Esempio n. 1
0
        private byte[] ComputeAuthTag(byte[] aad, byte[] iv, byte[] cipherText, byte[] hmacKey)
        {
            byte[] al        = Arrays.LongToBytes(aad.Length * 8L);
            byte[] hmacInput = Arrays.Concat(aad, iv, cipherText, al);

            byte[] hmac = hashAlgorithm.Sign(hmacInput, hmacKey);

            return(Arrays.FirstHalf(hmac));
        }
Esempio n. 2
0
        /// <summary>
        /// Encodes given binary data to JWT token and sign it using given algorithm.
        /// </summary>
        /// <param name="payload">Binary data to encode (not null)</param>
        /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param>
        /// <param name="algorithm">JWT algorithm to be used.</param>
        /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
        /// <param name="settings">optional settings to override global DefaultSettings</param>
        /// <param name="options">additional encoding options</param>
        /// <returns>JWT in compact serialization form, digitally signed.</returns>
        public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null)
        {
            if (payload == null)
            {
                throw new ArgumentNullException(nameof(payload));
            }

            JwtSettings jwtSettings = GetSettings(settings);
            JwtOptions  jwtOptions  = options ?? JwtOptions.Default;

            var jwtHeader = new Dictionary <string, object> {
                { "alg", jwtSettings.JwsHeaderValue(algorithm) }
            };

            if (extraHeaders == null) //allow overload, but keep backward compatible defaults
            {
                extraHeaders = new Dictionary <string, object> {
                    { "typ", "JWT" }
                };
            }


            if (!jwtOptions.EncodePayload)
            {
                jwtHeader["b64"]  = false;
                jwtHeader["crit"] = Collections.Union(new[] { "b64" }, Dictionaries.Get(extraHeaders, "crit"));
            }

            Dictionaries.Append(jwtHeader, extraHeaders);
            byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader));

            IJwsAlgorithm jwsAlgorithm = jwtSettings.Jws(algorithm);

            if (jwsAlgorithm == null)
            {
                throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
            }

            byte[] signature = jwsAlgorithm.Sign(securedInput(headerBytes, payload, jwtOptions.EncodePayload), key);


            byte[] payloadBytes = jwtOptions.DetachPayload ? new byte[0] : payload;


            return(jwtOptions.EncodePayload
             ? Compact.Serialize(headerBytes, payloadBytes, signature)
             : Compact.Serialize(headerBytes, Encoding.UTF8.GetString(payloadBytes), signature));
        }