/// <summary>汎用認証サイトの発行したJWT形式のTokenを検証する。</summary> /// <param name="jwtAccessToken"> /// JWT形式のTokenで以下の項目が必要 /// - iss /// - aud /// - iat /// - exp /// - sub /// - roles (option) /// - scopes (option) /// - その他 (option) /// </param> /// <param name="sub">string</param> /// <param name="roles">List(string)</param> /// <param name="scopes">List(string)</param> /// <param name="jobj">JObject</param> /// <returns>検証結果</returns> public static bool Verify(string jwtAccessToken, out string sub, out List <string> roles, out List <string> scopes, out JObject jobj) { sub = ""; roles = new List <string>(); scopes = new List <string>(); jobj = null; JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(OAuth2AndOIDCParams.RS256Cer, ""); if (jwtRS256.Verify(jwtAccessToken)) { Base64UrlTextEncoder base64UrlEncoder = new Base64UrlTextEncoder(); string jwtPayload = Encoding.UTF8.GetString(base64UrlEncoder.Decode(jwtAccessToken.Split('.')[1])); jobj = ((JObject)JsonConvert.DeserializeObject(jwtPayload)); //string nonce = (string)jobj["nonce"]; string iss = (string)jobj["iss"]; string aud = (string)jobj["aud"]; //string iat = (string)jobj["iat"]; string exp = (string)jobj["exp"]; sub = (string)jobj["sub"]; if (jobj["roles"] != null) { roles = JsonConvert.DeserializeObject <List <string> >(jobj["roles"].ToString()); } if (jobj["scopes"] != null) { scopes = JsonConvert.DeserializeObject <List <string> >(jobj["scopes"].ToString()); } long unixTimeSeconds = 0; #if NET45 unixTimeSeconds = PubCmnFunction.ToUnixTime(DateTimeOffset.Now); #else unixTimeSeconds = DateTimeOffset.Now.ToUnixTimeSeconds(); #endif if (iss == OAuth2AndOIDCParams.Isser && aud == OAuth2AndOIDCParams.ClientID && long.Parse(exp) >= unixTimeSeconds) { // 認証に成功(OAuth2 Clientバージョンの実装) return(true); } else if (iss == OAuth2AndOIDCParams.Isser && OAuth2AndOIDCParams.ClientIDs.Any(x => x == aud) && long.Parse(exp) >= unixTimeSeconds) { // 認証に成功(OAuth2 ResourcesServerバージョンの実装) return(true); } else { // JWTの内容検証に失敗 } } else { // JWTの署名検証に失敗 } // 認証に失敗 return(false); }
/// <summary>JWT検証</summary> private void btnJWTVerify_Click(object sender, EventArgs e) { bool ret = false; if (rbnJWTHS256.Checked) { // HS256 // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 //JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(this.txtJWTKey.Text, CustomEncode.UTF_8)); JWT_HS256 jwtHS256 = new JWT_HS256(this.txtJWTJWK.Text); ret = jwtHS256.Verify(newJWT); } else if (rbnJWTRS256_XML.Checked) { // RS256 (XML) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(this.txtJWTKey.Text); ret = jwtRS256.Verify(newJWT); } else if (rbnJWTRS256_Param.Checked) { // RS256 (Param) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 //JWT_RS256_Param jwtRS256 = new JWT_RS256_Param( // RS256_KeyConverter.XmlToProvider(this.txtJWTKey.Text).ExportParameters(false)); JWT_RS256_Param jwtRS256 = new JWT_RS256_Param( RS256_KeyConverter.JwkToProvider(this.txtJWTJWK.Text).ExportParameters(false)); ret = jwtRS256.Verify(newJWT); } else { // RS256 (X509) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_cer, ""); ret = jwtRS256.Verify(newJWT); } if (ret) { MessageBox.Show("検証成功"); } else { MessageBox.Show("検証失敗"); } }