public override SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment)
{
if (contentBytes.IsEmpty && signatureSegment.IsEmpty)
{
// This is not a JWS
return(SignatureValidationResult.Success());
}
if (signatureSegment.IsEmpty)
{
return(SignatureValidationResult.MissingSignature());
}
try
{
int signatureBytesLength = Base64Url.GetArraySizeRequiredToDecode(signatureSegment.Length);
Span <byte> signatureBytes = stackalloc byte[signatureBytesLength];
if (Base64Url.Decode(signatureSegment, signatureBytes, out int byteConsumed, out int bytesWritten) != OperationStatus.Done)
{
return(SignatureValidationResult.MalformedSignature());
}
Debug.Assert(bytesWritten == signatureBytes.Length);
bool keysTried = false;
var keySet = _keyProvider.GetKeys(header);
if (keySet != null)
{
var algorithm = _algorithm;
for (int i = 0; i < keySet.Length; i++)
{
var key = keySet[i];
if (key.CanUseForSignature(header.SignatureAlgorithm))
{
var alg = algorithm ?? key.SignatureAlgorithm;
if (!(alg is null))
{
if (key.TryGetSigner(alg, out var signer))
{
if (signer.Verify(contentBytes, signatureBytes))
{
return(SignatureValidationResult.Success(key));
}
}
}
keysTried = true;
}
}
}
return(keysTried
? SignatureValidationResult.InvalidSignature()
: SignatureValidationResult.SignatureKeyNotFound());
}
catch (FormatException e)
{
return(SignatureValidationResult.MalformedSignature(e));
}
}
internal static TokenValidationResult SignatureValidationFailed(SignatureValidationResult result)
{
return(new TokenValidationResult
{
Status = result.Status,
Exception = result.Exception
});
}
public override SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment)
{
return(SignatureValidationResult.Success());
}
public override SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment)
{
return((contentBytes.Length == 0 && signatureSegment.Length == 0) || (signatureSegment.IsEmpty && header.SignatureAlgorithm == SignatureAlgorithm.None)
? SignatureValidationResult.Success()
: SignatureValidationResult.InvalidSignature());
}
