public static JsonWebEncryptedToken Parse(string token, string privateKey)
{
byte[] claimSet = null;
EncryptedPayload payload = null;
try
{
payload = EncryptedPayload.Parse(token);
byte[] masterKey = null;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(privateKey);
masterKey = rsa.Decrypt(payload.EncryptedMasterKey, true);
}
byte[] additionalAuthenticatedData = payload.ToAdditionalAuthenticatedData();
using (AuthenticatedAesCng aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm;
aes.Key = masterKey;
aes.IV = payload.InitializationVector;
aes.AuthenticatedData = additionalAuthenticatedData;
aes.Tag = payload.Tag;
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(),
CryptoStreamMode.Write))
{
byte[] cipherText = payload.CipherText;
cs.Write(cipherText, 0, cipherText.Length);
cs.FlushFinalBlock();
claimSet = ms.ToArray();
}
}
}
}
catch (Exception ex)
{
throw new SecurityException("Invalid Token", ex);
}
var jwt = JsonConvert.DeserializeObject <JsonWebEncryptedToken>(payload.Header);
jwt.AsymmetricKey = privateKey;
jwt.claims = JsonConvert.DeserializeObject
<Dictionary <string, string> >(Encoding.UTF8.GetString(claimSet));
TimeSpan ts = DateTime.UtcNow - epochStart;
if (jwt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds))
{
throw new SecurityException("Token has expired");
}
return(jwt);
}
public override string ToString()
{
string header = JsonConvert.SerializeObject(this);
string claims = JsonConvert.SerializeObject(this.claims);
// Generate a 256 bit random Content Master Key and a 96 bit initialization vector
byte[] masterKey = new byte[32];
byte[] initVector = new byte[12];
using (var provider = new RNGCryptoServiceProvider())
{
provider.GetBytes(masterKey);
provider.GetBytes(initVector);
}
byte[] encryptedMasterKey = null;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(this.AsymmetricKey);
encryptedMasterKey = rsa.Encrypt(masterKey, true); // OAEP Padding
}
var authData = new EncryptedPayload()
{
Header = header,
EncryptedMasterKey = encryptedMasterKey,
InitializationVector = initVector
};
byte[] additionalAuthenticatedData = authData.ToAdditionalAuthenticatedData();
byte[] tag = null;
byte[] cipherText = null;
using (var aes = new AuthenticatedAesCng())
{
aes.CngMode = CngChainingMode.Gcm; // Galois/Counter Mode
aes.Key = masterKey;
aes.IV = initVector;
aes.AuthenticatedData = additionalAuthenticatedData;
using (MemoryStream ms = new MemoryStream())
{
using (IAuthenticatedCryptoTransform encryptor = aes.CreateAuthenticatedEncryptor())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
{
// Encrypt the claims set
byte[] claimsSet = Encoding.UTF8.GetBytes(claims);
cs.Write(claimsSet, 0, claimsSet.Length);
cs.FlushFinalBlock();
tag = encryptor.GetTag();
cipherText = ms.ToArray();
}
}
}
}
var payload = new EncryptedPayload()
{
Header = header,
EncryptedMasterKey = encryptedMasterKey,
InitializationVector = initVector,
CipherText = cipherText,
Tag = tag
};
string token = payload.ToString();
return(token);
}