private bool DoVerify(string token, string expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options, bool verifyClaims, bool verifyRegClaims) { this.error.cleanError(); if (options.HasError()) { this.error = options.GetError(); return(false); } JWTAlgorithm expectedJWTAlgorithm = JWTAlgorithmUtils.getJWTAlgorithm(expectedAlgorithm, this.error); if (this.HasError()) { return(false); } /***Hack to support 1024 RSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS256"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS512"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS384"] = 1024; /***Hack to support 1024 RSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken jwtToken = new JwtSecurityToken(token); if (isRevoqued(jwtToken, options)) { return(false); } if (verifyRegClaims) { if (!validateRegisteredClaims(jwtToken, options)) { return(false); } } if (verifyClaims) { if (!verifyPrivateClaims(jwtToken, privateClaims, options) || !VerifyHeader(jwtToken, options)) { return(false); } } //if validates all registered claims and it is not on revocation list TokenValidationParameters parms = new TokenValidationParameters(); parms.ValidateLifetime = false; parms.ValidateAudience = false; parms.ValidateIssuer = false; parms.ValidateActor = false; JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm_forVerification(jwtToken.Header.Alg, this.error); if (this.HasError()) { return(false); } if (JWTAlgorithmUtils.getJWTAlgorithm(jwtToken.Header.Alg, this.error) != expectedJWTAlgorithm || this.HasError()) { this.error.setError("JW008", "Expected algorithm does not match token algorithm"); return(false); } SecurityKey genericKey = null; if (JWTAlgorithmUtils.isPrivate(alg)) { CertificateX509 cert = options.GetCertificate(); if (cert.HasError()) { this.error = cert.GetError(); return(false); } if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "RSA")) { try { genericKey = new RsaSecurityKey((RSA)cert.getPublicKeyJWT()); } catch (Exception) { this.error = cert.GetError(); return(false); } } else if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "ECDSA")) { try { genericKey = new ECDsaSecurityKey((ECDsa)cert.getPublicKeyJWT()); } catch (Exception) { this.error = cert.GetError(); return(false); } } else { this.error.setError("JW013", "Not recognized key algorithm"); return(false); } } else { SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret()); genericKey = symKey; } genericKey.KeyId = "256"; SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error); parms.IssuerSigningKey = genericKey; SecurityToken validatedToken; try { handler.ValidateToken(token, parms, out validatedToken); } catch (Exception e) { this.error.setError("JW004", e.Message); return(false); } return(true); }