private static JweToken ParseCompact(string jwe)
{
var parts = Compact.Iterate(jwe);
var protectedHeaderBytes = parts.Next();
byte[] encryptedCek = parts.Next();
var iv = parts.Next();
var ciphertext = parts.Next();
var authTag = parts.Next();
var recipients = new List <JweRecipient>();
recipients.Add(new JweRecipient(encryptedCek, new Dictionary <string, object>()));
return(new JweToken(
protectedHeaderBytes: protectedHeaderBytes,
unprotectedHeader: null,
aad: null,
recipients: recipients,
iv: iv,
ciphertext: ciphertext,
authTag: authTag,
encoding: SerializationMode.Compact));
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null, byte[] payload = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
var parts = Compact.Iterate(token);
if (parts.Count == 5) //encrypted JWT
{
return(JWE.Decrypt(token, key, expectedJweAlg, expectedJweEnc, settings).PlaintextBytes);
}
else
{
//signed or plain JWT
var jwtSettings = GetSettings(settings);
byte[] header = parts.Next();
var headerData = jwtSettings.JsonMapper.Parse <IDictionary <string, object> >(Encoding.UTF8.GetString(header));
bool b64 = true;
object value;
if (headerData.TryGetValue("b64", out value))
{
b64 = (bool)value;
}
byte[] contentPayload = parts.Next(b64);
byte[] signature = parts.Next();
var effectivePayload = payload ?? contentPayload;
var algorithm = (string)headerData["alg"];
var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
{
throw new InvalidAlgorithmException(
"The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);
if (jwsAlgorithmImpl == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
if (!jwsAlgorithmImpl.Verify(signature, securedInput(header, effectivePayload, b64), key))
{
throw new IntegrityException("Invalid signature.");
}
return(effectivePayload);
}
}
/// <summary>
/// Parses signed JWT token, extracts and returns payload part as binary data.
/// This method is NOT supported for encrypted JWT tokens.
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <returns>unmarshalled payload</returns>
/// <exception cref="JoseException">if encrypted JWT token is provided</exception>
public static byte[] PayloadBytes(string token, bool b64 = true)
{
var parts = Compact.Iterate(token);
if (parts.Count < 3)
{
throw new JoseException(
"The given token doesn't follow JWT format and must contains at least three parts.");
}
if (parts.Count > 3)
{
throw new JoseException(
"Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead.");
}
parts.Next(false); //skip header
return(parts.Next(b64));
}
/// <summary>
/// Parses JWT token, extracts and attempts to unmarshal headers to requested type
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <typeparam name="T">desired type after unmarshalling</typeparam>
/// <returns>unmarshalled headers</returns>
public static T Headers <T>(string token, JwtSettings settings = null)
{
var parts = Compact.Iterate(token);
return(GetSettings(settings).JsonMapper.Parse <T>(Encoding.UTF8.GetString(parts.Next())));
}
