/// <summary> /// Decodes JWT token by performining necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting json string is returned untouched (e.g. no parsing or mapping) /// </summary> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used, can be null.</param> /// <returns>decoded json string</returns> /// <exception cref="IntegrityException">if signature valdation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature,encryption or compression algorithm is not supported</exception> public static string Decode(string token, object key = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); byte[][] parts = Compact.Parse(token); string json; if (parts.Length == 5) //encrypted JWT { json = Decrypt(parts, key); } else { //signed or plain JWT byte[] header = parts[0]; byte[] payload = parts[1]; byte[] signature = parts[2]; byte[] securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload)); var headerData = jsMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header, 0, payload.Length)); var algorithm = (string)headerData["alg"]; if (!HashAlgorithms[GetHashAlgorithm(algorithm)].Verify(signature, securedInput, key)) { throw new IntegrityException("Invalid signature."); } json = Encoding.UTF8.GetString(payload, 0, payload.Length); } return(json); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?jwsAlg = null, JweAlgorithm?jweAlg = null, JweEncryption?jweEnc = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); byte[][] parts = Compact.Parse(token); if (parts.Length == 5) //encrypted JWT { return(DecryptBytes(parts, key, jweAlg, jweEnc)); } else { //signed or plain JWT byte[] header = parts[0]; byte[] payload = parts[1]; byte[] signature = parts[2]; byte[] securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload)); var headerData = jsMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header)); var algorithm = (string)headerData["alg"]; if (jwsAlg != null && (JwsAlgorithm)jwsAlg != GetHashAlgorithm(algorithm)) { throw new InvalidAlgorithmException("The algorithm type passed to the Decode method did not match the algorithm type in the header."); } if (!HashAlgorithms[GetHashAlgorithm(algorithm)].Verify(signature, securedInput, key)) { throw new IntegrityException("Invalid signature."); } return(payload); } }
public static byte[] PayloadBytes(string token) { byte[][] numArray = Compact.Parse(token); if ((int)numArray.Length > 3) { throw new JoseException("Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead."); } return(numArray[1]); }
/// <summary> /// Parses signed JWT token, extracts and returns payload part as binary data. /// This method is NOT supported for encrypted JWT tokens. /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>unmarshalled payload</returns> /// <exception cref="JoseException">if encrypted JWT token is provided</exception> public static byte[] PayloadBytes(string token, JwtSettings settings = null) { byte[][] parts = Compact.Parse(token); if (parts.Length > 3) { throw new JoseException( "Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead."); } return(parts[1]); }
/// <summary> /// Parses signed JWT token, extracts and returns payload part as string /// This method is NOT supported for encrypted JWT tokens. /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <returns>unmarshalled payload</returns> /// <exception cref="JoseException">if encrypted JWT token is provided</exception> public static string Payload(string token) { byte[][] parts = Compact.Parse(token); if (parts.Length > 3) { throw new JoseException( "Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead."); } return(Encoding.UTF8.GetString(parts[1])); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); byte[][] parts = Compact.Parse(token); if (parts.Length == 5) //encrypted JWT { return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings)); } else { //signed or plain JWT byte[] header = parts[0]; byte[] payload = parts[1]; byte[] signature = parts[2]; string[] jwtSections = token.Split('.'); StringBuilder originalToken = new StringBuilder(); originalToken.Append(jwtSections[0]); originalToken.Append("."); originalToken.Append(jwtSections[1]); byte[] securedInput = Encoding.UTF8.GetBytes(originalToken.ToString()); var jwtSettings = GetSettings(settings); var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header)); var algorithm = (string)headerData["alg"]; var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm); if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm) { throw new InvalidAlgorithmException( "The algorithm type passed to the Decode method did not match the algorithm type in the header."); } var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm); if (jwsAlgorithmImpl == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } if (!jwsAlgorithmImpl.Verify(signature, securedInput, key)) { throw new IntegrityException("Invalid signature."); } return(payload); } }
/// <summary> /// Parses signed JWT token, extracts and returns payload part as binary data. /// This method is NOT supported for encrypted JWT tokens. /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>unmarshalled payload</returns> /// <exception cref="JoseException">if encrypted JWT token is provided</exception> public static byte[] PayloadBytes(string token, JwtSettings settings = null) { byte[][] parts = Compact.Parse(token); if (parts.Length < 3) { throw new JoseException( "The given token doesn't follow JWT format and must contains at least three parts."); } if (parts.Length > 3) { throw new JoseException( "Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead."); } return(parts[1]); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?jwsAlg = null, JweAlgorithm?jweAlg = null, JweEncryption?jweEnc = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.", new object[0]); byte[][] numArray = Compact.Parse(token); if ((int)numArray.Length == 5) { return(JWT.DecryptBytes(numArray, key, jweAlg, jweEnc)); } byte[] numArray1 = numArray[0]; byte[] numArray2 = numArray[1]; byte[] numArray3 = numArray[2]; byte[] bytes = Encoding.UTF8.GetBytes(Compact.Serialize(new byte[][] { numArray1, numArray2 })); string item = (string)JWT.jsMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(numArray1))["alg"]; if (jwsAlg.HasValue && jwsAlg.Value != JWT.GetHashAlgorithm(item)) { throw new InvalidAlgorithmException("The algorithm type passed to the Decode method did not match the algorithm type in the header."); } if (!JWT.HashAlgorithms[JWT.GetHashAlgorithm(item)].Verify(numArray3, bytes, key)) { throw new IntegrityException("Invalid signature."); } return(numArray2); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); if (token == null) { throw new ArgumentNullException(nameof(token)); } string[] stringParts = token.Split('.'); if (stringParts.Length == 5) //encrypted JWT { byte[][] parts = Compact.Parse(token); return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings)); } else { //signed or plain JWT byte[] header = Base64Url.Decode(stringParts[0]); byte[] payload; byte[] signature = Base64Url.Decode(stringParts[2]); bool base64DecodePayload = GetBase64DecodeFlag(header); //Always base 64 decode paylod, even in b64=false detached since we have already attached the payload and encoded it payload = Base64Url.Decode(stringParts[1]); byte[] securedInput; if (base64DecodePayload) { securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload)); } else { var tmpBytes = Encoding.UTF8.GetBytes(Compact.Serialize(header) + "."); securedInput = new byte[tmpBytes.Length + payload.Length]; System.Buffer.BlockCopy(tmpBytes, 0, securedInput, 0, tmpBytes.Length); System.Buffer.BlockCopy(payload, 0, securedInput, tmpBytes.Length, payload.Length); } var jwtSettings = GetSettings(settings); var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header)); var algorithm = (string)headerData["alg"]; var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm); if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm) { throw new InvalidAlgorithmException( "The algorithm type passed to the Decode method did not match the algorithm type in the header."); } var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm); if (jwsAlgorithmImpl == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } if (!jwsAlgorithmImpl.Verify(signature, securedInput, key)) { throw new IntegrityException("Invalid signature."); } return(payload); } }
/// <summary> /// Parses JWT token, extracts and attempts to unmarshal headers to requested type /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <typeparam name="T">desired type after unmarshalling</typeparam> /// <returns>unmarshalled headers</returns> public static T Headers <T>(string token, JwtSettings settings = null) { byte[][] parts = Compact.Parse(token); return(GetSettings(settings).JsonMapper.Parse <T>(Encoding.UTF8.GetString(parts[0]))); }
/// <summary> /// Parses JWT token, extracts and attempst to unmarshall headers to requested type /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <typeparam name="T">desired type after unmarshalling</typeparam> /// <returns>unmarshalled headers</returns> public static T Headers <T>(string token) { byte[][] parts = Compact.Parse(token); return(jsMapper.Parse <T>(Encoding.UTF8.GetString(parts[0]))); }
public static T Headers <T>(string token) { byte[][] numArray = Compact.Parse(token); return(JWT.jsMapper.Parse <T>(Encoding.UTF8.GetString(numArray[0]))); }