internal static string DecryptBrokerResponse(string encryptedBrokerResponse, ICoreLogger logger)
{
byte[] outputBytes = Base64UrlHelpers.DecodeBytes(encryptedBrokerResponse);
if (TryGetBrokerKey(out byte[] key))
{
AesManaged algo = null;
CryptoStream cryptoStream = null;
MemoryStream memoryStream = null;
try
{
memoryStream = new MemoryStream(outputBytes);
algo = CreateSymmetricAlgorith(key);
cryptoStream = new CryptoStream(
memoryStream,
algo.CreateDecryptor(),
CryptoStreamMode.Read);
using (StreamReader srDecrypt = new StreamReader(cryptoStream))
{
string plaintext = srDecrypt.ReadToEnd();
return(plaintext);
}
}
finally
{
memoryStream?.Dispose();
cryptoStream?.Dispose();
algo?.Dispose();
}
}
throw new MsalClientException(
MsalError.BrokerKeyFetchFailed,
MsalErrorMessage.iOSBrokerKeyFetchFailed);
}
[InlineData("", "")] // Empty string
public void DecodeToBytes_ValidBase64UrlString_ReturnsByteArray(string stringToDecode, string expectedDecodedString)
{
var expectedDecodedByteArray = Encoding.UTF8.GetBytes(expectedDecodedString);
var actualDecodedByteArray = Base64UrlHelpers.DecodeBytes(stringToDecode);
Assert.Equal(expectedDecodedByteArray, actualDecodedByteArray);
}
public void DecodeToBytes_InvalidBase64UrlStringLength_ThrowsException()
{
var stringToDecodeWithInvalidLength = "MTIzNDU21";
Action decodeAction = () => Base64UrlHelpers.DecodeBytes(stringToDecodeWithInvalidLength);
var exception = Assert.Throws <ArgumentException>(decodeAction);
Assert.Equal(IDWebErrorMessage.InvalidBase64UrlString + " (Parameter 'str')", exception.Message);
}
/// <summary>
/// Creates a <see cref="KerberosSupplementalTicket"/> object from given ID token string..
/// </summary>
/// <param name="idToken">ID token string.</param>
/// <returns>A <see cref="KerberosSupplementalTicket"/> object if a Kerberos Ticket Claim exists in the given
/// idToken parameter and is parsed correctly. Null, otherwise.</returns>
public static KerberosSupplementalTicket FromIdToken(string idToken)
{
if (string.IsNullOrEmpty(idToken) || idToken.Length < 128)
{
// Token is empty or too short - ignore parsing.
return(null);
}
string[] sections = idToken.Split('.');
if (sections.Length != 3)
{
// JWT should be consists of 3 parts separated with '.'
return(null);
}
// decodes the second section containing the Kerberos Ticket claim if exists.
byte[] payloadBytes = Base64UrlHelpers.DecodeBytes(sections[1]);
string payload = Encoding.UTF8.GetString(payloadBytes);
if (string.IsNullOrEmpty(payload))
{
return(null);
}
// parse the JSON data and find the included Kerberos Ticket claim.
JObject payloadJson = JObject.Parse(payload);
JToken claimValue;
if (!payloadJson.TryGetValue(KerberosClaimType, out claimValue))
{
return(null);
}
// Kerberos Ticket claim found.
// Parse the json and construct the KerberosSupplementalTicket object.
string kerberosAsRep = claimValue.Value <string>();
return((KerberosSupplementalTicket)JsonConvert.DeserializeObject(kerberosAsRep, typeof(KerberosSupplementalTicket)));
}
public void Decode_Bytes_New()
{
Base64UrlHelpers.DecodeBytes(s4);
Base64UrlHelpers.DecodeBytes(s5);
Base64UrlHelpers.DecodeBytes(s6);
}