/// <inheritdoc/>
public bool TryGetHeader(JwtHeader header, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, JsonEncodedText kid, string?typ, string?cty, [NotNullWhen(true)] out byte[]?base64UrlHeader)
{
if (ReferenceEquals(_firstHeader.Header, header))
{
base64UrlHeader = _firstHeader.BinaryHeader;
goto Found;
}
if (IsEligibleHeaderForJwe(header.Count, kid, typ, cty))
{
int algorithmId = enc.ComputeKey(alg);
var node = _head;
while (node != null)
{
if (algorithmId == node.AlgorithmId)
{
if (node.TryGetEntry(kid, out var entry))
{
if (cty != entry.Cty)
{
goto NotFound;
}
if (typ != entry.Typ)
{
goto NotFound;
}
base64UrlHeader = entry.Data;
if (node != _head)
{
MoveToHead(node);
}
goto Found;
}
}
node = node.Next;
}
}
NotFound:
#if NET5_0_OR_GREATER
Unsafe.SkipInit(out base64UrlHeader);
#else
base64UrlHeader = default;
#endif
return(false);
Found:
return(true);
}
/// <summary>
/// Creates a new instance of <see cref="Jwt"/>.
/// </summary>
/// <param name="header"></param>
/// <param name="payload"></param>
/// <param name="signingKey"></param>
public static Jwt Create(JwtHeader header, JwtPayload payload, Jwk?signingKey)
{
if (header is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
if (payload is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.payload);
}
return(new Jwt(header, payload, signingKey));
}
/// <inheritsdoc />
public override Jwk[] GetKeys(JwtHeader header)
{
if (header is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
if (header.Jku is null)
{
return(Array.Empty <Jwk>());
}
return(GetKeys(header, header.Jku));
}
/// <inheritsdoc />
public override Jwk[] GetKeys(JwtHeader header)
{
if (header is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
if (header.X5u is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
return(GetKeys(header, header.X5u));
}
/// <summary>Try to get the header.</summary>
/// <param name="header"></param>
/// <param name="alg"></param>
/// <param name="kid"></param>
/// <param name="typ"></param>
/// <param name="base64UrlHeader"></param>
/// <returns></returns>
public bool TryGetHeader(JwtHeader header, SignatureAlgorithm alg, JsonEncodedText kid, string?typ, [NotNullWhen(true)] out byte[]?base64UrlHeader)
{
if (ReferenceEquals(_firstHeader.Header, header))
{
base64UrlHeader = _firstHeader.BinaryHeader;
goto Found;
}
if (IsEligibleHeaderForJws(header.Count, kid, typ))
{
int algorithmId = (int)alg.Id;
var node = _head;
while (node != null)
{
if (algorithmId == node.AlgorithmId)
{
if (node.TryGetEntry(kid, out var entry))
{
if (typ != entry.Typ)
{
goto NotFound;
}
base64UrlHeader = entry.Data;
if (node != _head)
{
MoveToHead(node);
}
goto Found;
}
}
node = node.Next;
}
}
NotFound:
base64UrlHeader = null;
return(false);
Found:
return(true);
}
/// <inheritsdoc />
protected Jwk[] GetKeys(JwtHeader header, string metadataAddress)
{
if (_disposed)
{
ThrowHelper.ThrowObjectDisposedException(GetType());
}
var kid = header.Kid;
var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
if (_currentKeys != null && _syncAfter > now)
{
return(_currentKeys.GetKeys(kid));
}
if (_syncAfter <= now)
{
_refreshLock.Wait();
try
{
var value = _documentRetriever.GetDocument(metadataAddress, CancellationToken.None);
_currentKeys = Jwks.FromJson(value);
_syncAfter = now + AutomaticRefreshInterval;
}
catch
{
_syncAfter = now + (AutomaticRefreshInterval < RefreshInterval ? AutomaticRefreshInterval : RefreshInterval);
throw;
}
finally
{
_refreshLock.Release();
}
}
if (_currentKeys != null)
{
return(_currentKeys.GetKeys(kid));
}
ThrowHelper.ThrowInvalidOperationException_UnableToObtainKeysException(metadataAddress);
return(Array.Empty <Jwk>());
}
/// <summary>
/// Creates a new instance of <see cref="Jwt"/>.
/// </summary>
/// <param name="header"></param>
/// <param name="data"></param>
/// <param name="encryptionKey"></param>
public static Jwt Create(JwtHeader header, byte[] data, Jwk encryptionKey)
{
if (header is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
if (data is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.data);
}
if (encryptionKey is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.encryptionKey);
}
return(new Jwt(header, data, encryptionKey));
}
/// <summary>
/// Creates a new instance of <see cref="Jwt"/>.
/// </summary>
/// <param name="header"></param>
/// <param name="nestedToken"></param>
/// <param name="encryptionKey"></param>
public static Jwt Create(JwtHeader header, Jwt nestedToken, Jwk encryptionKey)
{
if (header is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
if (nestedToken is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.nestedToken);
}
if (encryptionKey is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.encryptionKey);
}
return(new Jwt(header, nestedToken, encryptionKey));
}
/// <summary>
/// Adds the <see cref="JwtHeader"/> to the cache.
/// </summary>
/// <param name="rawHeader"></param>
/// <param name="header"></param>
public void AddHeader(ReadOnlySpan <byte> rawHeader, JwtHeader header)
{
bool lockTaken = false;
try
{
_spinLock.Enter(ref lockTaken);
var node = new Node(rawHeader.ToArray(), header, _head);
if (_count >= MaxSize)
{
RemoveLeastRecentlyUsed();
}
else
{
_count++;
}
if (_head != null)
{
_head.Previous = node;
}
_head = node;
if (_tail is null)
{
_tail = node;
}
}
finally
{
if (lockTaken)
{
_spinLock.Exit();
}
}
}
public bool TryGetHeader(JwtHeader header, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, JsonEncodedText kid, string?typ, string?cty, [NotNullWhen(true)] out byte[]?base64UrlHeader)
{
base64UrlHeader = null;
return(false);
}
public void AddHeader(JwtHeader header, SignatureAlgorithm alg, JsonEncodedText kid, string?typ, ReadOnlySpan <byte> base6UrlHeader)
{
}
public void AddHeader(JwtHeader header, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, JsonEncodedText kid, string?typ, string?cty, ReadOnlySpan <byte> base64UrlHeader)
{
_jweCache.AddHeader(header, alg, enc, kid, typ, cty, base64UrlHeader);
}
/// <inheritsdoc /> public abstract Jwk[] GetKeys(JwtHeader header);
public static Jwt Create(JwtHeader header, JwtPayload payload, Jwk?signingKey) => throw new NotImplementedException();
/// <summary>Initializes a new instance of <see cref="JwtDescriptor"/>.</summary>
protected JwtDescriptor()
{
_header = new JwtHeader();
}
/// <summary>Adds a base64-url encoded header to the cache.</summary>
/// <param name="header"></param>
/// <param name="alg"></param>
/// <param name="kid"></param>
/// <param name="typ"></param>
/// <param name="base6UrlHeader"></param>
public void AddHeader(JwtHeader header, SignatureAlgorithm alg, JsonEncodedText kid, string?typ, ReadOnlySpan <byte> base6UrlHeader)
{
_firstHeader = new WrappedHeader(header, base6UrlHeader.ToArray());
if (IsEligibleHeaderForJws(header.Count, kid, typ))
{
int algorithmId = (int)alg.Id;
bool lockTaken = false;
try
{
_spinLock.Enter(ref lockTaken);
if (_count >= MaxSize)
{
Clear();
}
var node = _head;
while (node != null)
{
if (algorithmId == node.AlgorithmId)
{
break;
}
node = node.Next;
}
var key = alg.Id;
if (node is null)
{
_count++;
node = new Bucket(algorithmId, kid, new CacheEntry(base6UrlHeader.ToArray(), typ))
{
Next = _head
};
}
else
{
if (!node.Entries.ContainsKey(kid))
{
_count++;
node.Entries[kid] = new CacheEntry(base6UrlHeader.ToArray(), typ);
}
}
if (!ReferenceEquals(_head, node))
{
if (_head != null)
{
_head.Previous = node;
}
_head = node;
}
if (_tail is null)
{
_tail = node;
}
}
finally
{
if (lockTaken)
{
_spinLock.Exit();
}
}
}
}
public static Jwt Create(JwtHeader header, Jwt nestedToken, Jwk encryptionKey) => throw new NotImplementedException();
public bool TryGetHeader(JwtHeader header, SignatureAlgorithm alg, JsonEncodedText kid, string?typ, [NotNullWhen(true)] out byte[]?base64UrlHeader)
{
return(_jwsCache.TryGetHeader(header, alg, kid, typ, out base64UrlHeader));
}
/// <inheritsdoc />
public override Jwk[] GetKeys(JwtHeader header)
{
return(GetKeys(header, _jwksAddress));
}
/// <summary> /// Try to validate the token signature. /// </summary> /// <param name="header"></param> /// <param name="contentBytes"></param> /// <param name="signatureSegment"></param> /// <returns></returns> public abstract SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment);
public override SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment)
{
return(SignatureValidationResult.Success());
}
public override SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment)
{
return((contentBytes.Length == 0 && signatureSegment.Length == 0) || (signatureSegment.IsEmpty && header.SignatureAlgorithm == SignatureAlgorithm.None)
? SignatureValidationResult.Success()
: SignatureValidationResult.InvalidSignature());
}
public void AddHeader(JwtHeader header, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, JsonEncodedText kid, string?typ, string?cty, ReadOnlySpan <byte> base6UrlHeader)
{
}
public void AddHeader(JwtHeader header, SignatureAlgorithm alg, JsonEncodedText kid, string?typ, ReadOnlySpan <byte> base64UrlHeader)
{
_jwsCache.AddHeader(header, alg, kid, typ, base64UrlHeader);
}
public bool TryGetHeader(JwtHeader header, SignatureAlgorithm alg, JsonEncodedText kid, string?typ, [NotNullWhen(true)] out byte[]?base64UrlHeader)
{
base64UrlHeader = null;
return(false);
}
public WrappedHeader(JwtHeader header, byte[] binaryHeader)
{
Header = header;
BinaryHeader = binaryHeader;
}
public static Jwt Create(JwtHeader header, byte[] data, Jwk encryptionKey) => throw new NotImplementedException();
public bool TryGetHeader(JwtHeader header, KeyManagementAlgorithm alg, EncryptionAlgorithm enc, JsonEncodedText kid, string?typ, string?cty, [NotNullWhen(true)] out byte[]?base64UrlHeader)
{
return(_jweCache.TryGetHeader(header, alg, enc, kid, typ, cty, out base64UrlHeader));
}
/// <summary>
/// Try to validate the token signature.
/// </summary>
/// <param name="header"></param>
/// <param name="contentBytes"></param>
/// <param name="signatureSegment"></param>
/// <returns></returns>
public SignatureValidationResult TryValidateSignature(JwtHeader header, ReadOnlySpan <byte> contentBytes, ReadOnlySpan <byte> signatureSegment)
{
return(SignatureValidationPolicy.TryValidateSignature(header, contentBytes, signatureSegment));
}
/// <summary> /// Unwrap a key. /// </summary> /// <param name="keyBytes">key to unwrap.</param> /// <param name="destination"></param> /// <param name="header"></param> /// <param name="bytesWritten"></param> /// <returns>Unwrapped key.</returns> public abstract bool TryUnwrapKey(ReadOnlySpan <byte> keyBytes, Span <byte> destination, JwtHeader header, out int bytesWritten);
