public string DoCreate(string algorithm, PrivateClaims privateClaims, JWTOptions options)
{
this.error.cleanError();
if (options.HasError())
{
this.error = options.GetError();
return("");
}
JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm(algorithm, this.error);
if (this.HasError())
{
return("");
}
if (this.HasError())
{
return("");
}
/***Hack to support 1024 RSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS256"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS512"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS384"] = 1024;
/***Hack to support 1024 RSA key lengths - END***/
/***Hack to support 192 ECDSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES256"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES512"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES384"] = 112;
/***Hack to support 192 ECDSA key lengths - END***/
JwtPayload payload = doBuildPayload(privateClaims, options);
SecurityKey genericKey = null;
if (JWTAlgorithmUtils.isPrivate(alg))
{
PrivateKeyManager key = options.GetPrivateKey();
if (key.HasError())
{
this.error = key.GetError();
return("");
}
if (SecurityUtils.compareStrings(key.getPrivateKeyAlgorithm(), "RSA"))
{
try
{
genericKey = new RsaSecurityKey((RSA)key.getPrivateKeyForJWT());
}catch (Exception)
{
this.error = key.GetError();
return("");
}
}
else if (SecurityUtils.compareStrings(key.getPrivateKeyAlgorithm(), "ECDSA"))
{
try {
genericKey = new ECDsaSecurityKey((ECDsa)key.getPrivateKeyForJWT());
}
catch (Exception)
{
this.error = key.GetError();
return("");
}
}
else
{
this.error.setError("JW012", "Not recognized key algorithm");
return("");
}
if (genericKey == null)
{
this.error = key.GetError();
return("");
}
}
else
{
SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret());
genericKey = symKey;
}
SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error);
if (this.HasError())
{
return("");
}
string signedJwt = "";
try
{
JwtHeader header = new JwtHeader(signingCredentials);
if (!options.GetHeaderParameters().IsEmpty())
{
AddHeaderParameters(header, options);
}
JwtSecurityToken secToken = new JwtSecurityToken(header, payload);
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
signedJwt = handler.WriteToken(secToken);
}
catch (Exception e)
{
this.error.setError("JW003", "key size: " + /*genericKey.KeySize.ToString()*/ e.Message + e.StackTrace);
return("");
}
return(signedJwt);
}
private bool DoVerify(string token, string expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options, bool verifyClaims, bool verifyRegClaims)
{
this.error.cleanError();
if (options.HasError())
{
this.error = options.GetError();
return(false);
}
JWTAlgorithm expectedJWTAlgorithm = JWTAlgorithmUtils.getJWTAlgorithm(expectedAlgorithm, this.error);
if (this.HasError())
{
return(false);
}
/***Hack to support 1024 RSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS256"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS512"] = 1024;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS384"] = 1024;
/***Hack to support 1024 RSA key lengths - END***/
/***Hack to support 192 ECDSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha256"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha512"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha384"] = 112;
/***Hack to support 192 ECDSA key lengths - END***/
/***Hack to support 192 ECDSA key lengths - BEGIN***/
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES256"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES512"] = 112;
AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES384"] = 112;
/***Hack to support 192 ECDSA key lengths - END***/
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken jwtToken = new JwtSecurityToken(token);
if (isRevoqued(jwtToken, options))
{
return(false);
}
if (verifyRegClaims)
{
if (!validateRegisteredClaims(jwtToken, options))
{
return(false);
}
}
if (verifyClaims)
{
if (!verifyPrivateClaims(jwtToken, privateClaims, options) || !VerifyHeader(jwtToken, options))
{
return(false);
}
}
//if validates all registered claims and it is not on revocation list
TokenValidationParameters parms = new TokenValidationParameters();
parms.ValidateLifetime = false;
parms.ValidateAudience = false;
parms.ValidateIssuer = false;
parms.ValidateActor = false;
JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm_forVerification(jwtToken.Header.Alg, this.error);
if (this.HasError())
{
return(false);
}
if (JWTAlgorithmUtils.getJWTAlgorithm(jwtToken.Header.Alg, this.error) != expectedJWTAlgorithm || this.HasError())
{
this.error.setError("JW008", "Expected algorithm does not match token algorithm");
return(false);
}
SecurityKey genericKey = null;
if (JWTAlgorithmUtils.isPrivate(alg))
{
CertificateX509 cert = options.GetCertificate();
if (cert.HasError())
{
this.error = cert.GetError();
return(false);
}
if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "RSA"))
{
try {
genericKey = new RsaSecurityKey((RSA)cert.getPublicKeyJWT());
}
catch (Exception)
{
this.error = cert.GetError();
return(false);
}
}
else if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "ECDSA"))
{
try
{
genericKey = new ECDsaSecurityKey((ECDsa)cert.getPublicKeyJWT());
}
catch (Exception)
{
this.error = cert.GetError();
return(false);
}
}
else
{
this.error.setError("JW013", "Not recognized key algorithm");
return(false);
}
}
else
{
SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret());
genericKey = symKey;
}
genericKey.KeyId = "256";
SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error);
parms.IssuerSigningKey = genericKey;
SecurityToken validatedToken;
try
{
handler.ValidateToken(token, parms, out validatedToken);
}
catch (Exception e)
{
this.error.setError("JW004", e.Message);
return(false);
}
return(true);
}
