/// <summary>
/// Initializes a new instance of the <see cref="JwtHeader"/> class. With the Header Parameters as follows:
/// <para>{ { typ, JWT }, { alg, Mapped( <see cref="System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm"/> } }
/// See: Algorithm Mapping below.</para>
/// </summary>
/// <param name="signingCredentials">The <see cref="SigningCredentials"/> that will be or were used to sign the <see cref="JwtSecurityToken"/>.</param>
/// <remarks>
/// <para>For each <see cref="SecurityKeyIdentifierClause"/> in signingCredentials.SigningKeyIdentifier</para>
/// <para>if the clause is a <see cref="NamedKeySecurityKeyIdentifierClause"/> Header Parameter { clause.Name, clause.Id } will be added.</para>
/// <para>For example, if clause.Name == 'kid' and clause.Id == 'SecretKey99'. The JSON object { kid, SecretKey99 } would be added.</para>
/// <para>In addition, if the <see cref="SigningCredentials"/> is a <see cref="X509SigningCredentials"/> the JSON object { x5t, Base64UrlEncoded( <see cref="X509Certificate.GetCertHashString()"/> } will be added.</para>
/// <para>This simplifies the common case where a X509Certificate is used.</para>
/// <para>================= </para>
/// <para>Algorithm Mapping</para>
/// <para>================= </para>
/// <para><see cref="System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm"/> describes the algorithm that is discoverable by the CLR runtime.</para>
/// <para>The { alg, 'value' } placed in the header reflects the JWT specification.</para>
/// <see cref="JwtSecurityTokenHandler.OutboundAlgorithmMap"/> contains a signature mapping where the 'value' above will be translated according to this mapping.
/// <para>Current mapping is:</para>
/// <para>    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' => 'RS256'</para>
/// <para>    'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' => 'HS256'</para>
/// </remarks>
public JwtHeader(SigningCredentials signingCredentials = null)
: base(StringComparer.Ordinal)
{
this[JwtHeaderParameterNames.Typ] = JwtConstants.HeaderType;
if (signingCredentials != null)
{
this.signingCredentials = signingCredentials;
string algorithm = signingCredentials.SignatureAlgorithm;
if (JwtSecurityTokenHandler.OutboundAlgorithmMap.ContainsKey(signingCredentials.SignatureAlgorithm))
{
algorithm = JwtSecurityTokenHandler.OutboundAlgorithmMap[algorithm];
}
this[JwtHeaderParameterNames.Alg] = algorithm;
if (signingCredentials.SigningKeyIdentifier != null)
{
foreach (SecurityKeyIdentifierClause clause in signingCredentials.SigningKeyIdentifier)
{
NamedKeySecurityKeyIdentifierClause namedKeyClause = clause as NamedKeySecurityKeyIdentifierClause;
if (namedKeyClause != null)
{
this[namedKeyClause.Name] = namedKeyClause.Id;
}
}
}
X509SigningCredentials x509SigningCredentials = signingCredentials as X509SigningCredentials;
if (x509SigningCredentials != null && x509SigningCredentials.Certificate != null)
{
this[JwtHeaderParameterNames.X5t] = Base64UrlEncoder.Encode(x509SigningCredentials.Certificate.GetCertHash());
}
}
else
{
this[JwtHeaderParameterNames.Alg] = JwtAlgorithms.NONE;
}
}
/// <summary>
/// Encodes this instance as a Base64UrlEncoded string.
/// </summary>
/// <remarks>Returns the current state. If this instance has changed since the last call, the value will be different.</remarks>
/// <returns>a string BaseUrlEncoded representing the contents of this header.</returns>
public string Encode()
{
return(Base64UrlEncoder.Encode(this.SerializeToJson()));
}
/// <summary>
/// Encodes this instance as Base64UrlEncoded JSON.
/// </summary>
/// <returns>Base64UrlEncoded JSON.</returns>
/// <remarks>use <see cref="JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
public virtual string Base64UrlEncode()
{
return(Base64UrlEncoder.Encode(SerializeToJson()));
}