider());
var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey));
var decoder = new JwtDecoder(serializer, validTor, urlEncoder, algFactory);
Action action = () => decoder.Decode(encodedToken, TestData.ServerRsaPublicKey, verify: true);
Assert.Throws <NotSupportedException>(action);
}
public void Create_Should_Return_Instance_Of_RS512Algorithm_When_Algorithm_Specified_In_Jwt_Header_Is_RS512()
{
var publicKey = _fixture.Create <RSACryptoServiceProvider>();
var factory = new RSAlgorithmFactory(publicKey);
var context = new JwtDecoderContext
{
Header = new JwtHeader
{
Algorithm = JwtAlgorithmName.RS512.ToString()
}
};
var alg = factory.Create(context);
alg.Should()
.BeOfType <RS512Algorithm>("because Create should return an instance of RS384Algorithm when the algorithm name in the header is 'RS256'");
}
public void HMAC_Decoding_When_Expecting_RSA_Should_Fail()
{
var serializer = new JsonNetSerializer();
var urlEncoder = new JwtBase64UrlEncoder();
var HMACencoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder);
var HMACEncodedToken = HMACencoder.Encode(TestData.Customer, TestData.ServerRSAPublicKey);
// RSA Decoder
var validator = new JwtValidator(serializer, new UtcDateTimeProvider());
var RSAFactory = new RSAlgorithmFactory(GetRSAPublicKeyAsCertificate);
var decoder = new JwtDecoder(serializer, validator, urlEncoder, RSAFactory);
Action action = () => decoder.Decode(HMACEncodedToken, TestData.ServerRSAPublicKey, verify: true);
action.ShouldThrow <NotSupportedException>("because HMAC Tokens can be forged in RSA Decoder");
}
public void Decode_Should_Throw_Exception_When_HMA_Algorithm_Is_Used_But_RSA_Was_Expected_MultipleKeys()
{
var serializer = new JsonNetSerializer();
var urlEncoder = new JwtBase64UrlEncoder();
var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder);
var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey1);
var validTor = new JwtValidator(serializer, new UtcDateTimeProvider());
var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey1));
var decoder = new JwtDecoder(serializer, validTor, urlEncoder, algFactory);
Action decodeJwtWithRsaWhenHmaIsExpected =
() => decoder.Decode(encodedToken, TestData.ServerRsaPublicKeys, verify: true);
decodeJwtWithRsaWhenHmaIsExpected.Should()
.Throw <NotSupportedException>("because an encryption algorithm can't be changed another on decoding");
}
public void Decode_Should_Throw_Exception_When_Jwt_Contains_HMA_Algorithm_But_RSA_Was_Expected()
{
var serializer = new JsonNetSerializer();
var urlEncoder = new JwtBase64UrlEncoder();
var encoder = new JwtEncoder(TestData.HMACSHA256Algorithm, serializer, urlEncoder);
var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey1);
const string key = TestData.ServerRsaPublicKey1;
var validator = new JwtValidator(serializer, new UtcDateTimeProvider());
var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey1));
var decoder = new JwtDecoder(serializer, validator, urlEncoder, algFactory);
Action action =
() => decoder.Decode(encodedToken, key, verify: true);
action.Should()
.Throw <NotSupportedException>("because an encryption algorithm can't be changed on decoding");
}
