public void Validate_Should_Throw_Exception_When_Crypto_Does_Not_Match_Signature() { const string token = TestData.Token; var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); Action validateJwtWithBadSignature = () => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); validateJwtWithBadSignature.Should() .Throw <SignatureVerificationException>("because the signature does not match the crypto"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign); signatureData[0]++; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); Assert.False(isValid); Assert.NotNull(ex); }
public void TryValidate_Should_Return_True_And_Exception_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because the token should have been validated"); ex.Should() .BeNull("because a valid token verified should not raise any exception"); }
public void TryValidate_Should_Return_True_And_Exception_Null_When_Token_Is_Not_Yet_Usable_But_Validator_Has_Time_Margin() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp - 1)); var jwt = new JwtParts(TestData.TokenWithNbf); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider, timeMargin: 1); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because token should be valid"); ex.Should() .BeNull("because valid token should not throw exception"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Token_Is_Expired() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp)); var jwt = new JwtParts(TestData.TokenWithExp); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because token should be invalid"); ex.Should() .NotBeNull("because invalid token should thrown exception"); ex.Should() .BeOfType(typeof(TokenExpiredException), "because expired token should thrown TokenExpiredException"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Signature_Is_Not_Valid() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because token should be invalid"); ex.Should() .NotBeNull("because invalid token should thrown exception"); }
internal string Base64UrlDecode(String input) { var urlEncoder = new JwtBase64UrlEncoder(); byte[] newBytes = urlEncoder.Decode(input); return(System.Text.Encoding.UTF8.GetString(newBytes)); }
/// <summary> /// 获取JSON串 /// </summary> /// <param name="token"></param> /// <returns></returns> public string GetJson(string token) { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); string[] arr = token.Split('.'); byte[] headerBytes = urlEncoder.Decode(arr[0]); string header = System.Text.Encoding.UTF8.GetString(headerBytes); byte[] claimBytes = urlEncoder.Decode(arr[1]); string claim = System.Text.Encoding.UTF8.GetString(claimBytes); string sign = arr[2]; var json = decoder.Decode(token, SecretKey, true); return(json); }
public static Dictionary <string, object> Verify(string token) { IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); var segments = token.Split('.'); if (segments.Length != 3) { throw new Exception("token invalid"); } var header = serializer.Deserialize <Dictionary <string, string> >( System.Text.Encoding.UTF8.GetString(urlEncoder.Decode(segments[0]))); if (header["alg"] != "EK256K") { throw new Exception("alg should be EK256K but got " + header["alg"]); } var payload = serializer.Deserialize <Dictionary <string, object> >( System.Text.Encoding.UTF8.GetString(urlEncoder.Decode(segments[1]))); var signature = urlEncoder.Decode(segments[2]); var empty = new Account(); var recoveredAddress = empty.Recover(segments[0] + "." + segments[1], signature, false); var secretOrPublicKey = payload["iss"].ToString(); var expectedAddress = Account.PublicKeyToAddress(secretOrPublicKey.HexToByteArray()); if (recoveredAddress != expectedAddress) { throw new Exception(recoveredAddress + " signed the signature but we are expecting " + expectedAddress); } if (payload["iss"].ToString() != secretOrPublicKey) { throw new Exception("issuer of the token does not match " + secretOrPublicKey); } return(payload); }
public void Validate_Should_Not_Throw_Exception_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); }