public void Wrap_Rfc7518_Appendix_C()
{
var salt = new byte[16] {
217, 96, 147, 112, 150, 117, 70, 247, 127, 8, 155, 137, 174, 42, 80, 215
};
var staticKey = new byte[] { 111, 27, 25, 52, 66, 29, 20, 78, 92, 176, 56, 240, 65, 208, 82, 112, 161, 131, 36, 55, 202, 236, 185, 172, 129, 23, 153, 194, 195, 48, 253, 182 };
var expectedEncryptedKey = new byte[] { 78, 186, 151, 59, 11, 141, 81, 240, 213, 245, 83, 211, 53, 188, 134, 188, 66, 125, 36, 200, 222, 124, 5, 103, 249, 52, 117, 184, 140, 81, 246, 158, 161, 177, 20, 33, 245, 57, 59, 4 };
var kwp = new Pbes2KeyWrapper(
PasswordBasedJwk.FromPassphrase(_password),
EncryptionAlgorithm.A128CbcHS256,
KeyManagementAlgorithm.Pbes2HS256A128KW,
4096,
(uint)salt.Length,
new StubSaltGenerator(salt));
var header = new JwtHeader
{
{ JwtHeaderParameterNames.Alg, KeyManagementAlgorithm.Pbes2HS256A128KW.Name },
{ JwtHeaderParameterNames.Enc, EncryptionAlgorithm.A128CbcHS256.Name }
};
var destination = new byte[kwp.GetKeyWrapSize()];
var cek = kwp.WrapKey(SymmetricJwk.FromByteArray(staticKey), header, destination);
Assert.Equal(expectedEncryptedKey, destination);
Assert.True(header.TryGetValue("p2s", out var jwtMember));
Assert.Equal("2WCTcJZ1Rvd_CJuJripQ1w", (string)jwtMember.Value);
Assert.True(header.TryGetValue("p2c", out jwtMember));
Assert.Equal(4096u, (uint)jwtMember.Value);
}
public void Unwrap2()
{
var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.A128CbcHS256, KeyManagementAlgorithm.EcdhEsA128KW);
byte[] wrappedKey = new byte[kwp.GetKeyWrapSize()];
var header = new JwtHeader
{
{ JwtHeaderParameterNames.Apu, Utf8.GetString(Base64Url.Encode("Alice")) },
{ JwtHeaderParameterNames.Apv, Utf8.GetString(Base64Url.Encode("Bob")) }
};
kwp.WrapKey(_aliceKey, header, wrappedKey);
var kuwp = new EcdhKeyUnwrapper(_bobKey, EncryptionAlgorithm.A128CbcHS256, KeyManagementAlgorithm.EcdhEsA128KW);
var apu = Encoding.UTF8.GetString(Base64Url.Encode("Alice"));;
var apv = Encoding.UTF8.GetString(Base64Url.Encode("Bob"));
header.TryGetValue(JwtHeaderParameterNames.Epk, out var epkElement);
var epk = (Jwk)epkElement.Value;
var parsed = JwtHeaderDocument.TryParseHeader(Encoding.UTF8.GetBytes($"{{\"apu\":\"{apu}\",\"apv\":\"{apv}\",\"epk\":{epk}}}"), null, TokenValidationPolicy.NoValidation, out var jwtHeader, out var error);
Assert.True(parsed);
byte[] unwrappedKey = new byte[kuwp.GetKeyUnwrapSize(wrappedKey.Length)];
var unwrapped = kuwp.TryUnwrapKey(wrappedKey, unwrappedKey, jwtHeader, out int bytesWritten);
Assert.True(unwrapped);
}
private static JsonEncodedText GetPartyInfo(JwtHeader header, JsonEncodedText name)
{
if (header.TryGetValue(name, out var token))
{
if (token.Type == JwtValueKind.String)
{
return(JsonEncodedText.Encode((string)token.Value));
}
else
{
return((JsonEncodedText)token.Value !);
}
}
return(default);
public string ReadJwtTokenClaims(string bearerToken, JwtSelector extractor = JwtSelector.EMAIL)
{
string pattern = @"([A-Za-z0-9-_]+)";
Regex rgx = new Regex(pattern, RegexOptions.IgnoreCase);
MatchCollection matches = rgx.Matches(bearerToken);
string payload;
if (matches.Count != 4)
{
return(null);
}
payload = matches[2].Value;
JwtHeader jwt = JwtHeader.Base64UrlDeserialize(payload);
object valueObject;
switch (extractor)
{
case (JwtSelector.EMAIL):
jwt.TryGetValue("email", out valueObject);
break;
case (JwtSelector.ALG):
jwt.TryGetValue("alg", out valueObject);
break;
case (JwtSelector.AUD):
jwt.TryGetValue("aud", out valueObject);
break;
case (JwtSelector.EXP):
jwt.TryGetValue("exp", out valueObject);
break;
case (JwtSelector.GIVEN_NAME):
jwt.TryGetValue("given_name", out valueObject);
break;
case (JwtSelector.ISS):
jwt.TryGetValue("iss", out valueObject);
break;
case (JwtSelector.JTI):
jwt.TryGetValue("jti", out valueObject);
break;
case (JwtSelector.NBF):
jwt.TryGetValue("nbf", out valueObject);
break;
case (JwtSelector.SUB):
jwt.TryGetValue("sub", out valueObject);
break;
case (JwtSelector.TYP):
jwt.TryGetValue("typ", out valueObject);
break;
default:
jwt.TryGetValue("email", out valueObject);
break;
}
return((string)valueObject);
}