public JwtSecurityToken ReadJWTRSA(string serializedJWT, string publicRSAKeyContents, string algorithm, TokenValidationParameters validationParameters)
{
var securityHandler = new JwtSecurityTokenHandler();
var rsa = RSA.Create();
Nullable <RSAParameters> rsaParameters = new PEMCryptoService().GetRSAProviderFromRSAKeyContents(publicRSAKeyContents);
if (rsaParameters != null)
{
rsa.ImportParameters(rsaParameters.Value);
var securityKey = new Microsoft.IdentityModel.Tokens.RsaSecurityKey(rsaParameters.Value);
var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, algorithm);
validationParameters.IssuerSigningKey = credentials.Key;
SecurityToken validatedToken;
try {
securityHandler.ValidateToken(serializedJWT, validationParameters, out validatedToken);
if (validatedToken == null)
{
throw new Exception("Validation of signature failed! Don't trust these data!");
}
return(securityHandler.ReadJwtToken(serializedJWT));
}
catch (SecurityTokenInvalidSignatureException) {
throw new Exception("Validation of signature failed! Don't trust these data!");
}
}
return(null);
}
public string Decrypt(string encryptedMessageBase64, string privateRSAKeyCotents)
{
using (var rsa = RSA.Create()) {
Nullable <RSAParameters> rsaParameters = new PEMCryptoService().GetRSAProviderFromRSAKeyContents(privateRSAKeyCotents);
if (rsaParameters != null)
{
rsa.ImportParameters(rsaParameters.Value);
var encryptedMessageBytes = Convert.FromBase64String(encryptedMessageBase64);
//var decrypted = rsa.Decrypt (encryptedMessageBytes, RSAEncryptionPadding.OaepSHA256);
var decrypted = rsa.Decrypt(encryptedMessageBytes, RSAEncryptionPadding.Pkcs1);
return(Encoding.UTF8.GetString(decrypted));
}
}
return(null);
}
public string Encrypt(string message, string publicRSAKeyContents)
{
byte[] encryptedMessageBytes = null;
using (var rsa = RSA.Create()) {
Nullable <RSAParameters> rsaParameters = new PEMCryptoService().GetRSAProviderFromRSAKeyContents(publicRSAKeyContents);
if (rsaParameters != null)
{
rsa.ImportParameters(rsaParameters.Value);
encryptedMessageBytes = rsa.Encrypt(Encoding.UTF8.GetBytes(message), RSAEncryptionPadding.Pkcs1);
//encryptedMessageBytes = rsa.Encrypt(Encoding.UTF8.GetBytes(message), RSAEncryptionPadding.OaepSHA256);
return(Convert.ToBase64String(encryptedMessageBytes));
}
}
return(null);
}
public JwtSecurityToken GenerateJWTFromRSA(JwtPayload payload, string privateRSAKeyContents, string algorithm)
{
var rsa = RSA.Create();
Nullable <RSAParameters> rsaParameters = new PEMCryptoService().GetRSAProviderFromRSAKeyContents(privateRSAKeyContents);
if (rsaParameters != null)
{
rsa.ImportParameters(rsaParameters.Value);
var securityKey = new Microsoft.IdentityModel.Tokens.RsaSecurityKey(rsaParameters.Value);
var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, algorithm);
var JWTHeader = new JwtHeader(credentials);
var token = new JwtSecurityToken(JWTHeader, payload);
return(token);
}
return(null);
}