Exemple #1
0
 private Jwt(JwtHeaderDocument header, Jwt nested, byte[] rented)
 {
     _header  = header;
     _payload = nested.Payload;
     _nested  = nested;
     _rented  = rented;
 }
Exemple #2
0
 public static TokenValidationResult TokenReplayed(Jwt token)
 {
     return(new TokenValidationResult
     {
         Status = TokenValidationStatus.TokenReplayed,
         Token = token
     });
 }
Exemple #3
0
 private Jwt(JwtHeaderDocument header, Jwt nested, TokenValidationError error, byte[] rented)
 {
     _header  = header;
     _payload = nested.Payload;
     _nested  = nested;
     _error   = error;
     _rented  = rented;
 }
Exemple #4
0
 public static TokenValidationResult Expired(Jwt token)
 {
     return(new TokenValidationResult
     {
         Status = TokenValidationStatus.Expired,
         Token = token
     });
 }
Exemple #5
0
 public static TokenValidationResult Success(Jwt jwtToken)
 {
     return(new TokenValidationResult
     {
         Status = TokenValidationStatus.Success,
         Token = jwtToken
     });
 }
Exemple #6
0
 public static TokenValidationResult NotYetValid(Jwt jwtToken)
 {
     return(new TokenValidationResult
     {
         Status = TokenValidationStatus.NotYetValid,
         Token = jwtToken
     });
 }
Exemple #7
0
 internal Jwt(Jwt other)
 {
     _rawValue = other._rawValue;
     _rented   = other._rented;
     _header   = other._header;
     _payload  = other._payload;
     _nested   = other._nested;
     _error    = other._error;
 }
Exemple #8
0
 public static TokenValidationResult MissingClaim(Jwt jwt, string claim)
 {
     return(new TokenValidationResult
     {
         Token = jwt,
         Status = TokenValidationStatus.MissingClaim,
         ErrorClaim = claim
     });
 }
Exemple #9
0
 public static TokenValidationResult MissingClaim(Jwt jwt, ReadOnlySpan <byte> claim)
 {
     return(new TokenValidationResult
     {
         Token = jwt,
         Status = TokenValidationStatus.MissingClaim,
         ErrorClaim = Utf8.GetString(claim)
     });
 }
Exemple #10
0
        /// <summary>
        /// Try to validate the token, according to the <paramref name="jwt"/>.
        /// </summary>
        /// <param name="jwt"></param>
        /// <returns></returns>
        public TokenValidationResult TryValidateJwt(Jwt jwt)
        {
            var payload = jwt.Payload !;

            if (payload.ValidationControl != 0)
            {
                if (payload.MissingAudience)
                {
                    return(TokenValidationResult.MissingClaim(jwt, Claims.AudUtf8));
                }

                if (payload.InvalidAudience)
                {
                    return(TokenValidationResult.InvalidClaim(jwt, Claims.AudUtf8));
                }

                if (payload.MissingIssuer)
                {
                    return(TokenValidationResult.MissingClaim(jwt, Claims.IssUtf8));
                }

                if (payload.InvalidIssuer)
                {
                    return(TokenValidationResult.InvalidClaim(jwt, Claims.IssUtf8));
                }

                if (payload.MissingExpirationTime)
                {
                    return(TokenValidationResult.MissingClaim(jwt, Claims.ExpUtf8));
                }

                if (payload.Expired)
                {
                    return(TokenValidationResult.Expired(jwt));
                }

                if (payload.NotYetValid)
                {
                    return(TokenValidationResult.NotYetValid(jwt));
                }
            }

            var validators = _validators;

            for (int i = 0; i < validators.Length; i++)
            {
                var result = validators[i].TryValidate(jwt);
                if (!result.Succedeed)
                {
                    return(result);
                }
            }

            return(TokenValidationResult.Success(jwt));
        }
Exemple #11
0
        /// <summary>
        /// Initializes a new instance of <see cref="Jwt"/>.
        /// </summary>
        protected Jwt(Jwt token)
        {
            if (token is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.token);
            }

            _payload      = token._payload;
            Header        = token.Header;
            _nestedToken  = token._nestedToken;
            SigningKey    = token.SigningKey;
            EncryptionKey = token.EncryptionKey;
            Binary        = token.Binary;
        }
Exemple #12
0
        /// <summary>Parses and validates a JWT encoded as a JWS or JWE in compact serialized format.</summary>
        /// <param name="token">The JWT encoded as JWE or JWS</param>
        /// <param name="policy">The validation policy.</param>
        /// <param name="jwt">The resulting <see cref="Jwt"/>.</param>
        public static bool TryParse(string token, TokenValidationPolicy policy, out Jwt jwt)
        {
            if (token is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.token);
            }

            if (policy is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.policy);
            }

            if (token.Length == 0)
            {
                jwt = new Jwt(TokenValidationError.MalformedToken());
                return(false);
            }

            int length = Utf8.GetMaxByteCount(token.Length);

            if (length > policy.MaximumTokenSizeInBytes)
            {
                jwt = new Jwt(TokenValidationError.MalformedToken());
                return(false);
            }

            byte[]? utf8ArrayToReturnToPool = null;
            var utf8Token = length <= Constants.MaxStackallocBytes
                  ? stackalloc byte[length]
                  : (utf8ArrayToReturnToPool = ArrayPool <byte> .Shared.Rent(length));

            try
            {
                int bytesWritten = Utf8.GetBytes(token, utf8Token);
                return(TryParse(utf8Token.Slice(0, bytesWritten), policy, out jwt));
            }
            finally
            {
                if (utf8ArrayToReturnToPool != null)
                {
                    ArrayPool <byte> .Shared.Return(utf8ArrayToReturnToPool);
                }
            }
        }
Exemple #13
0
        public static SecurityEventToken AsSecurityEventToken(this Jwt token)
        {
            if (token is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
            }

            if (token.Payload is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.payload);
            }

            if (!token.Payload.ContainsKey(SetClaims.EventsUtf8))
            {
                throw new InvalidOperationException();
            }

            return(new SecurityEventToken(token));
        }
Exemple #14
0
        /// <inheritdoc />
        public TokenValidationResult TryValidate(Jwt jwt)
        {
            if (jwt is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
            }

            if (jwt.Payload is null)
            {
                return(TokenValidationResult.MalformedToken());
            }

            if (jwt.Payload.TryGetValue(OidcClaims.AuthTimeUtf8, out var _))
            {
                return(TokenValidationResult.Success(jwt));
            }

            return(TokenValidationResult.MissingClaim(jwt, OidcClaims.AuthTimeUtf8));
        }
Exemple #15
0
        /// <summary>
        /// Creates a new instance of <see cref="Jwt"/>.
        /// </summary>
        /// <param name="header"></param>
        /// <param name="nestedToken"></param>
        /// <param name="encryptionKey"></param>
        public static Jwt Create(JwtHeader header, Jwt nestedToken, Jwk encryptionKey)
        {
            if (header is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
            }

            if (nestedToken is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.nestedToken);
            }

            if (encryptionKey is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.encryptionKey);
            }

            return(new Jwt(header, nestedToken, encryptionKey));
        }
Exemple #16
0
        public TokenValidationResult TryValidate(Jwt jwt)
        {
            if (jwt is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
            }

            if (jwt.Payload is null)
            {
                return(TokenValidationResult.MalformedToken());
            }

            if (!jwt.Payload.TryGetValue(OidcClaims.AcrUtf8, out var property))
            {
                return(TokenValidationResult.MissingClaim(jwt, OidcClaims.AcrUtf8));
            }

            if (string.Equals(_requiredAcr, (string?)property.Value, StringComparison.Ordinal))
            {
                return(TokenValidationResult.InvalidClaim(jwt, OidcClaims.AcrUtf8));
            }

            return(TokenValidationResult.Success(jwt));
        }
Exemple #17
0
 /// <summary>
 /// Initializes a new instance of <see cref="TokenValidationContext"/>.
 /// </summary>
 /// <param name="jwt"></param>
 public TokenValidationContext(Jwt jwt)
 {
     Jwt = jwt;
 }
Exemple #18
0
 public static Jwt Create(JwtHeader header, Jwt nestedToken, Jwk encryptionKey)
 => throw new NotImplementedException();
Exemple #19
0
 public SecurityEventToken(Jwt token)
     : base(token)
 {
 }
Exemple #20
0
 internal Jwt(JwtHeader header, Jwt nestedToken, Jwk encryptionKey)
 {
     Header        = header;
     _nestedToken  = nestedToken;
     EncryptionKey = encryptionKey;
 }
Exemple #21
0
        /// <summary>Parses and validates a JWT encoded as a JWS or JWE in compact serialized format.</summary>
        /// <param name="utf8Token">The JWT encoded as JWE or JWS.</param>
        /// <param name="policy">The validation policy.</param>
        /// <param name="jwt">The resulting <see cref="Jwt"/>.</param>
        public static bool TryParse(ReadOnlySequence <byte> utf8Token, TokenValidationPolicy policy, out Jwt jwt)
        {
            if (utf8Token.IsSingleSegment)
            {
                return(TryParse(utf8Token.First.Span, policy, out jwt));
            }

            return(TryParse(utf8Token.ToArray(), policy, out jwt));
        }
Exemple #22
0
        /// <summary>Parses and validates a JWT encoded as a JWS or JWE in compact serialized format.</summary>
        /// <param name="utf8Token">The JWT encoded as JWE or JWS</param>
        /// <param name="policy">The validation policy.</param>
        /// <param name="jwt">The resulting <see cref="Jwt"/>.</param>
        public static bool TryParse(ReadOnlySpan <byte> utf8Token, TokenValidationPolicy policy, out Jwt jwt)
        {
            if (policy is null)
            {
                ThrowHelper.ThrowArgumentNullException(ExceptionArgument.policy);
            }

            TokenValidationError?error;

            if (utf8Token.IsEmpty)
            {
                error = TokenValidationError.MalformedToken();
                goto TokenError;
            }

            if (utf8Token.Length > policy.MaximumTokenSizeInBytes)
            {
                error = TokenValidationError.MalformedToken();
                goto TokenError;
            }

            Span <TokenSegment> segments    = stackalloc TokenSegment[Constants.JweSegmentCount];
            ref TokenSegment    segmentsRef = ref MemoryMarshal.GetReference(segments);
Exemple #23
0
 public IdToken(Jwt token)
     : base(token)
 {
 }
Exemple #24
0
 public static TokenValidationResult InvalidClaim(Jwt jwt, string claim)
 => throw new NotImplementedException();
Exemple #25
0
 public static TokenValidationResult InvalidClaim(Jwt jwt, ReadOnlySpan <byte> claim)
 => throw new NotImplementedException();
Exemple #26
0
 public static TokenValidationResult Success(Jwt jwtToken)
 => throw new NotImplementedException();
Exemple #27
0
 public static TokenValidationResult TokenReplayed(Jwt token)
 => throw new NotImplementedException();