public void Decrypt_MultipleRecipients_MismatchEncOrAlgThrows(JweEncryption expectedJweEnc, JweAlgorithm expectedJweAlg, string expectedMessage)
{
//given
byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
var recipients = new Recipient[]
{
recipientAes256KW1,
recipientAes256KW2,
recipientRsa1,
};
var sharedProtectedHeaders = new Dictionary <string, object>
{
{ "cty", "application/octet-string" },
};
var jwe = JWE.Encrypt(
plaintext: payload,
recipients: recipients,
JweEncryption.A256GCM,
mode: SerializationMode.Json,
extraHeaders: sharedProtectedHeaders);
//when
var exception = Record.Exception(() => JWE.Decrypt(jwe, aes256KWKey2, expectedJweAlg, expectedJweEnc));
//then
Assert.IsType <InvalidAlgorithmException>(exception);
Assert.Equal(expectedMessage, exception.Message);
}
/// <summary>
/// Encodes given json string to JWT token and applies requested encryption/compression algorithms.
/// Json string to encode will be obtained via configured IJsonMapper implementation.
/// </summary>
/// <param name="payload">json string to encode (not null or whitespace)</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encode(string payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null)
{
Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null.");
IKeyManagement keys = KeyAlgorithms[alg];
IJweAlgorithm _enc = EncAlgorithms[enc];
var jwtHeader = new Dictionary <string, object> {
{ "alg", JweAlgorithms[alg] }, { "enc", JweEncryptionMethods[enc] }
};
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, key, jwtHeader);
byte[] cek = contentKeys[0];
byte[] encryptedCek = contentKeys[1];
byte[] plainText = Encoding.UTF8.GetBytes(payload);
if (compression.HasValue)
{
jwtHeader["zip"] = JweCompressionMethods[compression.Value];
plainText = CompressionAlgorithms[compression.Value].Compress(plainText);
}
byte[] header = Encoding.UTF8.GetBytes(jsMapper.Serialize(jwtHeader));
byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, plainText, cek);
return(Compact.Serialize(header, encryptedCek, encParts[0], encParts[1], encParts[2]));
}
/// <summary>
/// Encodes given json string to JWT token and applies requested encryption/compression algorithms.
/// Json string to encode will be obtained via configured IJsonMapper implementation.
/// </summary>
/// <param name="payload">json string to encode (not null or whitespace)</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <param name="alg">JWT algorithm to be used.</param>
/// <param name="enc">encryption algorithm to be used.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encode(string payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null.");
byte[] plainText = Encoding.UTF8.GetBytes(payload);
return(EncodeBytes(plainText, key, alg, enc, compression, extraHeaders, settings));
}
private static byte[] DecryptBytes(byte[][] parts, object key, JweAlgorithm?jweAlg, JweEncryption?jweEnc, JwtSettings settings = null)
{
byte[] header = parts[0];
byte[] encryptedCek = parts[1];
byte[] iv = parts[2];
byte[] cipherText = parts[3];
byte[] authTag = parts[4];
JwtSettings jwtSettings = GetSettings(settings);
IDictionary <string, object> jwtHeader = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
JweAlgorithm headerAlg = jwtSettings.JwaAlgorithmFromHeader((string)jwtHeader["alg"]);
JweEncryption headerEnc = jwtSettings.JweAlgorithmFromHeader((string)jwtHeader["enc"]);
IKeyManagement keys = jwtSettings.Jwa(headerAlg);
IJweAlgorithm enc = jwtSettings.Jwe(headerEnc);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", headerAlg));
}
if (enc == null)
{
throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc));
}
if (jweAlg != null && (JweAlgorithm)jweAlg != headerAlg)
{
throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header.");
}
if (jweEnc != null && (JweEncryption)jweEnc != headerEnc)
{
throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header.");
}
byte[] cek = keys.Unwrap(encryptedCek, key, enc.KeySize, jwtHeader);
byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[] plainText = enc.Decrypt(aad, cek, iv, cipherText, authTag);
if (jwtHeader.ContainsKey("zip"))
{
var alg = (string)jwtHeader["zip"];
var compression = jwtSettings.Compression(GetJweCompression(alg));
if (compression == null)
{
throw new JoseException(string.Format("Unsupported compressions algorithm requested: {0}", alg));
}
plainText = compression.Decompress(plainText);
}
return(plainText);
}
private static byte[] DecryptBytes(byte[][] parts, object key, JweAlgorithm?jweAlg, JweEncryption?jweEnc, JWTSettings settings = null)
{
byte[] header = parts[0];
byte[] encryptedCek = parts[1];
byte[] iv = parts[2];
byte[] cipherText = parts[3];
byte[] authTag = parts[4];
IDictionary <string, object> jwtHeader = GetSettings(settings).JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
JweAlgorithm headerAlg = GetJweAlgorithm((string)jwtHeader["alg"]);
JweEncryption headerEnc = GetJweEncryption((string)jwtHeader["enc"]);
IKeyManagement keys = GetSettings(settings).KeyAlgorithms[headerAlg];
IJweAlgorithm enc = GetSettings(settings).EncAlgorithms[headerEnc];
if (jweAlg != null && (JweAlgorithm)jweAlg != headerAlg)
{
throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header.");
}
if (jweEnc != null && (JweEncryption)jweEnc != headerEnc)
{
throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header.");
}
byte[] cek = keys.Unwrap(encryptedCek, key, enc.KeySize, jwtHeader);
byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[] plainText = enc.Decrypt(aad, cek, iv, cipherText, authTag);
if (jwtHeader.ContainsKey("zip"))
{
plainText = GetSettings(settings).CompressionAlgorithms[GetJweCompression((string)jwtHeader["zip"])].Decompress(plainText);
}
return(plainText);
}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header.
/// Resulting bytes of the payload are returned untouched (e.g. no parsing or mapping)
/// </summary>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="enc">The encryption type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>Decrypted payload as binary data</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception>
public static byte[] DecodeBytes(string token, object key, JweAlgorithm alg, JweEncryption enc, JwtSettings settings = null)
{
return(DecodeBytes(token, key, null, alg, enc, settings));
}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header.
/// Resulting json string will be parsed and mapped to desired type via configured IJsonMapper implementation.
/// </summary>
/// <typeparam name="T">Deserid object type after json mapping</typeparam>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="enc">The encryption type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>object of provided T, result of decoded json mapping</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception>
public static T Decode <T>(string token, object key, JweAlgorithm alg, JweEncryption enc, JwtSettings settings = null)
{
return(GetSettings(settings).JsonMapper.Parse <T>(Decode(token, key, alg, enc, settings)));
}
/// <summary>
/// Serialize and encodes object to JWT token and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="payload">json string to encode</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encode(object payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null)
{
return(Encode(jsMapper.Serialize(payload), key, alg, enc));
}
protected Dictionary <string, object> JoseDotNetCore(string token, JweEncryption enc, JweAlgorithm alg, byte[] key)
{
return(Jose.JWT.Decode <Dictionary <string, object> >(token, key: key, enc: enc /*JweEncryption.A128CBC_HS256*/, alg: alg /*JweAlgorithm.A128KW*/));
}
public static byte[] DecodeBytes(string token, object key, JweAlgorithm alg, JweEncryption enc)
{
JwsAlgorithm?nullable = null;
return(JWT.DecodeBytes(token, key, nullable, new JweAlgorithm?(alg), new JweEncryption?(enc)));
}
public static string Encode(string payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null)
{
Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null.", new object[0]);
return(JWT.EncodeBytes(Encoding.UTF8.GetBytes(payload), key, alg, enc, compression, extraHeaders));
}
/// <summary>
/// Decodes JWT token by performining necessary decompression/decryption and signature verification as defined in JWT token header.
/// Resulting json string is returned untouched (e.g. no parsing or mapping)
/// </summary>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="enc">The encryption type that we expect to receive in the header.</param>
/// <returns>decoded json string</returns>
/// <exception cref="IntegrityException">if signature valdation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception>
public static string Decode(string token, object key, JweAlgorithm alg, JweEncryption enc)
{
return(Decode(token, key, null, alg, enc));
}
/// <summary>
/// Encrypts given binary plaintext using JWE and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="plaintext">Binary data to encrypt (not null)</param>
/// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param>
/// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param>
/// <param name="aad">additional authentication data (SerializationMode.Json only)</param>
/// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraProtectedHeaders">optional extra headers to put in the protected header.</param>
/// <param name="unprotectedHeaders">optional unprotected headers</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string EncryptBytes(byte[] plaintext, IEnumerable <JweRecipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Json, JweCompression?compression = null, IDictionary <string, object> extraProtectedHeaders = null, IDictionary <string, object> unprotectedHeaders = null, JwtSettings settings = null)
{
if (plaintext == null)
{
throw new ArgumentNullException(nameof(plaintext));
}
settings = GetSettings(settings);
IJweAlgorithm _enc = settings.Jwe(enc);
if (_enc == null)
{
throw new JoseException(string.Format("Unsupported JWE enc requested: {0}", enc));
}
//IDictionary<string, object> joseProtectedHeader = Dictionaries.MergeHeaders(
// new Dictionary<string, object> { { "enc", settings.JweHeaderValue(enc) } },
// extraProtectedHeaders);
IDictionary <string, object> joseProtectedHeader = Dictionaries.MergeHeaders();
byte[] cek = null;
var recipientsOut = new List <JweRecipient>();
foreach (var recipient in recipients)
{
joseProtectedHeader = Dictionaries.MergeHeaders(
new Dictionary <string, object> {
{ "alg", settings.JwaHeaderValue(recipient.Alg) }
},
new Dictionary <string, object> {
{ "enc", settings.JweHeaderValue(enc) }
}, extraProtectedHeaders);
IKeyManagement keys = settings.Jwa(recipient.Alg);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWE alg requested: {0}", recipient.Alg));
}
// joseHeader - is merge of headers
// - key management will read from (e.g. enc,apv,apu - ECDH-ES)
//// - key management will write to (e.g. iv, tag - AesGcmKW)
IDictionary <string, object> joseHeader = Dictionaries.MergeHeaders(
joseProtectedHeader,
recipient.Header,
unprotectedHeaders
);
byte[] encryptedCek;
if (cek == null)
{
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, recipient.Key, joseHeader);
cek = contentKeys[0];
encryptedCek = contentKeys[1];
}
else
{
encryptedCek = keys.WrapKey(cek, recipient.Key, joseHeader);
}
// For the per-receipient header we want the headers from the result of IKeyManagements key wrapping but without the
// shared headers
IDictionary <string, object> recipientHeader = joseHeader
.Where(
kvp => !joseProtectedHeader.ContainsKey(kvp.Key) &&
(unprotectedHeaders == null || !unprotectedHeaders.ContainsKey(kvp.Key))
)
.ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
recipientsOut.Add(new JweRecipient(encryptedCek, recipientHeader));
}
if (compression.HasValue)
{
joseProtectedHeader["zip"] = settings.CompressionHeader(compression.Value);
plaintext = settings.Compression(compression.Value).Compress(plaintext);
}
switch (mode)
{
case SerializationMode.Compact:
{
if (recipientsOut.Count != 1)
{
throw new JoseException("Only one recipient is supported by the JWE Compact Serialization.");
}
if (aad != null)
{
throw new JoseException("JWE AAD value is not valid for JWE Compact Serialization.");
}
joseProtectedHeader = Dictionaries.MergeHeaders(recipientsOut[0].Header, joseProtectedHeader);
byte[] header = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, plaintext, cek);
return(new JweToken(
header,
null,
recipientsOut,
null,
encParts[0],
encParts[1],
encParts[2],
mode)
.AsString());
}
case SerializationMode.Json:
{
var protectedHeaderBytes = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeaderBytes));
byte[][] encParts = _enc.Encrypt(Aad(protectedHeaderBytes, aad), plaintext, cek);
return(new JweToken(
protectedHeaderBytes,
unprotectedHeaders,
recipientsOut,
aad,
encParts[0],
encParts[1],
encParts[2],
mode)
.AsString(settings.JsonMapper));
}
default:
throw new JoseException($"Unsupported serializtion mode: {mode}.");
}
}
/// <summary>
/// Encrypts given plaintext using JWE and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="plaintext">Binary data to encrypt (not null)</param>
/// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param>
/// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param>
/// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to put in the JoseProtectedHeader.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encrypt(byte[] plaintext, IEnumerable <Recipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Compact, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
if (plaintext == null)
{
throw new ArgumentNullException(nameof(plaintext));
}
settings = GetSettings(settings);
IJweAlgorithm _enc = settings.Jwe(enc);
if (_enc == null)
{
throw new JoseException(string.Format("Unsupported JWE enc requested: {0}", enc));
}
IDictionary <string, object> joseProtectedHeader = Dictionaries.MergeHeaders(
new Dictionary <string, object> {
{ "enc", settings.JweHeaderValue(enc) }
},
extraHeaders);
byte[] cek = null;
var recipientsOut = new List <(byte[] EncryptedKey, IDictionary <string, object> Header)>();
foreach (var recipient in recipients)
{
IKeyManagement keys = settings.Jwa(recipient.Alg);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWE alg requested: {0}", recipient.Alg));
}
// joseHeader - is merge of headers
// - key management will read from (e.g. enc,apv,apu - ECDH-ES)
// - key management will write to (e.g. iv, tag - AesGcmKW)
IDictionary <string, object> joseHeader = Dictionaries.MergeHeaders(
joseProtectedHeader,
new Dictionary <string, object> {
{ "alg", settings.JwaHeaderValue(recipient.Alg) }
},
recipient.PerRecipientHeaders);
byte[] encryptedCek;
if (cek == null)
{
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, recipient.Key, joseHeader);
cek = contentKeys[0];
encryptedCek = contentKeys[1];
}
else
{
encryptedCek = keys.WrapKey(cek, recipient.Key, joseHeader);
}
// For the per-receipient header we want the headers from the result of IKeyManagements key wrapping.. but without the
// protected headers that were merged in
IDictionary <string, object> recipientHeader = joseHeader.Except(joseProtectedHeader).ToDictionary(x => x.Key, v => v.Value);
recipientsOut.Add((EncryptedKey: encryptedCek, Header: recipientHeader));
}
if (compression.HasValue)
{
joseProtectedHeader["zip"] = settings.CompressionHeader(compression.Value);
plaintext = settings.Compression(compression.Value).Compress(plaintext);
}
switch (mode)
{
case SerializationMode.Compact:
{
if (recipientsOut.Count != 1)
{
throw new JoseException("Only one recipient is supported by the JWE Compact Serialization.");
}
if (aad != null)
{
throw new JoseException("JWE AAD value is not valid for JWE Compact Serialization.");
}
joseProtectedHeader = Dictionaries.MergeHeaders(recipientsOut[0].Header, joseProtectedHeader);
byte[] header = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, plaintext, cek);
return(Compact.Serialize(header, recipientsOut[0].EncryptedKey, encParts[0], encParts[1], encParts[2]));
}
case SerializationMode.Json:
{
var protectedHeaderBytes = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader));
byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeaderBytes));
var aadToEncrypt = aad == null ? asciiEncodedProtectedHeader : asciiEncodedProtectedHeader.Concat(new byte[] { 0x2E }).Concat(aad).ToArray();
byte[][] encParts = _enc.Encrypt(aadToEncrypt, plaintext, cek);
var toSerialize = new Dictionary <string, object>
{
{ "protected", Base64Url.Encode(protectedHeaderBytes) },
{ "iv", Base64Url.Encode(encParts[0]) },
{ "ciphertext", Base64Url.Encode(encParts[1]) },
{ "tag", Base64Url.Encode(encParts[2]) },
};
if (aad != null)
{
toSerialize["aad"] = Base64Url.Encode(aad);
}
if (recipientsOut.Count == 1)
{
toSerialize["header"] = recipientsOut.Select(r => r.Header).First();
toSerialize["encrypted_key"] = recipientsOut.Select(r => Base64Url.Encode(r.EncryptedKey)).First();
}
else
{
toSerialize["recipients"] = recipientsOut.Select(r => new
{
header = r.Header,
encrypted_key = Base64Url.Encode(r.EncryptedKey),
});
}
return(settings.JsonMapper.Serialize(toSerialize));
}
default:
throw new JoseException($"Unsupported serializtion mode: {mode}.");
}
}
/// <summary>
/// Encodes given binary data to JWT token and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="payload">Binary data to encode (not null)</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null)
{
if (payload == null)
{
throw new ArgumentNullException(nameof(payload));
}
IKeyManagement keys = KeyAlgorithms[alg];
IJweAlgorithm _enc = EncAlgorithms[enc];
IDictionary <string, object> jwtHeader = new Dictionary <string, object> {
{ "alg", JweAlgorithms[alg] }, { "enc", JweEncryptionMethods[enc] }
};
Dictionaries.Append(jwtHeader, extraHeaders);
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, key, jwtHeader);
byte[] cek = contentKeys[0];
byte[] encryptedCek = contentKeys[1];
if (compression.HasValue)
{
jwtHeader["zip"] = JweCompressionMethods[compression.Value];
payload = CompressionAlgorithms[compression.Value].Compress(payload);
}
byte[] header = Encoding.UTF8.GetBytes(jsMapper.Serialize(jwtHeader));
byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, payload, cek);
return(Compact.Serialize(header, encryptedCek, encParts[0], encParts[1], encParts[2]));
}
/// <summary>
/// Decypts a JWE by performing necessary decompression/decryption and authenticated decryption as defined in RFC7516.
/// </summary>
/// <param name="jwe">JWE to decrypt.</param>
/// <param name="key">key for decoding suitable for JWE algorithm used to encrypt the CEK.</param>
/// <param name="expectedJweAlg">The algorithm type that we expect to receive in the header.</param>
/// <param name="expectedJweEnc">The encryption type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>Decrypted plaintext as binary data</returns>
/// <exception cref="IntegrityException">if AEAD operation validation failed</exception>
/// <exception cref="EncryptionException">if JWE can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if encryption or compression algorithm is not supported</exception>
public static (byte[] Plaintext, IDictionary <string, object> JoseHeaders, byte[] Aad) Decrypt(string jwe, object key, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(jwe, "Incoming jwe expected to be in a valid serialization form, not empty, whitespace or null.");
settings = GetSettings(settings);
ParsedJwe parsedJwe = ParsedJwe.Parse(jwe, settings);
IDictionary <string, object> protectedHeader = settings.JsonMapper.Parse <Dictionary <string, object> >(
Encoding.UTF8.GetString(parsedJwe.ProtectedHeaderBytes));
if (protectedHeader == null && parsedJwe.Encoding == SerializationMode.Compact)
{
throw new JoseException(string.Format("Protected header was missing but required with compact encoding."));
}
IJweAlgorithm enc = null;
/*
* if (protectedHeader != null)
* {
* JweEncryption headerEnc = settings.JweAlgorithmFromHeader((string)protectedHeader["enc"]);
* enc = settings.Jwe(headerEnc);
*
* if (enc == null && parsedJwe.Encoding == SerializationMode.Compact)
* {
* throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc));
* }
*
* if (expectedJweEnc != null && expectedJweEnc != headerEnc && parsedJwe.Encoding == SerializationMode.Compact)
* {
* throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header.");
* }
* }
*/
var algMatchingRecipients = parsedJwe.Recipients.Select(r =>
{
var joseHeader = Dictionaries.MergeHeaders(protectedHeader, parsedJwe.UnprotectedHeader, r.Header);
return(new
{
JoseHeader = joseHeader,
HeaderAlg = settings.JwaAlgorithmFromHeader((string)joseHeader["alg"]),
EncryptedCek = r.EncryptedCek,
});
})
.Where(r => (expectedJweAlg == null || expectedJweAlg == r.HeaderAlg));
if (!algMatchingRecipients.Any())
{
throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header.");
}
var exceptions = new List <Exception>();
foreach (var recipient in algMatchingRecipients)
{
IKeyManagement keys = settings.Jwa(recipient.HeaderAlg);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", recipient.HeaderAlg));
}
try
{
JweEncryption headerEnc = settings.JweAlgorithmFromHeader((string)recipient.JoseHeader["enc"]);
enc = settings.Jwe(headerEnc);
if (enc == null)
{
throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc));
}
if (expectedJweEnc != null && expectedJweEnc != headerEnc)
{
throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header.");
}
byte[] cek = keys.Unwrap(recipient.EncryptedCek, key, enc.KeySize, recipient.JoseHeader);
byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(parsedJwe.ProtectedHeaderBytes));
byte[] aad = parsedJwe.Aad == null?
Encoding.ASCII.GetBytes(Base64Url.Encode(parsedJwe.ProtectedHeaderBytes)) :
Encoding.ASCII.GetBytes(string.Concat(Base64Url.Encode(parsedJwe.ProtectedHeaderBytes), ".", Base64Url.Encode(parsedJwe.Aad)));
byte[] plaintext = enc.Decrypt(aad, cek, parsedJwe.Iv, parsedJwe.Ciphertext, parsedJwe.AuthTag);
if (recipient.JoseHeader.TryGetValue("zip", out var compressionAlg))
{
var compression = settings.Compression((string)compressionAlg);
plaintext = compression.Decompress(plaintext);
}
return(Plaintext : plaintext, JoseHeaders : recipient.JoseHeader, Aad : parsedJwe.Aad);
}
catch (ArgumentException ex)
{
exceptions.Add(ex);
}
catch (JoseException ex)
{
exceptions.Add(ex);
}
}
if (exceptions.Select(e => (e.GetType(), e.Message)).Distinct().Count() == 1)
{
// throw the first
throw exceptions[0];
}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header.
/// Resulting bytes of the payload are returned untouched (e.g. no parsing or mapping)
/// </summary>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="enc">The encryption type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>Decrypted payload as binary data</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception>
public static byte[] DecodeBytes(string token, object key, JweAlgorithm alg, JweEncryption enc, JwtSettings settings = null, bool requireSignature = false)
{
return(DecodeBytes(token, key, null, alg, enc, settings, null, requireSignature));
}
/// <summary>VerifyResult</summary>
/// <param name="testLabel">string</param>
/// <param name="jwt">string</param>
/// <param name="key">object</param>
/// <param name="alg">JweAlgorithm</param>
/// <param name="enc">JweEncryption</param>
private static void VerifyResult(string testLabel, string jwt, object key, JweAlgorithm alg, JweEncryption enc)
{
MyDebug.OutputDebugAndConsole(testLabel, "Original:" + jwt);
MyDebug.InspectJwt(testLabel, jwt);
MyDebug.OutputDebugAndConsole(testLabel, "Decoded:" + JWT.Decode(jwt, key, alg, enc));
}
/// <summary>
/// Decypts a JWE by performing necessary decompression/decryption and authenticated decryption as defined in RFC7516.
/// </summary>
/// <param name="jwe">JWE to decrypt.</param>
/// <param name="key">key for decoding suitable for JWE algorithm used to encrypt the CEK.</param>
/// <param name="expectedJweAlg">The algorithm type that we expect to receive in the header.</param>
/// <param name="expectedJweEnc">The encryption type that we expect to receive in the header.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>Decrypted JweToken object</returns>
/// <exception cref="IntegrityException">if AEAD operation validation failed</exception>
/// <exception cref="EncryptionException">if JWE can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if encryption or compression algorithm is not supported</exception>
public static JweToken Decrypt(string jwe, object key, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(jwe, "Incoming jwe expected to be in a valid serialization form, not empty, whitespace or null.");
settings = GetSettings(settings);
JweToken token = Headers(jwe);
if (token.ProtectedHeaderBytes == null && token.Encoding == SerializationMode.Compact)
{
throw new JoseException(string.Format("Protected header was missing but required with compact encoding."));
}
var exceptions = new List <Exception>();
foreach (var recipient in token.Recipients)
{
var headerAlg = settings.JwaAlgorithmFromHeader((string)recipient.JoseHeader["alg"]);
var encryptedCek = recipient.EncryptedCek;
// skip recipient if asked to do strict validation
if (expectedJweAlg != null && expectedJweAlg != headerAlg)
{
continue;
}
IKeyManagement keys = settings.Jwa(headerAlg);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", headerAlg));
}
try
{
JweEncryption headerEnc = settings.JweAlgorithmFromHeader((string)recipient.JoseHeader["enc"]);
IJweAlgorithm enc = settings.Jwe(headerEnc);
if (enc == null)
{
throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc));
}
if (expectedJweEnc != null && expectedJweEnc != headerEnc)
{
throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header.");
}
byte[] cek = keys.Unwrap(recipient.EncryptedCek, key, enc.KeySize, recipient.JoseHeader);
byte[] plaintext = enc.Decrypt(Aad(token.ProtectedHeaderBytes, token.Aad), cek, token.Iv, token.Ciphertext, token.AuthTag);
if (recipient.JoseHeader.TryGetValue("zip", out var compressionAlg))
{
var compression = settings.Compression((string)compressionAlg);
plaintext = compression.Decompress(plaintext);
}
token.PlaintextBytes = plaintext;
token.Recipient = recipient;
return(token);
}
catch (ArgumentException ex)
{
exceptions.Add(ex);
}
catch (JoseException ex)
{
exceptions.Add(ex);
}
}
// nobody was eligable for decryption
if (exceptions.Count == 0)
{
throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header.");
}
// decryption failed
if (exceptions.Select(e => new KeyValuePair <Type, String>(e.GetType(), e.Message)).Distinct().Count() == 1)
{
// throw the first
throw exceptions[0];
}
else
{
throw new JoseException($"No recipients able to decrypt.", new AggregateException(exceptions));
}
}
/// <summary>
/// Encodes given json string to JWT token and applies requested encryption/compression algorithms.
/// Json string to encode will be obtained via configured IJsonMapper implementation.
/// </summary>
/// <param name="payload">json string to encode (not null or whitespace)</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <param name="alg">JWT algorithm to be used.</param>
/// <param name="enc">encryption algorithm to be used.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encode(string payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
byte[] plainText = Encoding.UTF8.GetBytes(payload);
return(EncodeBytes(plainText, key, alg, enc, compression, extraHeaders, settings));
}
/// <summary>
/// Encrypts given plaintext using JWE and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="plaintext">Binary data to encrypt (not null)</param>
/// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param>
/// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param>
/// <param name="aad">additional authentication data (SerializationMode.Json only)</param>
/// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraProtectedHeaders">optional extra headers to put in the protected header.</param>
/// <param name="unprotectedHeaders">optional unprotected headers</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encrypt(string plaintext, IEnumerable <JweRecipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Json, JweCompression?compression = null, IDictionary <string, object> extraProtectedHeaders = null, IDictionary <string, object> unprotectedHeaders = null, JwtSettings settings = null)
{
return(EncryptBytes(Encoding.UTF8.GetBytes(plaintext), recipients, enc, aad, mode, compression, extraProtectedHeaders, unprotectedHeaders, settings));
}
/// <summary>
/// Encodes given binary data to JWT token and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="payload">Binary data to encode (not null)</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <param name="alg">JWT algorithm to be used.</param>
/// <param name="enc">encryption algorithm to be used.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
return(JWE.EncryptBytes(payload, new JweRecipient[] { new JweRecipient(alg, key) }, enc, aad: null, SerializationMode.Compact, compression, extraHeaders, null, settings));
}
public static T Decode <T>(string token, object key, JweAlgorithm alg, JweEncryption enc)
{
return(JWT.jsMapper.Parse <T>(JWT.Decode(token, key, alg, enc)));
}
/// <summary>
/// Encrypt a RestSharp request payload.
/// </summary>
/// <param name="request">A RestSharp request object</param>
/// <param name="payload">The payload to be encrypted</param>
/// <returns>The encrypted payload</returns>
internal override string EncryptPayload(IRestRequest request, string payload)
{
return(JweEncryption.EncryptPayload(payload, _config));
}
public static string Encode(object payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null)
{
return(JWT.Encode(JsonConvert.SerializeObject(payload), key, alg, enc, compression, extraHeaders));
}
/// <summary>
/// Decrypt a RestSharp response payload
/// </summary>
/// <param name="response">A RestSharp response object</param>
/// <param name="encryptedPayload">The encrypted payload to be decrypted</param>
/// <returns>The decrypted payload</returns>
internal override string DecryptPayload(IRestResponse response, string encryptedPayload)
{
return(JweEncryption.DecryptPayload(encryptedPayload, _config));
}
public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null)
{
if (payload == null)
{
throw new ArgumentNullException("payload");
}
IKeyManagement item = JWT.KeyAlgorithms[alg];
IJweAlgorithm jweAlgorithm = JWT.EncAlgorithms[enc];
IDictionary <string, object> strs = new Dictionary <string, object>()
{
{ "alg", JWT.JweAlgorithms[alg] },
{ "enc", JWT.JweEncryptionMethods[enc] }
};
Dictionaries.Append <string, object>(strs, extraHeaders);
byte[][] numArray = item.WrapNewKey(jweAlgorithm.KeySize, key, strs);
byte[] numArray1 = numArray[0];
byte[] numArray2 = numArray[1];
if (compression.HasValue)
{
strs["zip"] = JWT.JweCompressionMethods[compression.Value];
payload = JWT.CompressionAlgorithms[compression.Value].Compress(payload);
}
byte[] bytes = Encoding.UTF8.GetBytes(JWT.jsMapper.Serialize(strs));
byte[] bytes1 = Encoding.UTF8.GetBytes(Compact.Serialize(new byte[][] { bytes }));
byte[][] numArray3 = jweAlgorithm.Encrypt(bytes1, payload, numArray1);
return(Compact.Serialize(new byte[][] { bytes, numArray2, numArray3[0], numArray3[1], numArray3[2] }));
}
/// <summary>
/// Encodes given binary data to JWT token and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="payload">Binary data to encode (not null)</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <param name="alg">JWT algorithm to be used.</param>
/// <param name="enc">encryption algorithm to be used.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
if (payload == null)
{
throw new ArgumentNullException(nameof(payload));
}
JwtSettings jwtSettings = GetSettings(settings);
IKeyManagement keys = jwtSettings.Jwa(alg);
IJweAlgorithm _enc = jwtSettings.Jwe(enc);
if (keys == null)
{
throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", alg));
}
if (_enc == null)
{
throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", enc));
}
IDictionary <string, object> jwtHeader = new Dictionary <string, object> {
{ "alg", jwtSettings.JwaHeaderValue(alg) }, { "enc", jwtSettings.JweHeaderValue(enc) }
};
Dictionaries.Append(jwtHeader, extraHeaders);
byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, key, jwtHeader);
byte[] cek = contentKeys[0];
byte[] encryptedCek = contentKeys[1];
if (compression.HasValue)
{
jwtHeader["zip"] = jwtSettings.CompressionHeader(compression.Value);
payload = jwtSettings.Compression(compression.Value).Compress(payload);
}
byte[] header = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader));
byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));
byte[][] encParts = _enc.Encrypt(aad, payload, cek);
return(Compact.Serialize(header, encryptedCek, encParts[0], encParts[1], encParts[2]));
}
/// <summary>
/// Serialize and encodes object to JWT token and applies requested encryption/compression algorithms.
/// </summary>
/// <param name="payload">json string to encode</param>
/// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
/// <param name="alg">JWT algorithm to be used.</param>
/// <param name="enc">encryption algorithm to be used.</param>
/// <param name="compression">optional compression type to use.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
public static string Encode(object payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
{
return(Encode(GetSettings(settings).JsonMapper.Serialize(payload), key, alg, enc, compression, extraHeaders, settings));
}
/// <summary>
/// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header.
/// Resulting json string is returned untouched (e.g. no parsing or mapping)
/// </summary>
/// <param name="token">JWT token in compact serialization form.</param>
/// <param name="key">key for decoding suitable for JWT algorithm used.</param>
/// <param name="alg">The algorithm type that we expect to receive in the header.</param>
/// <param name="enc">The encryption type that we expect to receive in the header.</param>
/// <param name="cek">The content encryption key derived during the decryption</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <returns>decoded json string</returns>
/// <exception cref="IntegrityException">if signature validation failed</exception>
/// <exception cref="EncryptionException">if JWT token can't be decrypted</exception>
/// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception>
public static string Decode(string token, object key, JweAlgorithm alg, JweEncryption enc, out byte[] cek, JwtSettings settings = null)
{
return(Decode(token, out cek, key, null, alg, enc, settings));
}
