internal static SignedToken <TJwsHeader, TJwsPayload> FromSignedToken(string signedToken)
{
// The first one throws ArgumentNullException and the second one ArgumenException.
// Just calling ThrowIfNullOrEmpty would then be breaking, and there's actually a test
// that breaks.
signedToken.ThrowIfNull(nameof(signedToken));
signedToken.ThrowIfNullOrEmpty(nameof(signedToken));
var parts = signedToken.Split('.');
if (parts.Length != 3)
{
throw new InvalidJwtException($"JWT must consist of Header, Payload, and Signature");
}
var encodedHeader = parts[0];
var encodedPayload = parts[1];
// Decode the three parts of the JWT: header.payload.signature
var headerValue = NewtonsoftJsonSerializer.Instance.Deserialize <TJwsHeader>(TokenEncodingHelpers.Base64UrlToString(encodedHeader));
var payloadValue = NewtonsoftJsonSerializer.Instance.Deserialize <TJwsPayload>(TokenEncodingHelpers.Base64UrlToString(encodedPayload));
var signature = TokenEncodingHelpers.Base64UrlDecode(parts[2]);
return(new SignedToken <TJwsHeader, TJwsPayload>(encodedHeader, encodedPayload, headerValue, payloadValue, signature));
}
static RSA FromKeyToRsa(JToken key)
{
var rsa = RSA.Create();
rsa.ImportParameters(new RSAParameters
{
Modulus = TokenEncodingHelpers.Base64UrlDecode((string)key["n"]),
Exponent = TokenEncodingHelpers.Base64UrlDecode((string)key["e"]),
});
return(rsa);
}
static ECDsa FromKeyToECDsa(JToken key)
{
if ((string)key["kty"] != "EC" && (string)key["crv"] != "P-256")
{
throw new ArgumentException(
$"For ES256 verification only certificates with kty='EC' and crv='P-256' are supported. Encountered: kty={(string)key["kty"]} and crv={(string)key["crv"]}.");
}
byte[] x = TokenEncodingHelpers.Base64UrlDecode((string)key["x"]);
byte[] y = TokenEncodingHelpers.Base64UrlDecode((string)key["y"]);
return(BuildEcdsa(x, y));
}