public bool Verify(string accessToken, string n, string e)
{
string[] parts = accessToken.Split('.');
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.ImportParameters(new RSAParameters
{
Exponent = Base64UrlDecode(e),
Modulus = Base64UrlDecode(n)
});
SHA256CryptoServiceProvider sha256 = new SHA256CryptoServiceProvider();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(parts[0] + "." + parts[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(provider);
rsaDeformatter.SetHashAlgorithm(sha256.GetType().FullName);
// 驗證 jwt 是否為apple加密產生的
if (!rsaDeformatter.VerifySignature(hash, Base64UrlDecode(parts[2])))
{
throw new ApplicationException(string.Format("Invalid signature"));
}
return(true);
}
public bool VerifyCognitoJwt(string accessToken)
{
try
{
string[] parts = accessToken.Split('.');
string header = parts[0];
string payload = parts[1];
string headerJson = Encoding.UTF8.GetString(Base64UrlDecode(header));
JObject headerData = JObject.Parse(headerJson);
string payloadJson = Encoding.UTF8.GetString(Base64UrlDecode(payload));
JObject payloadData = JObject.Parse(payloadJson);
var kid = headerData["kid"];
var iss = payloadData["iss"];
var issUrl = iss + "/.well-known/jwks.json";
var keysJson = string.Empty;
using (WebClient wc = new WebClient())
{
//We can optimize to download these only once when app starts and use it just for verfification
//Not required to download each time
keysJson = wc.DownloadString(issUrl);
}
var keyData = GetKeyData(keysJson, kid.ToString());
if (keyData == null)
{
throw new ApplicationException(string.Format("Invalid signature"));
}
var modulus = Base64UrlDecode(keyData.Modulus);
var exponent = Base64UrlDecode(keyData.Exponent);
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
var rsaParameters = new RSAParameters();
rsaParameters.Modulus = new BigInteger(modulus).ToByteArray();
rsaParameters.Exponent = new BigInteger(exponent).ToByteArray();
provider.ImportParameters(rsaParameters);
SHA256CryptoServiceProvider sha256 = new SHA256CryptoServiceProvider();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(parts[0] + "." + parts[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(provider);
rsaDeformatter.SetHashAlgorithm(sha256.GetType().FullName);
if (!rsaDeformatter.VerifySignature(hash, Base64UrlDecode(parts[2])))
{
return(false);
}
else
{
return(true);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return(false);
}
}
