public string DoCreate(string algorithm, PrivateClaims privateClaims, JWTOptions options) { this.error.cleanError(); if (options.HasError()) { this.error = options.GetError(); return(""); } JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm(algorithm, this.error); if (this.HasError()) { return(""); } if (this.HasError()) { return(""); } /***Hack to support 1024 RSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS256"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS512"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["RS384"] = 1024; /***Hack to support 1024 RSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForSigningMap["ES384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ JwtPayload payload = doBuildPayload(privateClaims, options); SecurityKey genericKey = null; if (JWTAlgorithmUtils.isPrivate(alg)) { PrivateKeyManager key = options.GetPrivateKey(); if (key.HasError()) { this.error = key.GetError(); return(""); } if (SecurityUtils.compareStrings(key.getPrivateKeyAlgorithm(), "RSA")) { try { genericKey = new RsaSecurityKey((RSA)key.getPrivateKeyForJWT()); }catch (Exception) { this.error = key.GetError(); return(""); } } else if (SecurityUtils.compareStrings(key.getPrivateKeyAlgorithm(), "ECDSA")) { try { genericKey = new ECDsaSecurityKey((ECDsa)key.getPrivateKeyForJWT()); } catch (Exception) { this.error = key.GetError(); return(""); } } else { this.error.setError("JW012", "Not recognized key algorithm"); return(""); } if (genericKey == null) { this.error = key.GetError(); return(""); } } else { SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret()); genericKey = symKey; } SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error); if (this.HasError()) { return(""); } string signedJwt = ""; try { JwtHeader header = new JwtHeader(signingCredentials); if (!options.GetHeaderParameters().IsEmpty()) { AddHeaderParameters(header, options); } JwtSecurityToken secToken = new JwtSecurityToken(header, payload); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); signedJwt = handler.WriteToken(secToken); } catch (Exception e) { this.error.setError("JW003", "key size: " + /*genericKey.KeySize.ToString()*/ e.Message + e.StackTrace); return(""); } return(signedJwt); }
private bool DoVerify(string token, string expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options, bool verifyClaims, bool verifyRegClaims) { this.error.cleanError(); if (options.HasError()) { this.error = options.GetError(); return(false); } JWTAlgorithm expectedJWTAlgorithm = JWTAlgorithmUtils.getJWTAlgorithm(expectedAlgorithm, this.error); if (this.HasError()) { return(false); } /***Hack to support 1024 RSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS256"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS512"] = 1024; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["RS384"] = 1024; /***Hack to support 1024 RSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["EcdsaSha384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ /***Hack to support 192 ECDSA key lengths - BEGIN***/ AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES256"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES512"] = 112; AsymmetricSignatureProvider.DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap["ES384"] = 112; /***Hack to support 192 ECDSA key lengths - END***/ JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken jwtToken = new JwtSecurityToken(token); if (isRevoqued(jwtToken, options)) { return(false); } if (verifyRegClaims) { if (!validateRegisteredClaims(jwtToken, options)) { return(false); } } if (verifyClaims) { if (!verifyPrivateClaims(jwtToken, privateClaims, options) || !VerifyHeader(jwtToken, options)) { return(false); } } //if validates all registered claims and it is not on revocation list TokenValidationParameters parms = new TokenValidationParameters(); parms.ValidateLifetime = false; parms.ValidateAudience = false; parms.ValidateIssuer = false; parms.ValidateActor = false; JWTAlgorithm alg = JWTAlgorithmUtils.getJWTAlgorithm_forVerification(jwtToken.Header.Alg, this.error); if (this.HasError()) { return(false); } if (JWTAlgorithmUtils.getJWTAlgorithm(jwtToken.Header.Alg, this.error) != expectedJWTAlgorithm || this.HasError()) { this.error.setError("JW008", "Expected algorithm does not match token algorithm"); return(false); } SecurityKey genericKey = null; if (JWTAlgorithmUtils.isPrivate(alg)) { CertificateX509 cert = options.GetCertificate(); if (cert.HasError()) { this.error = cert.GetError(); return(false); } if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "RSA")) { try { genericKey = new RsaSecurityKey((RSA)cert.getPublicKeyJWT()); } catch (Exception) { this.error = cert.GetError(); return(false); } } else if (SecurityUtils.compareStrings(cert.getPublicKeyAlgorithm(), "ECDSA")) { try { genericKey = new ECDsaSecurityKey((ECDsa)cert.getPublicKeyJWT()); } catch (Exception) { this.error = cert.GetError(); return(false); } } else { this.error.setError("JW013", "Not recognized key algorithm"); return(false); } } else { SymmetricSecurityKey symKey = new SymmetricSecurityKey(options.getSecret()); genericKey = symKey; } genericKey.KeyId = "256"; SigningCredentials signingCredentials = JWTAlgorithmUtils.getSigningCredentials(alg, genericKey, this.error); parms.IssuerSigningKey = genericKey; SecurityToken validatedToken; try { handler.ValidateToken(token, parms, out validatedToken); } catch (Exception e) { this.error.setError("JW004", e.Message); return(false); } return(true); }