Beispiel #1
0
        /// <summary>
        /// Parses the UTF-8 <paramref name="buffer"/> as JSON and returns a <see cref="JwtPayload"/>.
        /// </summary>
        /// <param name="buffer"></param>
        /// <param name="policy"></param>
        public static JwtPayload ParsePayload(ReadOnlySpan <byte> buffer, TokenValidationPolicy policy)
        {
            Utf8JsonReader reader = new Utf8JsonReader(buffer, isFinalBlock: true, state: default);

            if (!reader.Read() || reader.TokenType != JsonTokenType.StartObject)
            {
                ThrowHelper.ThrowFormatException_MalformedJson();
            }

            var  payload = new JwtPayload();
            byte control = policy.ValidationControl;

            while (reader.Read() && reader.TokenType is JsonTokenType.PropertyName)
            {
                var name = reader.ValueSpan /* reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan */;
                reader.Read();
                var type = reader.TokenType;
                if (name.Length == 3)
                {
                    uint nameValue = IntegerMarshal.ReadUInt24(name);
                    switch (nameValue)
                    {
                    case Aud:
                        if (type == JsonTokenType.String)
                        {
                            if (policy.RequireAudience)
                            {
                                var audiencesBinary = policy.RequiredAudiencesBinary;
                                var audiences       = policy.RequiredAudiences;
                                for (int i = 0; i < audiencesBinary.Length; i++)
                                {
                                    if (reader.ValueTextEquals(audiencesBinary[i]))
                                    {
                                        payload.Aud = new[] { audiences[i] };
                                        control    &= unchecked ((byte)~TokenValidationPolicy.AudienceFlag);
                                        break;
                                    }
                                }

                                control &= unchecked ((byte)~JwtPayload.MissingAudienceFlag);
                            }
                            else
                            {
                                payload.Aud = new[] { reader.GetString() };
                            }
                        }
                        else if (type == JsonTokenType.StartArray)
                        {
                            if (policy.RequireAudience)
                            {
                                var audiences = new List <string>();
                                while (reader.Read() && reader.TokenType == JsonTokenType.String)
                                {
                                    var requiredAudiences = policy.RequiredAudiencesBinary;
                                    for (int i = 0; i < requiredAudiences.Length; i++)
                                    {
                                        if (reader.ValueTextEquals(requiredAudiences[i]))
                                        {
                                            control &= unchecked ((byte)~TokenValidationPolicy.AudienceFlag);
                                            break;
                                        }
                                    }

                                    audiences.Add(reader.GetString());
                                    control &= unchecked ((byte)~JwtPayload.MissingAudienceFlag);
                                }

                                if (reader.TokenType != JsonTokenType.EndArray)
                                {
                                    ThrowHelper.ThrowFormatException_MalformedJson("The 'aud' claim must be an array of string or a string.");
                                }

                                payload.Aud = audiences.ToArray();
                            }
                            else
                            {
                                payload.Aud = JsonParser.ReadStringArray(ref reader);
                            }
                        }
                        else
                        {
                            ThrowHelper.ThrowFormatException_MalformedJson("The 'aud' claim must be an array of string or a string.");
                        }

                        continue;

                    case Iss:
                        if (policy.RequireIssuer)
                        {
                            if (reader.ValueTextEquals(policy.RequiredIssuerBinary))
                            {
                                payload.Iss = policy.RequiredIssuer;
                                control    &= unchecked ((byte)~TokenValidationPolicy.IssuerFlag);
                            }
                            else
                            {
                                control &= unchecked ((byte)~JwtPayload.MissingIssuerFlag);
                            }
                        }
                        else
                        {
                            payload.Iss = reader.GetString();
                        }

                        continue;

                    case Exp:
                        if (!reader.TryGetInt64(out long longValue))
                        {
                            ThrowHelper.ThrowFormatException_MalformedJson("The claim 'exp' must be an integral number.");
                        }

                        if (policy.RequireExpirationTime)
                        {
                            control &= unchecked ((byte)~JwtPayload.MissingExpirationFlag);
                        }

                        if (longValue >= EpochTime.UtcNow - policy.ClockSkew)
                        {
                            control &= unchecked ((byte)~JwtPayload.ExpiredFlag);
                        }

                        payload.Exp = longValue;
                        continue;

                    case Iat:
                        if (!reader.TryGetInt64(out longValue))
                        {
                            ThrowHelper.ThrowFormatException_MalformedJson("The claim 'iat' must be an integral number.");
                        }

                        payload.Iat = longValue;
                        continue;

                    case Nbf:
                        if (!reader.TryGetInt64(out longValue))
                        {
                            ThrowHelper.ThrowFormatException_MalformedJson("The claim 'nbf' must be an integral number.");
                        }

                        // the 'nbf' claim is not common. The 2nd call to EpochTime.UtcNow should be rare.
                        if (longValue <= EpochTime.UtcNow + policy.ClockSkew)
                        {
                            control &= unchecked ((byte)~JwtPayload.NotYetFlag);
                        }

                        payload.Nbf = longValue;
                        continue;

                    case Jti:
                        payload.Jti = reader.GetString();
                        continue;

                    case Sub:
                        payload.Sub = reader.GetString();
                        continue;
                    }
                }

                switch (type)
                {
                case JsonTokenType.StartObject:
                    payload.Inner.Add(name, JsonParser.ReadJsonObject(ref reader));
                    break;

                case JsonTokenType.StartArray:
                    payload.Inner.Add(name, JsonParser.ReadJsonArray(ref reader));
                    break;

                case JsonTokenType.String:
                    payload.Inner.Add(name, reader.GetString());
                    break;

                case JsonTokenType.True:
                    payload.Inner.Add(name, true);
                    break;

                case JsonTokenType.False:
                    payload.Inner.Add(name, false);
                    break;

                case JsonTokenType.Null:
                    payload.Inner.Add(name);
                    break;

                case JsonTokenType.Number:
                    long longValue;

                    if (reader.TryGetInt64(out longValue))
                    {
                        payload.Inner.Add(name, longValue);
                    }
                    else
                    {
                        payload.Inner.Add(name, reader.GetDouble());
                    }
                    break;

                default:
                    ThrowHelper.ThrowFormatException_MalformedJson();
                    break;
                }
            }

            if (!(reader.TokenType is JsonTokenType.EndObject))
            {
                ThrowHelper.ThrowFormatException_MalformedJson();
            }

            payload.ValidationControl = control;

            return(payload);
        }
Beispiel #2
0
        /// <summary>
        /// Parses the UTF-8 <paramref name="buffer"/> as JSON and returns a <see cref="JwtHeader"/>.
        /// </summary>
        /// <param name="buffer"></param>
        /// <param name="policy"></param>
        public static JwtHeader ParseHeader(ReadOnlySpan <byte> buffer, TokenValidationPolicy policy)
        {
            Utf8JsonReader reader = new Utf8JsonReader(buffer, isFinalBlock: true, state: default);

            if (!reader.Read() || reader.TokenType != JsonTokenType.StartObject)
            {
                ThrowHelper.ThrowFormatException_MalformedJson();
            }

            var header = new JwtHeader();

            while (reader.Read())
            {
                if (!(reader.TokenType is JsonTokenType.PropertyName))
                {
                    break;
                }

                var name = reader.ValueSpan /* reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan */;
                reader.Read();
                var type = reader.TokenType;


                if (name.Length == 3)
                {
                    if (reader.TokenType == JsonTokenType.String)
                    {
                        var refName = IntegerMarshal.ReadUInt24(name);
                        switch (refName)
                        {
                        case Alg:
                            var alg = reader.ValueSpan /* reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan */;
                            if (SignatureAlgorithm.TryParse(alg, out var signatureAlgorithm))
                            {
                                header.SignatureAlgorithm = signatureAlgorithm;
                            }
                            else if (KeyManagementAlgorithm.TryParse(alg, out var keyManagementAlgorithm))
                            {
                                header.KeyManagementAlgorithm = keyManagementAlgorithm;
                            }
                            else if (SignatureAlgorithm.TryParseSlow(ref reader, out signatureAlgorithm))
                            {
                                header.SignatureAlgorithm = signatureAlgorithm;
                            }
                            else if (KeyManagementAlgorithm.TryParseSlow(ref reader, out keyManagementAlgorithm))
                            {
                                header.KeyManagementAlgorithm = keyManagementAlgorithm;
                            }
                            else
                            {
                                header.SignatureAlgorithm = SignatureAlgorithm.Create(reader.GetString());
                            }

                            continue;

                        case Enc:
                            var enc = reader.ValueSpan /* reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan */;
                            if (EncryptionAlgorithm.TryParse(enc, out var encryptionAlgorithm))
                            {
                                header.EncryptionAlgorithm = encryptionAlgorithm;
                            }
                            else if (EncryptionAlgorithm.TryParseSlow(ref reader, out encryptionAlgorithm))
                            {
                                header.EncryptionAlgorithm = encryptionAlgorithm;
                            }
                            else
                            {
                                header.EncryptionAlgorithm = EncryptionAlgorithm.Create(reader.GetString());
                            }

                            continue;

                        case Zip:
                            var zip = reader.ValueSpan /* reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan */;
                            if (CompressionAlgorithm.TryParse(zip, out var compressionAlgorithm))
                            {
                                header.CompressionAlgorithm = compressionAlgorithm;
                            }
                            else if (CompressionAlgorithm.TryParseSlow(ref reader, out compressionAlgorithm))
                            {
                                header.CompressionAlgorithm = compressionAlgorithm;
                            }
                            else
                            {
                                header.CompressionAlgorithm = CompressionAlgorithm.Create(reader.GetString());
                            }

                            continue;

                        case Cty:
                            header.Cty = reader.GetString();
                            continue;

                        case Typ:
                            header.Typ = reader.GetString();
                            continue;

                        case Kid:
                            header.Kid = reader.GetString();
                            continue;
                        }
                    }
                }
                else if (name.Length == 4)
                {
                    if (reader.TokenType == JsonTokenType.StartArray && IntegerMarshal.ReadUInt32(name) == Crit)
                    {
                        var handlers = policy.CriticalHandlers;
                        if (handlers.Count != 0)
                        {
                            var criticalHeaderHandlers = new List <KeyValuePair <string, ICriticalHeaderHandler> >(handlers.Count);
                            var criticals = new List <JwtValue>();
                            while (reader.Read() && reader.TokenType == JsonTokenType.String)
                            {
                                string criticalHeader = reader.GetString();
                                criticals.Add(new JwtValue(criticalHeader));
                                if (handlers.TryGetValue(criticalHeader, out var handler))
                                {
                                    criticalHeaderHandlers.Add(new KeyValuePair <string, ICriticalHeaderHandler>(criticalHeader, handler));
                                }
                                else
                                {
                                    criticalHeaderHandlers.Add(new KeyValuePair <string, ICriticalHeaderHandler>(criticalHeader, null !));
                                }
                            }

                            header.CriticalHeaderHandlers = criticalHeaderHandlers;

                            if (reader.TokenType != JsonTokenType.EndArray)
                            {
                                ThrowHelper.ThrowFormatException_MalformedJson("The 'crit' header parameter must be an array of string.");
                            }

                            header.Inner.Add(name, new JwtArray(criticals));
                        }
                        else
                        {
                            var criticals = new List <JwtValue>();
                            while (reader.Read() && reader.TokenType == JsonTokenType.String)
                            {
                                string criticalHeader = reader.GetString();
                                criticals.Add(new JwtValue(criticalHeader));
                            }

                            if (reader.TokenType != JsonTokenType.EndArray)
                            {
                                ThrowHelper.ThrowFormatException_MalformedJson("The 'crit' header parameter must be an array of string.");
                            }

                            header.Inner.Add(name, new JwtArray(criticals));
                        }

                        continue;
                    }
                }


                switch (type)
                {
                case JsonTokenType.StartObject:
                    header.Inner.Add(name, JsonParser.ReadJsonObject(ref reader));
                    break;

                case JsonTokenType.StartArray:
                    header.Inner.Add(name, JsonParser.ReadJsonArray(ref reader));
                    break;

                case JsonTokenType.String:
                    header.Inner.Add(name, reader.GetString());
                    break;

                case JsonTokenType.True:
                    header.Inner.Add(name, true);
                    break;

                case JsonTokenType.False:
                    header.Inner.Add(name, false);
                    break;

                case JsonTokenType.Null:
                    header.Inner.Add(name);
                    break;

                case JsonTokenType.Number:
                    if (reader.TryGetInt64(out long longValue))
                    {
                        header.Inner.Add(name, longValue);
                    }
                    else
                    {
                        header.Inner.Add(name, reader.GetDouble());
                    }
                    break;

                default:
                    ThrowHelper.ThrowFormatException_MalformedJson();
                    break;
                }
            }

            if (!(reader.TokenType is JsonTokenType.EndObject))
            {
                ThrowHelper.ThrowFormatException_MalformedJson();
            }

            return(header);
        }
Beispiel #3
0
        public static Address FromJson(ReadOnlySpan <byte> json)
        {
            Utf8JsonReader reader = new Utf8JsonReader(json, true, default);

            var address = new Address();

            while (reader.Read())
            {
                switch (reader.TokenType)
                {
                case JsonTokenType.EndObject:
                    return(address);

                case JsonTokenType.PropertyName:
                    var propertyName = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan;

                    reader.Read();
                    switch (reader.TokenType)
                    {
                    case JsonTokenType.String:
                        if (propertyName.SequenceEqual(OAuth2Claims.Formatted.EncodedUtf8Bytes))
                        {
                            address.Formatted = reader.GetString();
                        }
                        else if (propertyName.SequenceEqual(OAuth2Claims.StreetAddress.EncodedUtf8Bytes))
                        {
                            address.StreetAddress = reader.GetString();
                        }
                        else if (propertyName.SequenceEqual(OAuth2Claims.Locality.EncodedUtf8Bytes))
                        {
                            address.Locality = reader.GetString();
                        }
                        else if (propertyName.SequenceEqual(OAuth2Claims.Region.EncodedUtf8Bytes))
                        {
                            address.Region = reader.GetString();
                        }
                        else if (propertyName.SequenceEqual(OAuth2Claims.PostalCode.EncodedUtf8Bytes))
                        {
                            address.PostalCode = reader.GetString();
                        }
                        else if (propertyName.SequenceEqual(OAuth2Claims.Country.EncodedUtf8Bytes))
                        {
                            address.Country = reader.GetString();
                        }
                        break;

                    case JsonTokenType.StartArray:
                        JsonParser.ConsumeJsonArray(ref reader);
                        break;

                    case JsonTokenType.StartObject:
                        JsonParser.ConsumeJsonObject(ref reader);
                        break;
                    }
                    break;

                default:
                    ThrowHelper.ThrowFormatException_MalformedJson();
                    break;
                }
            }

            ThrowHelper.ThrowFormatException_MalformedJson();
            return(null);
        }