private static JweToken ParseCompact(string jwe) { var parts = Compact.Iterate(jwe); var protectedHeaderBytes = parts.Next(); byte[] encryptedCek = parts.Next(); var iv = parts.Next(); var ciphertext = parts.Next(); var authTag = parts.Next(); var recipients = new List <JweRecipient>(); recipients.Add(new JweRecipient(encryptedCek, new Dictionary <string, object>())); return(new JweToken( protectedHeaderBytes: protectedHeaderBytes, unprotectedHeader: null, aad: null, recipients: recipients, iv: iv, ciphertext: ciphertext, authTag: authTag, encoding: SerializationMode.Compact)); }
private static byte[] securedInput(byte[] header, byte[] payload, bool b64) { return(b64 ? Encoding.UTF8.GetBytes(Compact.Serialize(header, payload)) : Arrays.Concat(Encoding.UTF8.GetBytes(Compact.Serialize(header)), Encoding.UTF8.GetBytes("."), payload)); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null, byte[] payload = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); var parts = Compact.Iterate(token); if (parts.Count == 5) //encrypted JWT { return(JWE.Decrypt(token, key, expectedJweAlg, expectedJweEnc, settings).PlaintextBytes); } else { //signed or plain JWT var jwtSettings = GetSettings(settings); byte[] header = parts.Next(); var headerData = jwtSettings.JsonMapper.Parse <IDictionary <string, object> >(Encoding.UTF8.GetString(header)); bool b64 = true; object value; if (headerData.TryGetValue("b64", out value)) { b64 = (bool)value; } byte[] contentPayload = parts.Next(b64); byte[] signature = parts.Next(); var effectivePayload = payload ?? contentPayload; var algorithm = (string)headerData["alg"]; var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm); if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm) { throw new InvalidAlgorithmException( "The algorithm type passed to the Decode method did not match the algorithm type in the header."); } var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm); if (jwsAlgorithmImpl == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } if (!jwsAlgorithmImpl.Verify(signature, securedInput(header, effectivePayload, b64), key)) { throw new IntegrityException("Invalid signature."); } return(effectivePayload); } }
private static byte[] DecryptBytes(Compact.Iterator parts, object key, JweAlgorithm?jweAlg, JweEncryption?jweEnc, JwtSettings settings = null) { byte[] header = parts.Next(); byte[] encryptedCek = parts.Next(); byte[] iv = parts.Next(); byte[] cipherText = parts.Next(); byte[] authTag = parts.Next(); JwtSettings jwtSettings = GetSettings(settings); IDictionary <string, object> jwtHeader = jwtSettings.JsonMapper.Parse <IDictionary <string, object> >(Encoding.UTF8.GetString(header)); JweAlgorithm headerAlg = jwtSettings.JwaAlgorithmFromHeader((string)jwtHeader["alg"]); JweEncryption headerEnc = jwtSettings.JweAlgorithmFromHeader((string)jwtHeader["enc"]); IKeyManagement keys = jwtSettings.Jwa(headerAlg); IJweAlgorithm enc = jwtSettings.Jwe(headerEnc); if (keys == null) { throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", headerAlg)); } if (enc == null) { throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc)); } if (jweAlg != null && (JweAlgorithm)jweAlg != headerAlg) { throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header."); } if (jweEnc != null && (JweEncryption)jweEnc != headerEnc) { throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header."); } byte[] cek = keys.Unwrap(encryptedCek, key, enc.KeySize, jwtHeader); byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header)); byte[] plainText = enc.Decrypt(aad, cek, iv, cipherText, authTag); if (jwtHeader.ContainsKey("zip")) { var compression = jwtSettings.Compression((string)jwtHeader["zip"]); plainText = compression.Decompress(plainText); } return(plainText); }
/// <summary> /// Encodes given binary data to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="options">additional encoding options</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } var jwtSettings = GetSettings(settings); var jwtOptions = options ?? JwtOptions.Default; var jwtHeader = new Dictionary <string, object> { { "alg", jwtSettings.JwsHeaderValue(algorithm) } }; if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } if (!jwtOptions.EncodePayload) { jwtHeader["b64"] = false; jwtHeader["crit"] = Collections.Union(new[] { "b64" }, Dictionaries.Get <object>(extraHeaders, "crit")); } Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader)); var jwsAlgorithm = jwtSettings.Jws(algorithm); if (jwsAlgorithm == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } byte[] signature = jwsAlgorithm.Sign(securedInput(headerBytes, payload, jwtOptions.EncodePayload), key); byte[] payloadBytes = jwtOptions.DetachPayload ? new byte[0] : payload; return(jwtOptions.EncodePayload ? Compact.Serialize(headerBytes, payloadBytes, signature) : Compact.Serialize(headerBytes, Encoding.UTF8.GetString(payloadBytes), signature)); }
/// <summary> /// Parses signed JWT token, extracts and returns payload part as binary data. /// This method is NOT supported for encrypted JWT tokens. /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <returns>unmarshalled payload</returns> /// <exception cref="JoseException">if encrypted JWT token is provided</exception> public static byte[] PayloadBytes(string token, bool b64 = true) { var parts = Compact.Iterate(token); if (parts.Count < 3) { throw new JoseException( "The given token doesn't follow JWT format and must contains at least three parts."); } if (parts.Count > 3) { throw new JoseException( "Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead."); } parts.Next(false); //skip header return(parts.Next(b64)); }
/// <summary> /// Encrypts given binary plaintext using JWE and applies requested encryption/compression algorithms. /// </summary> /// <param name="plaintext">Binary data to encrypt (not null)</param> /// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param> /// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param> /// <param name="aad">additional authentication data (SerializationMode.Json only)</param> /// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param> /// <param name="compression">optional compression type to use.</param> /// <param name="extraProtectedHeaders">optional extra headers to put in the protected header.</param> /// <param name="unprotectedHeaders">optional unprotected headers</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns> public static string EncryptBytes(byte[] plaintext, IEnumerable <JweRecipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Json, JweCompression?compression = null, IDictionary <string, object> extraProtectedHeaders = null, IDictionary <string, object> unprotectedHeaders = null, JwtSettings settings = null) { if (plaintext == null) { throw new ArgumentNullException(nameof(plaintext)); } settings = GetSettings(settings); IJweAlgorithm _enc = settings.Jwe(enc); if (_enc == null) { throw new JoseException(string.Format("Unsupported JWE enc requested: {0}", enc)); } //IDictionary<string, object> joseProtectedHeader = Dictionaries.MergeHeaders( // new Dictionary<string, object> { { "enc", settings.JweHeaderValue(enc) } }, // extraProtectedHeaders); IDictionary <string, object> joseProtectedHeader = Dictionaries.MergeHeaders(); byte[] cek = null; var recipientsOut = new List <JweRecipient>(); foreach (var recipient in recipients) { joseProtectedHeader = Dictionaries.MergeHeaders( new Dictionary <string, object> { { "alg", settings.JwaHeaderValue(recipient.Alg) } }, new Dictionary <string, object> { { "enc", settings.JweHeaderValue(enc) } }, extraProtectedHeaders); IKeyManagement keys = settings.Jwa(recipient.Alg); if (keys == null) { throw new JoseException(string.Format("Unsupported JWE alg requested: {0}", recipient.Alg)); } // joseHeader - is merge of headers // - key management will read from (e.g. enc,apv,apu - ECDH-ES) //// - key management will write to (e.g. iv, tag - AesGcmKW) IDictionary <string, object> joseHeader = Dictionaries.MergeHeaders( joseProtectedHeader, recipient.Header, unprotectedHeaders ); byte[] encryptedCek; if (cek == null) { byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, recipient.Key, joseHeader); cek = contentKeys[0]; encryptedCek = contentKeys[1]; } else { encryptedCek = keys.WrapKey(cek, recipient.Key, joseHeader); } // For the per-receipient header we want the headers from the result of IKeyManagements key wrapping but without the // shared headers IDictionary <string, object> recipientHeader = joseHeader .Where( kvp => !joseProtectedHeader.ContainsKey(kvp.Key) && (unprotectedHeaders == null || !unprotectedHeaders.ContainsKey(kvp.Key)) ) .ToDictionary(kvp => kvp.Key, kvp => kvp.Value); recipientsOut.Add(new JweRecipient(encryptedCek, recipientHeader)); } if (compression.HasValue) { joseProtectedHeader["zip"] = settings.CompressionHeader(compression.Value); plaintext = settings.Compression(compression.Value).Compress(plaintext); } switch (mode) { case SerializationMode.Compact: { if (recipientsOut.Count != 1) { throw new JoseException("Only one recipient is supported by the JWE Compact Serialization."); } if (aad != null) { throw new JoseException("JWE AAD value is not valid for JWE Compact Serialization."); } joseProtectedHeader = Dictionaries.MergeHeaders(recipientsOut[0].Header, joseProtectedHeader); byte[] header = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader)); aad = Encoding.UTF8.GetBytes(Compact.Serialize(header)); byte[][] encParts = _enc.Encrypt(aad, plaintext, cek); return(new JweToken( header, null, recipientsOut, null, encParts[0], encParts[1], encParts[2], mode) .AsString()); } case SerializationMode.Json: { var protectedHeaderBytes = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader)); byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeaderBytes)); byte[][] encParts = _enc.Encrypt(Aad(protectedHeaderBytes, aad), plaintext, cek); return(new JweToken( protectedHeaderBytes, unprotectedHeaders, recipientsOut, aad, encParts[0], encParts[1], encParts[2], mode) .AsString(settings.JsonMapper)); } default: throw new JoseException($"Unsupported serializtion mode: {mode}."); } }
/// <summary> /// Serialize token according to serialization mode /// </summary> public string AsString(IJsonMapper mapper = null) { if (Encoding == SerializationMode.Compact) { return(Compact.Serialize(ProtectedHeaderBytes, Recipients[0].EncryptedCek, Iv, Ciphertext, AuthTag)); } var json = new Dictionary <string, object>() { { "ciphertext", Base64Url.Encode(Ciphertext) }, { "protected", Base64Url.Encode(ProtectedHeaderBytes) }, { "iv", Base64Url.Encode(Iv) }, { "tag", Base64Url.Encode(AuthTag) } }; if (Aad != null) { json["aad"] = Base64Url.Encode(Aad); } if (UnprotectedHeader != null) { json["unprotected"] = UnprotectedHeader; } var recipientList = new List <object>(); foreach (var recipient in Recipients) { recipientList.Add( new Dictionary <string, object> { //{ "header", recipient.Header }, { "encrypted_key", Base64Url.Encode(recipient.EncryptedCek) } } ); } json["recipients"] = recipientList; #region commecnted actual code and added same patch as per modification response //if (Recipients.Count == 1) //{ // json["header"] = Recipients[0].Header; // json["encrypted_key"] = Base64Url.Encode(Recipients[0].EncryptedCek); //} //else //{ // var recipientList = new List<object>(); // foreach (var recipient in Recipients) // { // recipientList.Add( // new Dictionary<string, object> { // //{ "header", recipient.Header }, // { "encrypted_key", Base64Url.Encode(recipient.EncryptedCek) } // } // ); // } // json["recipients"] = recipientList; //} #endregion return(mapper.Serialize(json)); }
/// <summary> /// Parses JWT token, extracts and attempts to unmarshal headers to requested type /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <typeparam name="T">desired type after unmarshalling</typeparam> /// <returns>unmarshalled headers</returns> public static T Headers <T>(string token, JwtSettings settings = null) { var parts = Compact.Iterate(token); return(GetSettings(settings).JsonMapper.Parse <T>(Encoding.UTF8.GetString(parts.Next()))); }