private dynamic DecodeHeader(dynamic parts)
{
var header = parts[0];
var headerJson = Encoding.UTF8.GetString(JsonWebToken.Base64UrlDecode(header));
dynamic headerObj = JsonConvert.DeserializeObject(headerJson);
return headerObj;
}
private OwrJsonWebTokenPayload DecodePayload(string token)
{
if (String.IsNullOrWhiteSpace(token)) throw new ArgumentNullException(Parameters.Token);
var parts = token.Split(Delimiters.Dot);
if (parts.Length != 3)
{
throw new FormatException("Token must consist from 3 delimited by dot parts");
}
var payLoad = parts[1];
var payLoadJson = Encoding.UTF8.GetString(JsonWebToken.Base64UrlDecode(payLoad));
OwrJsonWebTokenPayload payload = JsonConvert.DeserializeObject<OwrJsonWebTokenPayload>(payLoadJson);
return payload;
}
public override void ValidateSignature(JsonWebTokenRequest jsonWebTokenRequest)
{
try
{
//guard clause
if (jsonWebTokenRequest == null)
{
throw new ArgumentNullException(Constants.Parameters.JsonWebTokenRequest);
}
if (jsonWebTokenRequest.Token == null)
{
throw new ArgumentNullException(Constants.Parameters.JsonWebTokenRequestToken);
}
var tokenParts = jsonWebTokenRequest.Token.Split(Constants.Delimiters.Dot);
//get the decoded signature from the request
var crypto = JsonWebToken.Base64UrlDecode(tokenParts[2]);
var decodedCrypto = Convert.ToBase64String(crypto);
//Recreating the signature from the JWT request header and payload
var header = tokenParts[0];
var payload = tokenParts[1];
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(header, Constants.Delimiters.Dot, payload));
byte[] signatureData;
var key = ConfigurationService.GetSecretKey();
using (var sha = new HMACSHA256(Encoding.UTF8.GetBytes(key)))
{
signatureData = sha.ComputeHash(bytesToSign);
}
var decodedSignature = Convert.ToBase64String(signatureData);
//compare signatures
if (decodedCrypto == decodedSignature)
{
jsonWebTokenRequest.SignatureValid = true;
}
else
{
jsonWebTokenRequest.SignatureValid = false;
}
}
catch (Exception ex)
{
jsonWebTokenRequest.Errors.Add(new JsonWebTokenRequestError(ex.Message, ex.StackTrace));
jsonWebTokenRequest.Errors.Add(new JsonWebTokenRequestError(Constants.Messages.SignatureValidationUnhandledError));
}
}
public virtual void ValidateSignatureFor(JsonWebTokenRequest jsonWebTokenRequest, string fileName)
{
try
{
//guard clause
if (jsonWebTokenRequest == null)
{
throw new ArgumentNullException(Constants.Parameters.JsonWebTokenRequest);
}
if (jsonWebTokenRequest.Token == null)
{
throw new ArgumentNullException(Constants.Parameters.JsonWebTokenRequestToken);
}
if (string.IsNullOrWhiteSpace(fileName))
{
throw new ArgumentNullException("Public key file name is not provided.");
}
var tokenParts = jsonWebTokenRequest.Token.Split(Constants.Delimiters.Dot);
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
var publicKeyXml = ConfigurationService.GetPublicKey(fileName);
rsa.FromXmlString(publicKeyXml);
using (SHA256 sha256 = SHA256.Create())
{
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(tokenParts[0] + '.' + tokenParts[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (!rsaDeformatter.VerifySignature(hash, JsonWebToken.Base64UrlDecode(tokenParts[2])))
{
Trace.TraceWarning("public key:{0}, token signature:{1}", publicKeyXml, tokenParts[2]);
jsonWebTokenRequest.SignatureValid = false;
}
else
{
jsonWebTokenRequest.SignatureValid = true;
}
}
}
}
catch (Exception ex)
{
jsonWebTokenRequest.Errors.Add(new JsonWebTokenRequestError(ex.Message, ex.StackTrace));
jsonWebTokenRequest.Errors.Add(new JsonWebTokenRequestError(Constants.Messages.SignatureValidationUnhandledError));
}
}
/// <summary>
/// decode the payload of the JWT Token
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="token"></param>
/// <returns></returns>
public T DecodePayloadToObject <T>(string token)
{
//guard clause
if (string.IsNullOrWhiteSpace(token))
{
throw new ArgumentNullException(Constants.Parameters.Token);
}
var parts = token.Split(Constants.Delimiters.Dot);
if (parts.Length != 3)
{
throw new FormatException(Constants.Messages.TokenFormatError);
}
var payLoad = parts[1];
var payLoadJson = Encoding.UTF8.GetString(JsonWebToken.Base64UrlDecode(payLoad));
return(JsonConvert.DeserializeObject <T>(payLoadJson));
}
/// <summary>
/// decode the header of the JWT Token
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="token"></param>
/// <returns></returns>
public T DecodeHeaderToObject <T>(string token)
{
//guard clause
if (string.IsNullOrWhiteSpace(token))
{
throw new ArgumentNullException(Constants.Parameters.Token);
}
var parts = token.Split(Constants.Delimiters.Dot);
if (parts.Length != 3)
{
throw new FormatException(Constants.Messages.TokenFormatError);
}
var header = parts[0];
Trace.TraceInformation($"header:{header}");
var headerJson = Encoding.UTF8.GetString(JsonWebToken.Base64UrlDecode(header));
return(JsonConvert.DeserializeObject <T>(headerJson));
}
