Beispiel #1
0
        private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null, byte[] payload = null)
        {
            Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");

            var parts = Compact.Iterate(token);

            if (parts.Count == 5) //encrypted JWT
            {
                return(JWE.Decrypt(token, key, expectedJweAlg, expectedJweEnc, settings).PlaintextBytes);
            }
            else
            {
                //signed or plain JWT
                var jwtSettings = GetSettings(settings);

                byte[] header = parts.Next();

                var headerData = jwtSettings.JsonMapper.Parse <IDictionary <string, object> >(Encoding.UTF8.GetString(header));

                bool b64 = true;

                object value;
                if (headerData.TryGetValue("b64", out value))
                {
                    b64 = (bool)value;
                }

                byte[] contentPayload = parts.Next(b64);
                byte[] signature      = parts.Next();

                var effectivePayload = payload ?? contentPayload;

                var algorithm    = (string)headerData["alg"];
                var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
                if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
                {
                    throw new InvalidAlgorithmException(
                              "The algorithm type passed to the Decode method did not match the algorithm type in the header.");
                }

                var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);

                if (jwsAlgorithmImpl == null)
                {
                    throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
                }

                if (!jwsAlgorithmImpl.Verify(signature, securedInput(header, effectivePayload, b64), key))
                {
                    throw new IntegrityException("Invalid signature.");
                }

                return(effectivePayload);
            }
        }
Beispiel #2
0
 /// <summary>
 /// Encodes given binary data to JWT token and applies requested encryption/compression algorithms.
 /// </summary>
 /// <param name="payload">Binary data to encode (not null)</param>
 /// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
 /// <param name="alg">JWT algorithm to be used.</param>
 /// <param name="enc">encryption algorithm to be used.</param>
 /// <param name="compression">optional compression type to use.</param>
 /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
 /// <param name="settings">optional settings to override global DefaultSettings</param>
 /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
 public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
 {
     return(JWE.EncryptBytes(payload, new JweRecipient[] { new JweRecipient(alg, key) }, enc, aad: null, SerializationMode.Compact, compression, extraHeaders, null, settings));
 }