public void CanValidateES256() { const string token = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"; var x = Base64Url.DeserializeBytes("f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", "ECDSA key X value"); var y = Base64Url.DeserializeBytes("x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", "ECDSA key Y value"); var key = new ECDsaSecurityKey(ECDsa.Create(new ECParameters { Q = new ECPoint { X = x, Y = y }, Curve = ECCurve.NamedCurves.nistP384 })); IdentityModelEventSource.ShowPII = true; var result = new JsonWebTokenHandler().ValidateToken(token, new TokenValidationParameters { IssuerSigningKey = key, ClockSkew = TimeSpan.FromDays(4000), ValidIssuer = "joe", ValidateAudience = false }); result.IsValid.ShouldBeTrue(); }
private HMAC CreateHasher(Jwk key) { var keyBytes = Base64Url.DeserializeBytes(key.K, "HMAC signature key"); switch (Algorithm) { case JwsAlgorithm.HS256: return(new HMACSHA256(keyBytes)); case JwsAlgorithm.HS384: return(new HMACSHA384(keyBytes)); case JwsAlgorithm.HS512: return(new HMACSHA512(keyBytes)); default: throw Logger.Exception($"Invalid algorithm \"{Algorithm}\" for {nameof(Hmac)}"); } }
public async Task ValidateSignature(Jws jws) { if (jws.Algorithm == JwsAlgorithm.none) { return; } var signedBytes = GetBytes(jws.RawSignedPart); var signature = Base64Url.DeserializeBytes(jws.RawSignature, "Token signature"); var validator = ValidatorFactory.Create(jws.Header, jws.Algorithm); var keys = (await Metadata.JsonWebKeys()).Keys; validator.Validate(signedBytes, signature, keys); }
private (ECDsa, HashAlgorithmName) CreateHasher(Jwk key) { var(algorithmName, curve) = HasherParameters; var parameters = new ECParameters { Q = new ECPoint { X = Base64Url.DeserializeBytes(key.X, "ECDSA key X value"), Y = Base64Url.DeserializeBytes(key.Y, "ECDSA key Y value") }, Curve = curve }; return(ECDsa.Create(parameters), algorithmName); }
public override bool IsValid(byte[] signedBytes, byte[] signature, Jwk key) { var(hasher, algorithName) = CreateHasher(); using (hasher) { var hash = hasher.ComputeHash(signedBytes); using var provider = new RSACryptoServiceProvider(); provider.ImportParameters(new RSAParameters { Modulus = Base64Url.DeserializeBytes(key.N, "RSA key modulus"), Exponent = Base64Url.DeserializeBytes(key.E, "RSA key exponent") }); var rsaDeformatter = new RSAPKCS1SignatureDeformatter(provider); rsaDeformatter.SetHashAlgorithm(algorithName); return(rsaDeformatter.VerifySignature(hash, signature)); } }
public void CanValidateRS256() { const string token = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; var n = Base64Url.DeserializeBytes("ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ", "n"); var e = Base64Url.DeserializeBytes("AQAB", "e"); var key = new RsaSecurityKey(new RSAParameters { Exponent = e, Modulus = n }); IdentityModelEventSource.ShowPII = true; var result = new JsonWebTokenHandler().ValidateToken(token, new TokenValidationParameters { IssuerSigningKey = key, ClockSkew = TimeSpan.FromDays(4000), ValidIssuer = "joe", ValidateAudience = false }); result.IsValid.ShouldBeTrue(); }