internal static SignedToken <TJwsHeader, TJwsPayload> FromSignedToken(string signedToken) { // The first one throws ArgumentNullException and the second one ArgumenException. // Just calling ThrowIfNullOrEmpty would then be breaking, and there's actually a test // that breaks. signedToken.ThrowIfNull(nameof(signedToken)); signedToken.ThrowIfNullOrEmpty(nameof(signedToken)); var parts = signedToken.Split('.'); if (parts.Length != 3) { throw new InvalidJwtException($"JWT must consist of Header, Payload, and Signature"); } var encodedHeader = parts[0]; var encodedPayload = parts[1]; // Decode the three parts of the JWT: header.payload.signature var headerValue = NewtonsoftJsonSerializer.Instance.Deserialize <TJwsHeader>(TokenEncodingHelpers.Base64UrlToString(encodedHeader)); var payloadValue = NewtonsoftJsonSerializer.Instance.Deserialize <TJwsPayload>(TokenEncodingHelpers.Base64UrlToString(encodedPayload)); var signature = TokenEncodingHelpers.Base64UrlDecode(parts[2]); return(new SignedToken <TJwsHeader, TJwsPayload>(encodedHeader, encodedPayload, headerValue, payloadValue, signature)); }
static RSA FromKeyToRsa(JToken key) { var rsa = RSA.Create(); rsa.ImportParameters(new RSAParameters { Modulus = TokenEncodingHelpers.Base64UrlDecode((string)key["n"]), Exponent = TokenEncodingHelpers.Base64UrlDecode((string)key["e"]), }); return(rsa); }
static ECDsa FromKeyToECDsa(JToken key) { if ((string)key["kty"] != "EC" && (string)key["crv"] != "P-256") { throw new ArgumentException( $"For ES256 verification only certificates with kty='EC' and crv='P-256' are supported. Encountered: kty={(string)key["kty"]} and crv={(string)key["crv"]}."); } byte[] x = TokenEncodingHelpers.Base64UrlDecode((string)key["x"]); byte[] y = TokenEncodingHelpers.Base64UrlDecode((string)key["y"]); return(BuildEcdsa(x, y)); }