| public static Parse ( string token ) : byte[][] | ||
| token | string | |
| return | byte[][] | |
/// <summary>
/// Decodes JWT token by performining necessary decompression/decryption and signature verification as defined in JWT token header.
/// Resulting json string is returned untouched (e.g. no parsing or mapping)
/// </summary>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used, can be null.</param>
/// <returns>decoded json string</returns>
/// <exception cref="IntegrityException">if signature valdation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if JWT signature,encryption or compression algorithm is not supported</exception>
public static string Decode(string token, object key = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
byte[][] parts = Compact.Parse(token);
string json;
if (parts.Length == 5) //encrypted JWT
{
json = Decrypt(parts, key);
}
else
{
//signed or plain JWT
byte[] header = parts[0];
byte[] payload = parts[1];
byte[] signature = parts[2];
byte[] securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload));
var headerData = jsMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header, 0, payload.Length));
var algorithm = (string)headerData["alg"];
if (!HashAlgorithms[GetHashAlgorithm(algorithm)].Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
json = Encoding.UTF8.GetString(payload, 0, payload.Length);
}
return(json);
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?jwsAlg = null, JweAlgorithm?jweAlg = null, JweEncryption?jweEnc = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
byte[][] parts = Compact.Parse(token);
if (parts.Length == 5) //encrypted JWT
{
return(DecryptBytes(parts, key, jweAlg, jweEnc));
}
else
{
//signed or plain JWT
byte[] header = parts[0];
byte[] payload = parts[1];
byte[] signature = parts[2];
byte[] securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload));
var headerData = jsMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
var algorithm = (string)headerData["alg"];
if (jwsAlg != null && (JwsAlgorithm)jwsAlg != GetHashAlgorithm(algorithm))
{
throw new InvalidAlgorithmException("The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
if (!HashAlgorithms[GetHashAlgorithm(algorithm)].Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
return(payload);
}
}
public static byte[] PayloadBytes(string token)
{
byte[][] numArray = Compact.Parse(token);
if ((int)numArray.Length > 3)
{
throw new JoseException("Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead.");
}
return(numArray[1]);
}
/// <summary>
/// Parses signed JWT token, extracts and returns payload part as binary data.
/// This method is NOT supported for encrypted JWT tokens.
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>unmarshalled payload</returns>
/// <exception cref="JoseException">if encrypted JWT token is provided</exception>
public static byte[] PayloadBytes(string token, JwtSettings settings = null)
{
byte[][] parts = Compact.Parse(token);
if (parts.Length > 3)
{
throw new JoseException(
"Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead.");
}
return(parts[1]);
}
/// <summary>
/// Parses signed JWT token, extracts and returns payload part as string
/// This method is NOT supported for encrypted JWT tokens.
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <returns>unmarshalled payload</returns>
/// <exception cref="JoseException">if encrypted JWT token is provided</exception>
public static string Payload(string token)
{
byte[][] parts = Compact.Parse(token);
if (parts.Length > 3)
{
throw new JoseException(
"Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead.");
}
return(Encoding.UTF8.GetString(parts[1]));
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
byte[][] parts = Compact.Parse(token);
if (parts.Length == 5) //encrypted JWT
{
return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings));
}
else
{
//signed or plain JWT
byte[] header = parts[0];
byte[] payload = parts[1];
byte[] signature = parts[2];
string[] jwtSections = token.Split('.');
StringBuilder originalToken = new StringBuilder();
originalToken.Append(jwtSections[0]);
originalToken.Append(".");
originalToken.Append(jwtSections[1]);
byte[] securedInput = Encoding.UTF8.GetBytes(originalToken.ToString());
var jwtSettings = GetSettings(settings);
var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
var algorithm = (string)headerData["alg"];
var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
{
throw new InvalidAlgorithmException(
"The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);
if (jwsAlgorithmImpl == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
if (!jwsAlgorithmImpl.Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
return(payload);
}
}
/// <summary>
/// Parses signed JWT token, extracts and returns payload part as binary data.
/// This method is NOT supported for encrypted JWT tokens.
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>unmarshalled payload</returns>
/// <exception cref="JoseException">if encrypted JWT token is provided</exception>
public static byte[] PayloadBytes(string token, JwtSettings settings = null)
{
byte[][] parts = Compact.Parse(token);
if (parts.Length < 3)
{
throw new JoseException(
"The given token doesn't follow JWT format and must contains at least three parts.");
}
if (parts.Length > 3)
{
throw new JoseException(
"Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead.");
}
return(parts[1]);
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?jwsAlg = null, JweAlgorithm?jweAlg = null, JweEncryption?jweEnc = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.", new object[0]);
byte[][] numArray = Compact.Parse(token);
if ((int)numArray.Length == 5)
{
return(JWT.DecryptBytes(numArray, key, jweAlg, jweEnc));
}
byte[] numArray1 = numArray[0];
byte[] numArray2 = numArray[1];
byte[] numArray3 = numArray[2];
byte[] bytes = Encoding.UTF8.GetBytes(Compact.Serialize(new byte[][] { numArray1, numArray2 }));
string item = (string)JWT.jsMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(numArray1))["alg"];
if (jwsAlg.HasValue && jwsAlg.Value != JWT.GetHashAlgorithm(item))
{
throw new InvalidAlgorithmException("The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
if (!JWT.HashAlgorithms[JWT.GetHashAlgorithm(item)].Verify(numArray3, bytes, key))
{
throw new IntegrityException("Invalid signature.");
}
return(numArray2);
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
if (token == null)
{
throw new ArgumentNullException(nameof(token));
}
string[] stringParts = token.Split('.');
if (stringParts.Length == 5) //encrypted JWT
{
byte[][] parts = Compact.Parse(token);
return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings));
}
else
{
//signed or plain JWT
byte[] header = Base64Url.Decode(stringParts[0]);
byte[] payload;
byte[] signature = Base64Url.Decode(stringParts[2]);
bool base64DecodePayload = GetBase64DecodeFlag(header);
//Always base 64 decode paylod, even in b64=false detached since we have already attached the payload and encoded it
payload = Base64Url.Decode(stringParts[1]);
byte[] securedInput;
if (base64DecodePayload)
{
securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload));
}
else
{
var tmpBytes = Encoding.UTF8.GetBytes(Compact.Serialize(header) + ".");
securedInput = new byte[tmpBytes.Length + payload.Length];
System.Buffer.BlockCopy(tmpBytes, 0, securedInput, 0, tmpBytes.Length);
System.Buffer.BlockCopy(payload, 0, securedInput, tmpBytes.Length, payload.Length);
}
var jwtSettings = GetSettings(settings);
var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
var algorithm = (string)headerData["alg"];
var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
{
throw new InvalidAlgorithmException(
"The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);
if (jwsAlgorithmImpl == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
if (!jwsAlgorithmImpl.Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
return(payload);
}
}
/// <summary>
/// Parses JWT token, extracts and attempts to unmarshal headers to requested type
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <typeparam name="T">desired type after unmarshalling</typeparam>
/// <returns>unmarshalled headers</returns>
public static T Headers <T>(string token, JwtSettings settings = null)
{
byte[][] parts = Compact.Parse(token);
return(GetSettings(settings).JsonMapper.Parse <T>(Encoding.UTF8.GetString(parts[0])));
}
/// <summary>
/// Parses JWT token, extracts and attempst to unmarshall headers to requested type
/// This method is NOT performing integrity checking.
/// </summary>
/// <param name="token">signed JWT token</param>
/// <typeparam name="T">desired type after unmarshalling</typeparam>
/// <returns>unmarshalled headers</returns>
public static T Headers <T>(string token)
{
byte[][] parts = Compact.Parse(token);
return(jsMapper.Parse <T>(Encoding.UTF8.GetString(parts[0])));
}
public static T Headers <T>(string token)
{
byte[][] numArray = Compact.Parse(token);
return(JWT.jsMapper.Parse <T>(Encoding.UTF8.GetString(numArray[0])));
}
