/// <summary>
/// Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtHeader" /> class. With the Header Parameters as follows:
/// <para>{ { typ, JWT }, { alg, Mapped( <see cref="P:System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm" /> } }
/// See: Algorithm Mapping below.</para>
/// </summary>
/// <param name="signingCredentials">The <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials" /> that will be or were used to sign the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken" />.</param>
/// <remarks>
/// <para>For each <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause" /> in signingCredentials.SigningKeyIdentifier</para>
/// <para>if the clause is a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause" /> Header Parameter { clause.Name, clause.Id } will be added.</para>
/// <para>For example, if clause.Name == 'kid' and clause.Id == 'SecretKey99'. The JSON object { kid, SecretKey99 } would be added.</para>
/// <para>In addition, if the <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials" /> is a <see cref="T:System.IdentityModel.Tokens.X509SigningCredentials" /> the JSON object { x5t, Base64UrlEncoded( <see cref="M:System.Security.Cryptography.X509Certificates.X509Certificate.GetCertHashString" /> } will be added.</para>
/// <para>This simplifies the common case where a X509Certificate is used.</para>
/// <para>================= </para>
/// <para>Algorithm Mapping</para>
/// <para>================= </para>
/// <para><see cref="P:System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm" /> describes the algorithm that is discoverable by the CLR runtime.</para>
/// <para>The { alg, 'value' } placed in the header reflects the JWT specification.</para>
/// <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundAlgorithmMap" /> contains a signature mapping where the 'value' above will be translated according to this mapping.
/// <para>Current mapping is:</para>
/// <para> 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' => 'RS256'</para>
/// <para> 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' => 'HS256'</para>
/// </remarks>
public JwtHeader(SigningCredentials signingCredentials = null)
: base((IEqualityComparer <string>)StringComparer.Ordinal)
{
this["typ"] = (object)"JWT";
if (signingCredentials != null)
{
this.SigningCredentials = signingCredentials;
string index = signingCredentials.SignatureAlgorithm;
if (JwtSecurityTokenHandler.OutboundAlgorithmMap.ContainsKey(signingCredentials.SignatureAlgorithm))
{
index = JwtSecurityTokenHandler.OutboundAlgorithmMap[index];
}
this["alg"] = (object)index;
if (signingCredentials.SigningKeyIdentifier != null)
{
foreach (SecurityKeyIdentifierClause identifierClause1 in signingCredentials.SigningKeyIdentifier)
{
NamedKeySecurityKeyIdentifierClause identifierClause2 = identifierClause1 as NamedKeySecurityKeyIdentifierClause;
if (identifierClause2 != null)
{
this[identifierClause2.Name] = (object)identifierClause2.Id;
}
}
}
X509SigningCredentials signingCredentials1 = signingCredentials as X509SigningCredentials;
if (signingCredentials1 == null || signingCredentials1.Certificate == null)
{
return;
}
this["x5t"] = (object)Base64UrlEncoder.Encode(signingCredentials1.Certificate.GetCertHash());
}
else
{
this["alg"] = (object)"none";
}
}
/// <summary>Encodes this instance as Base64UrlEncoded JSON.</summary>
/// <returns>Base64UrlEncoded JSON.</returns>
/// <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer" /> to customize JSON serialization.</remarks>
public virtual string Base64UrlEncode()
{
return(Base64UrlEncoder.Encode(this.SerializeToJson()));
}
