protected virtual System.IdentityModel.Tokens.SecurityKeyIdentifier GetSigningKeyIdentifier(System.Collections.Generic.IDictionary <string, string> header, System.Collections.Generic.IDictionary <string, string> payload)
{
string x;
if (!header.TryGetValue("alg", out x))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No signature algorithm specified in token header.");
}
System.IdentityModel.Tokens.SecurityKeyIdentifierClause securityKeyIdentifierClause;
if (System.StringComparer.Ordinal.Equals(x, "RS256"))
{
string arg;
if (!header.TryGetValue("x5t", out arg))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No certificate thumbprint specified in token header.");
}
securityKeyIdentifierClause = new System.IdentityModel.Tokens.X509ThumbprintKeyIdentifierClause(Base64UrlEncoder.DecodeBytes(arg));
}
else
{
if (!System.StringComparer.Ordinal.Equals(x, "HS256"))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Didn't find a supported signature algorithm in token header.");
}
string issuer;
payload.TryGetValue("iss", out issuer);
securityKeyIdentifierClause = new SymmetricIssuerKeyIdentifierClause(issuer);
}
return(new System.IdentityModel.Tokens.SecurityKeyIdentifier(new System.IdentityModel.Tokens.SecurityKeyIdentifierClause[]
{
securityKeyIdentifierClause
}));
}
protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken)
{
Utility.VerifyNonNullArgument("signingToken", signingToken);
bool flag = false;
System.IdentityModel.Tokens.SecurityToken result = null;
if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal))
{
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature.");
}
System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider;
if (rSACryptoServiceProvider == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm.");
}
using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider))
{
flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature));
if (flag)
{
result = signingToken;
}
goto IL_133;
}
}
if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal))
{
byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput);
byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature);
using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator())
{
while (enumerator.MoveNext())
{
System.IdentityModel.Tokens.SecurityKey current = enumerator.Current;
System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey;
if (symmetricSecurityKey != null)
{
using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey))
{
flag = symmetricSignatureProvider.Verify(bytes, signature2);
if (flag)
{
result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey());
break;
}
}
}
}
goto IL_133;
}
}
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm.");
IL_133:
if (!flag)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature.");
}
return(result);
}
public static string Decode(string arg)
{
return(Base64UrlEncoder.TextEncoding.GetString(Base64UrlEncoder.DecodeBytes(arg)));
}