/// <summary> /// 解密RS256 /// </summary> /// <param name="token"></param> /// <param name="secret"></param> /// <param name="exponent"></param> /// <param name="modulus"></param> /// <returns></returns> private static IDictionary <string, object> DecodeRs256(string token, string secret, string exponent, string modulus) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); var rS256Algorithm = new RSAlgorithmFactory(() => { var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters() { Modulus = FromBase64Url(modulus), Exponent = FromBase64Url(exponent) }); byte[] rsaBytes = rsa.ExportCspBlob(true); var cert = new X509Certificate2(rsaBytes); return(cert); }); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, rS256Algorithm); var json = decoder.DecodeToObject(token, secret, verify: false); return(json); } catch (TokenExpiredException ex) { throw new InvalidOperationException("token已过期", ex); } catch (SignatureVerificationException ex) { throw new InvalidOperationException("token验证失败", ex); } }
public void Decode_Should_Throw_Exception_When_HMA_Algorithm_Is_Used_But_RSA_Was_Expected() { var serializer = new JsonNetSerializer(); var urlEncoder = new JwtBase64UrlEncoder(); var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey); var validTor = new JwtValidator(serializer, new UtcDateTimeProvider()); var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey)); var decoder = new JwtDecoder(serializer, validTor, urlEncoder, algFactory); Action action = () => decoder.Decode(encodedToken, TestData.ServerRsaPublicKey, verify: true); Assert.Throws <NotSupportedException>(action); }
public void Create_Should_Return_Instance_Of_RS512Algorithm_When_Algorithm_Specified_In_Jwt_Header_Is_RS512() { var publicKey = _fixture.Create <RSACryptoServiceProvider>(); var factory = new RSAlgorithmFactory(publicKey); var context = new JwtDecoderContext { Header = new JwtHeader { Algorithm = JwtAlgorithmName.RS512.ToString() } }; var alg = factory.Create(context); alg.Should() .BeOfType <RS512Algorithm>("because Create should return an instance of RS384Algorithm when the algorithm name in the header is 'RS256'"); }
public void HMAC_Decoding_When_Expecting_RSA_Should_Fail() { var serializer = new JsonNetSerializer(); var urlEncoder = new JwtBase64UrlEncoder(); var HMACencoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var HMACEncodedToken = HMACencoder.Encode(TestData.Customer, TestData.ServerRSAPublicKey); // RSA Decoder var validator = new JwtValidator(serializer, new UtcDateTimeProvider()); var RSAFactory = new RSAlgorithmFactory(GetRSAPublicKeyAsCertificate); var decoder = new JwtDecoder(serializer, validator, urlEncoder, RSAFactory); Action action = () => decoder.Decode(HMACEncodedToken, TestData.ServerRSAPublicKey, verify: true); action.ShouldThrow <NotSupportedException>("because HMAC Tokens can be forged in RSA Decoder"); }
public void Decode_Should_Throw_Exception_When_HMA_Algorithm_Is_Used_But_RSA_Was_Expected_MultipleKeys() { var serializer = new JsonNetSerializer(); var urlEncoder = new JwtBase64UrlEncoder(); var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey1); var validTor = new JwtValidator(serializer, new UtcDateTimeProvider()); var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey1)); var decoder = new JwtDecoder(serializer, validTor, urlEncoder, algFactory); Action decodeJwtWithRsaWhenHmaIsExpected = () => decoder.Decode(encodedToken, TestData.ServerRsaPublicKeys, verify: true); decodeJwtWithRsaWhenHmaIsExpected.Should() .Throw <NotSupportedException>("because an encryption algorithm can't be changed another on decoding"); }
public void Decode_Should_Throw_Exception_When_Jwt_Contains_HMA_Algorithm_But_RSA_Was_Expected() { var serializer = new JsonNetSerializer(); var urlEncoder = new JwtBase64UrlEncoder(); var encoder = new JwtEncoder(TestData.HMACSHA256Algorithm, serializer, urlEncoder); var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey1); const string key = TestData.ServerRsaPublicKey1; var validator = new JwtValidator(serializer, new UtcDateTimeProvider()); var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey1)); var decoder = new JwtDecoder(serializer, validator, urlEncoder, algFactory); Action action = () => decoder.Decode(encodedToken, key, verify: true); action.Should() .Throw <NotSupportedException>("because an encryption algorithm can't be changed on decoding"); }