/// <inheritdoc />
/// <exception cref="ArgumentException" />
/// <exception cref="ArgumentNullException" />
/// <exception cref="ArgumentOutOfRangeException" />
/// <exception cref="FormatException" />
public string Decode(string token)
{
var payload = new JwtParts(token).Payload;
var decoded = _urlEncoder.Decode(payload);
return(GetString(decoded));
}
/// <summary>
/// Prepares data before calling <see cref="IJwtValidator.Validate" />
/// </summary>
/// <param name="jwt">The JWT parts</param>
/// <param name="keys">The keys provided which one of them was used to sign the JWT</param>
/// <exception cref="ArgumentNullException" />
/// <exception cref="ArgumentOutOfRangeException" />
/// <exception cref="FormatException" />
public void Validate(JwtParts jwt, params byte[][] keys)
{
if (jwt is null)
{
throw new ArgumentNullException(nameof(jwt));
}
if (keys is null)
{
throw new ArgumentNullException(nameof(keys));
}
if (keys.Length == 0 || !AllKeysHaveValues(keys))
{
throw new ArgumentOutOfRangeException(nameof(keys));
}
var crypto = _urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var headerJson = GetString(_urlEncoder.Decode(jwt.Header));
var headerData = _jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson);
var payload = jwt.Payload;
var payloadJson = GetString(_urlEncoder.Decode(payload));
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", payload));
var algName = (string)headerData["alg"];
var alg = _algFactory.Create(algName);
var decodedSignatures = keys.Select(key => alg.Sign(key, bytesToSign))
.Select(sd => Convert.ToBase64String(sd))
.ToArray();
_jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignatures);
}
/// <summary>
/// 验证token完整性和时效性
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
internal static bool VerifyToken(this string token, string secret, out Exception ex)
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(token);
var payloadJson = urlEncoder.Decode(jwt.Payload).ToString(Encoding.UTF8);
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = crypto.ToBase64String();
var alg = new HMACSHA256Algorithm();
var bytesToSign = String.Concat(jwt.Header, ".", jwt.Payload).ToBytes(Encoding.UTF8);
var signatureData = alg.Sign(secret.ToBytes(Encoding.UTF8), bytesToSign);
var decodedSignature = signatureData.ToBase64String();
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
return(jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out ex));
}
/// <inheritdoc />
/// <exception cref="ArgumentException" />
/// <exception cref="ArgumentNullException" />
/// <exception cref="ArgumentOutOfRangeException" />
/// <exception cref="FormatException" />
public string Decode(string token, byte[][] keys, bool verify)
{
if (String.IsNullOrWhiteSpace(token))
{
throw new ArgumentException(nameof(token));
}
if (keys is null)
{
throw new ArgumentNullException(nameof(keys));
}
if (keys.Length == 0 || !AllKeysHaveValues(keys))
{
throw new ArgumentOutOfRangeException(nameof(keys));
}
var jwt = new JwtParts(token);
if (verify)
{
Validate(jwt, keys);
}
return(Decode(jwt));
}
/// <inheritdoc />
/// <exception cref="ArgumentException" />
/// <exception cref="ArgumentNullException" />
/// <exception cref="ArgumentOutOfRangeException" />
/// <exception cref="FormatException" />
public string Decode(JwtParts jwt)
{
var decoded = _urlEncoder.Decode(jwt.Payload);
return(GetString(decoded));
}