Beispiel #1
0
        /// <summary>
        /// Prepares data before calling <see cref="IJwtValidator.Validate(string,string,string[])" />
        /// </summary>
        /// <param name="jwt">The JWT parts</param>
        /// <param name="keys">The keys provided which one of them was used to sign the JWT</param>
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        public void Validate(JwtParts jwt, IReadOnlyCollection <byte[]> keys)
        {
            if (jwt is null)
            {
                throw new ArgumentNullException(nameof(jwt));
            }
            if (keys is null)
            {
                throw new ArgumentNullException(nameof(keys));
            }
            if (keys.Count == 0 || !AllKeysHaveValues(keys))
            {
                throw new ArgumentOutOfRangeException(nameof(keys));
            }

            var crypto        = _urlEncoder.Decode(jwt.Signature);
            var decodedCrypto = Convert.ToBase64String(crypto);

            var headerJson = GetString(_urlEncoder.Decode(jwt.Header));
            var headerData = _jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson);

            var payload     = jwt.Payload;
            var payloadJson = GetString(_urlEncoder.Decode(payload));

            var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", payload));

            var algName = (string)headerData["alg"];
            var alg     = _algFactory.Create(algName);

            var decodedSignatures = keys.Select(key => alg.Sign(key, bytesToSign))
                                    .Select(sd => Convert.ToBase64String(sd))
                                    .ToArray();

            _jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignatures);
        }
Beispiel #2
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        public string Decode(string token)
        {
            var payload = new JwtParts(token).Payload;
            var decoded = _urlEncoder.Decode(payload);

            return(GetString(decoded));
        }
Beispiel #3
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        public string Decode(string token, byte[][] keys, bool verify)
        {
            if (IsNullOrWhiteSpace(token))
            {
                throw new ArgumentException(nameof(token));
            }
            if (!AllKeysHaveValues(keys))
            {
                throw new ArgumentOutOfRangeException(nameof(keys));
            }

            var jwt = new JwtParts(token);

            if (verify)
            {
                if (_jwtValidator is null || _algFactory is null)
                {
                    throw new InvalidOperationException("This instance was constructed without validator and algorithm so cannot be used for signature validation");
                }

                Validate(jwt, keys);
            }

            return(Decode(jwt));
        }
Beispiel #4
0
        /// <summary>
        /// Prepares data before calling <see cref="IJwtValidator.Validate(string,string,string)" />
        /// </summary>
        /// <param name="jwt">The JWT parts</param>
        /// <param name="key">The key that was used to sign the JWT</param>
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        public void Validate(JwtParts jwt, byte[] key)
        {
            if (jwt is null)
            {
                throw new ArgumentNullException(nameof(jwt));
            }
            if (key is null)
            {
                throw new ArgumentNullException(nameof(key));
            }
            if (key.Length == 0)
            {
                throw new ArgumentOutOfRangeException(nameof(key));
            }

            var crypto        = _urlEncoder.Decode(jwt.Signature);
            var decodedCrypto = Convert.ToBase64String(crypto);

            var headerJson = GetString(_urlEncoder.Decode(jwt.Header));
            var headerData = _jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson);

            var payload     = jwt.Payload;
            var payloadJson = GetString(_urlEncoder.Decode(payload));

            var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", payload));

            var algName = (string)headerData["alg"];
            var alg     = _algFactory.Create(algName);

            var signatureData    = alg.Sign(key, bytesToSign);
            var decodedSignature = Convert.ToBase64String(signatureData);

            _jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
        }
Beispiel #5
0
        /// <summary>
        /// Prepares data before calling <see cref="IJwtValidator" />
        /// </summary>
        /// <param name="jwt">The JWT parts</param>
        /// <param name="keys">The keys provided which one of them was used to sign the JWT</param>
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        /// <exception cref="SignatureVerificationException" />
        /// <exception cref="TokenExpiredException" />
        public void Validate(JwtParts jwt, params byte[][] keys)
        {
            if (jwt is null)
            {
                throw new ArgumentNullException(nameof(jwt));
            }
            if (!AllKeysHaveValues(keys))
            {
                throw new ArgumentOutOfRangeException(nameof(keys));
            }

            var decodedPayload   = GetString(_urlEncoder.Decode(jwt.Payload));
            var decodedSignature = _urlEncoder.Decode(jwt.Signature);

            var header = DecodeHeader <JwtHeader>(jwt);
            var alg    = _algFactory.Create(JwtDecoderContext.Create(header, decodedPayload, jwt));

            var bytesToSign = GetBytes(jwt.Header, (byte)'.', jwt.Payload);

            if (alg is IAsymmetricAlgorithm asymmAlg)
            {
                _jwtValidator.Validate(decodedPayload, asymmAlg, bytesToSign, decodedSignature);
            }
            else
            {
                // the signature on the token, with the leading =
                var rawSignature = Convert.ToBase64String(decodedSignature);

                // the signatures re-created by the algorithm, with the leading =
                var recreatedSignatures = keys.Select(key => Convert.ToBase64String(alg.Sign(key, bytesToSign)))
                                          .ToArray();

                _jwtValidator.Validate(decodedPayload, rawSignature, recreatedSignatures);
            }
        }
Beispiel #6
0
        /// <inheritdoc />
        /// <exception cref="ArgumentNullException" />
        public string Decode(JwtParts jwt)
        {
            if (jwt is null)
            {
                throw new ArgumentNullException(nameof(jwt));
            }

            var decoded = _urlEncoder.Decode(jwt.Payload);

            return(GetString(decoded));
        }
Beispiel #7
0
        /// <inheritdoc />
        /// <exception cref="ArgumentNullException" />
        public T DecodeHeader <T>(JwtParts jwt)
        {
            if (jwt is null)
            {
                throw new ArgumentNullException(nameof(jwt));
            }

            var decodedHeader = _urlEncoder.Decode(jwt.Header);
            var stringHeader  = GetString(decodedHeader);

            return(_jsonSerializer.Deserialize <T>(stringHeader));
        }
Beispiel #8
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        public string DecodeHeader(string token)
        {
            if (String.IsNullOrEmpty(token))
            {
                throw new ArgumentException(nameof(token));
            }

            var header  = new JwtParts(token).Header;
            var decoded = _urlEncoder.Decode(header);

            return(GetString(decoded));
        }
Beispiel #9
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        /// <exception cref="SignatureVerificationException" />
        /// <exception cref="TokenExpiredException" />
        public string Decode(JwtParts jwt, byte[][] keys, bool verify)
        {
            if (jwt is null)
            {
                throw new ArgumentNullException(nameof(jwt));
            }

            if (verify)
            {
                if (_jwtValidator is null || _algFactory is null)
                {
                    throw new InvalidOperationException("This instance was constructed without validator and algorithm so cannot be used for signature validation");
                }

                Validate(jwt, keys);
            }
            return(Decode(jwt));
        }
Beispiel #10
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        public string Decode(string token, byte[][] keys, bool verify)
        {
            if (String.IsNullOrWhiteSpace(token))
            {
                throw new ArgumentException(nameof(token));
            }
            if (keys is null)
            {
                throw new ArgumentNullException(nameof(keys));
            }
            if (keys.Length == 0 || !AllKeysHaveValues(keys))
            {
                throw new ArgumentOutOfRangeException(nameof(keys));
            }

            var jwt = new JwtParts(token);

            if (verify)
            {
                Validate(jwt, keys);
            }

            return(Decode(jwt));
        }
Beispiel #11
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        public string Decode(JwtParts jwt)
        {
            var decoded = _urlEncoder.Decode(jwt.Payload);

            return(GetString(decoded));
        }
Beispiel #12
0
 /// <summary>
 /// Given a JWT, decodes it and return the payload.
 /// </summary>
 /// <param name="decoder">The decoder instance</param>
 /// <param name="jwt">The JWT</param>
 /// <returns>A string containing the JSON payload</returns>
 public static string Decode(this IJwtDecoder decoder, JwtParts jwt) =>
 decoder.Decode(jwt, (byte[])null, verify: false);
Beispiel #13
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        /// <exception cref="SignatureVerificationException" />
        /// <exception cref="TokenExpiredException" />
        public T DecodeToObject <T>(JwtParts jwt, byte[][] keys, bool verify)
        {
            var payload = Decode(jwt, keys, verify);

            return(_jsonSerializer.Deserialize <T>(payload));
        }
Beispiel #14
0
        /// <inheritdoc />
        /// <exception cref="ArgumentException" />
        /// <exception cref="ArgumentNullException" />
        /// <exception cref="ArgumentOutOfRangeException" />
        /// <exception cref="FormatException" />
        public T DecodeToObject <T>(JwtParts jwt)
        {
            var payload = Decode(jwt);

            return(_jsonSerializer.Deserialize <T>(payload));
        }
Beispiel #15
0
 public static JwtDecoderContext Create(JwtHeader header, string decodedPayload, JwtParts jwt) =>
 new JwtDecoderContext
 {
     Token   = jwt,
     Header  = header,
     Payload = decodedPayload
 };