public virtual byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
var privateKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type.");
Ensure.Contains(header, new[] { "epk" }, "EcdhKeyManagement algorithm expects 'epk' key param in JWT header, but was not found");
Ensure.Contains(header, new[] { algIdHeader }, "EcdhKeyManagement algorithm expects 'enc' header to be present in JWT header, but was not found");
var jObject = (JObject)header["epk"];
var epk = jObject.ToObject <Dictionary <string, object> >();
Ensure.Contains(epk, new[] { "x", "y", "crv" }, "EcdhKeyManagement algorithm expects 'epk' key to contain 'x','y' and 'crv' fields.");
var x = Base64Url.Decode((string)epk["x"]);
var y = Base64Url.Decode((string)epk["y"]);
var externalPublicKey = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement);
return(DeriveKey(header, cekSizeBits, externalPublicKey, privateKey));
}
public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
{
byte[] numArray;
string str = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string.", new object[0]);
byte[] bytes = Encoding.UTF8.GetBytes(str);
byte[] bytes1 = Encoding.UTF8.GetBytes((string)header["alg"]);
int num = 8192;
byte[] numArray1 = Arrays.Random(96);
header["p2c"] = num;
header["p2s"] = Base64Url.Encode(numArray1);
byte[] numArray2 = Arrays.Concat(new byte[][] { bytes1, Arrays.Zero, numArray1 });
using (HMAC pRF = this.PRF)
{
numArray = PBKDF2.DeriveKey(bytes, numArray2, num, this.keyLengthBits, pRF);
}
return(this.aesKW.WrapNewKey(cekSizeBits, numArray, header));
}
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] numArray;
string str = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string.", new object[0]);
byte[] bytes = Encoding.UTF8.GetBytes(str);
Ensure.Contains(header, new string[] { "p2c" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2c' param in JWT header, but was not found", new object[0]);
Ensure.Contains(header, new string[] { "p2s" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2s' param in JWT header, but was not found", new object[0]);
byte[] bytes1 = Encoding.UTF8.GetBytes((string)header["alg"]);
int num = Convert.ToInt32(header["p2c"]);
byte[] numArray1 = Base64Url.Decode((string)header["p2s"]);
byte[] numArray2 = Arrays.Concat(new byte[][] { bytes1, Arrays.Zero, numArray1 });
using (HMAC pRF = this.PRF)
{
numArray = PBKDF2.DeriveKey(bytes, numArray2, num, this.keyLengthBits, pRF);
}
return(this.aesKW.Unwrap(encryptedCek, numArray, cekSizeBits, header));
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
if (token == null)
{
throw new ArgumentNullException(nameof(token));
}
string[] stringParts = token.Split('.');
if (stringParts.Length == 5) //encrypted JWT
{
byte[][] parts = Compact.Parse(token);
return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings));
}
else
{
//signed or plain JWT
byte[] header = Base64Url.Decode(stringParts[0]);
byte[] payload;
byte[] signature = Base64Url.Decode(stringParts[2]);
bool base64DecodePayload = GetBase64DecodeFlag(header);
//Always base 64 decode paylod, even in b64=false detached since we have already attached the payload and encoded it
payload = Base64Url.Decode(stringParts[1]);
byte[] securedInput;
if (base64DecodePayload)
{
securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload));
}
else
{
var tmpBytes = Encoding.UTF8.GetBytes(Compact.Serialize(header) + ".");
securedInput = new byte[tmpBytes.Length + payload.Length];
System.Buffer.BlockCopy(tmpBytes, 0, securedInput, 0, tmpBytes.Length);
System.Buffer.BlockCopy(payload, 0, securedInput, tmpBytes.Length, payload.Length);
}
var jwtSettings = GetSettings(settings);
var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
var algorithm = (string)headerData["alg"];
var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
{
throw new InvalidAlgorithmException(
"The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);
if (jwsAlgorithmImpl == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
if (!jwsAlgorithmImpl.Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
return(payload);
}
}
/// <summary>
/// Encodes given binary data to JWT token and sign it using given algorithm.
/// </summary>
/// <param name="payload">Binary data to encode (not null)</param>
/// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param>
/// <param name="algorithm">JWT algorithm to be used.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, digitally signed.</returns>
public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
if (payload == null)
{
throw new ArgumentNullException(nameof(payload));
}
if (extraHeaders == null) //allow overload, but keep backward compatible defaults
{
extraHeaders = new Dictionary <string, object> {
{ "typ", "JWT" }
};
}
var jwtSettings = GetSettings(settings);
var jwtHeader = new Dictionary <string, object> {
{ "alg", jwtSettings.JwsHeaderValue(algorithm) }
};
bool b64EncodePayload = true;
if (extraHeaders.ContainsKey("b64"))
{
var b64Header = extraHeaders["b64"];
if (b64Header != null && b64Header is bool)
{
b64EncodePayload = (bool)b64Header;
}
}
Dictionaries.Append(jwtHeader, extraHeaders);
byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader));
byte[] bytesToSign;
if (b64EncodePayload)
{
bytesToSign = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes, payload));
}
else
{
var tmpBytes = Encoding.UTF8.GetBytes(Compact.Serialize(headerBytes) + ".");
bytesToSign = new byte[tmpBytes.Length + payload.Length];
System.Buffer.BlockCopy(tmpBytes, 0, bytesToSign, 0, tmpBytes.Length);
System.Buffer.BlockCopy(payload, 0, bytesToSign, tmpBytes.Length, payload.Length);
}
var jwsAlgorithm = jwtSettings.Jws(algorithm);
if (jwsAlgorithm == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
byte[] signature = jwsAlgorithm.Sign(bytesToSign, key);
if (b64EncodePayload)
{
return(Compact.Serialize(headerBytes, payload, signature));
}
else
{
return(Base64Url.Encode(headerBytes) + ".." + Base64Url.Encode(signature));
}
}
/// <summary>
/// Encrypts given binary plaintext using JWE and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="plaintext">Binary data to encrypt (not null)</param>
/// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param>
/// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param>
/// <param name="aad">additional authentication data (SerializationMode.Json only)</param>
/// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraProtectedHeaders">optional extra headers to put in the protected header.</param>
/// <param name="unprotectedHeaders">optional unprotected headers</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string EncryptBytes(byte[] plaintext, IEnumerable <JweRecipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Json, JweCompression?compression = null, IDictionary <string, object> extraProtectedHeaders = null, IDictionary <string, object> unprotectedHeaders = null, JwtSettings settings = null)
{
if (plaintext == null)
{
throw new ArgumentNullException(nameof(plaintext));
}
settings = GetSettings(settings);
IJweAlgorithm _enc = settings.Jwe(enc);
if (_enc == null)
{
throw new JoseException(string.Format("Unsupported JWE enc requested: {0}", enc));
}
IDictionary <string, object> joseProtectedHeader = Dictionaries.MergeHeaders(
new Dictionary <string, object> {
{ "enc", settings.JweHeaderValue(enc) }
},
extraProtectedHeaders);
byte[] cek = null;
var recipientsOut = new List <JweRecipient>();
foreach (var recipient in recipients)
{
IKeyManagement keys = settings.Jwa(recipient.Alg);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWE alg requested: {0}", recipient.Alg));
}
// joseHeader - is merge of headers
// - key management will read from (e.g. enc,apv,apu - ECDH-ES)
// - key management will write to (e.g. iv, tag - AesGcmKW)
IDictionary <string, object> joseHeader = Dictionaries.MergeHeaders(
joseProtectedHeader,
new Dictionary <string, object> {
{ "alg", settings.JwaHeaderValue(recipient.Alg) }
},
recipient.Header,
unprotectedHeaders
);
byte[] encryptedCek;
if (cek == null)
{
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, recipient.Key, joseHeader);
cek = contentKeys[0];
encryptedCek = contentKeys[1];
}
else
{
encryptedCek = keys.WrapKey(cek, recipient.Key, joseHeader);
}
// For the per-receipient header we want the headers from the result of IKeyManagements key wrapping but without the
// shared headers
IDictionary <string, object> recipientHeader = joseHeader
.Where(
kvp => !joseProtectedHeader.ContainsKey(kvp.Key) &&
(unprotectedHeaders == null || !unprotectedHeaders.ContainsKey(kvp.Key))
)
.ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
recipientsOut.Add(new JweRecipient(encryptedCek, recipientHeader));
}
if (compression.HasValue)
{
joseProtectedHeader["zip"] = settings.CompressionHeader(compression.Value);
plaintext = settings.Compression(compression.Value).Compress(plaintext);
}
switch (mode)
{
case SerializationMode.Compact:
{
if (recipientsOut.Count != 1)
{
throw new JoseException("Only one recipient is supported by the JWE Compact Serialization.");
}
if (aad != null)
{
throw new JoseException("JWE AAD value is not valid for JWE Compact Serialization.");
}
joseProtectedHeader = Dictionaries.MergeHeaders(recipientsOut[0].Header, joseProtectedHeader);
byte[] header = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, plaintext, cek);
return(new JweToken(
header,
null,
recipientsOut,
null,
encParts[0],
encParts[1],
encParts[2],
mode)
.AsString());
}
case SerializationMode.Json:
{
var protectedHeaderBytes = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeaderBytes));
byte[][] encParts = _enc.Encrypt(Aad(protectedHeaderBytes, aad), plaintext, cek);
return(new JweToken(
protectedHeaderBytes,
unprotectedHeaders,
recipientsOut,
aad,
encParts[0],
encParts[1],
encParts[2],
mode)
.AsString(settings.JsonMapper));
}
default:
throw new JoseException($"Unsupported serializtion mode: {mode}.");
}
}
private static byte[] Aad(byte[] protectedHeader, byte[] aad = null)
{
return(aad == null?
Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeader)) :
Encoding.ASCII.GetBytes(string.Concat(Base64Url.Encode(protectedHeader), ".", Base64Url.Encode(aad))));
}
