/// <summary> /// Prepares data before calling <see cref="IJwtValidator.Validate(string,string,string[])" /> /// </summary> /// <param name="jwt">The JWT parts</param> /// <param name="keys">The keys provided which one of them was used to sign the JWT</param> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> public void Validate(JwtParts jwt, IReadOnlyCollection <byte[]> keys) { if (jwt is null) { throw new ArgumentNullException(nameof(jwt)); } if (keys is null) { throw new ArgumentNullException(nameof(keys)); } if (keys.Count == 0 || !AllKeysHaveValues(keys)) { throw new ArgumentOutOfRangeException(nameof(keys)); } var crypto = _urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var headerJson = GetString(_urlEncoder.Decode(jwt.Header)); var headerData = _jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson); var payload = jwt.Payload; var payloadJson = GetString(_urlEncoder.Decode(payload)); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", payload)); var algName = (string)headerData["alg"]; var alg = _algFactory.Create(algName); var decodedSignatures = keys.Select(key => alg.Sign(key, bytesToSign)) .Select(sd => Convert.ToBase64String(sd)) .ToArray(); _jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignatures); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> public string Decode(string token) { var payload = new JwtParts(token).Payload; var decoded = _urlEncoder.Decode(payload); return(GetString(decoded)); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentOutOfRangeException" /> public string Decode(string token, byte[][] keys, bool verify) { if (IsNullOrWhiteSpace(token)) { throw new ArgumentException(nameof(token)); } if (!AllKeysHaveValues(keys)) { throw new ArgumentOutOfRangeException(nameof(keys)); } var jwt = new JwtParts(token); if (verify) { if (_jwtValidator is null || _algFactory is null) { throw new InvalidOperationException("This instance was constructed without validator and algorithm so cannot be used for signature validation"); } Validate(jwt, keys); } return(Decode(jwt)); }
/// <summary> /// Prepares data before calling <see cref="IJwtValidator.Validate(string,string,string)" /> /// </summary> /// <param name="jwt">The JWT parts</param> /// <param name="key">The key that was used to sign the JWT</param> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> public void Validate(JwtParts jwt, byte[] key) { if (jwt is null) { throw new ArgumentNullException(nameof(jwt)); } if (key is null) { throw new ArgumentNullException(nameof(key)); } if (key.Length == 0) { throw new ArgumentOutOfRangeException(nameof(key)); } var crypto = _urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var headerJson = GetString(_urlEncoder.Decode(jwt.Header)); var headerData = _jsonSerializer.Deserialize <Dictionary <string, object> >(headerJson); var payload = jwt.Payload; var payloadJson = GetString(_urlEncoder.Decode(payload)); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", payload)); var algName = (string)headerData["alg"]; var alg = _algFactory.Create(algName); var signatureData = alg.Sign(key, bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); _jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); }
/// <summary> /// Prepares data before calling <see cref="IJwtValidator" /> /// </summary> /// <param name="jwt">The JWT parts</param> /// <param name="keys">The keys provided which one of them was used to sign the JWT</param> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> /// <exception cref="SignatureVerificationException" /> /// <exception cref="TokenExpiredException" /> public void Validate(JwtParts jwt, params byte[][] keys) { if (jwt is null) { throw new ArgumentNullException(nameof(jwt)); } if (!AllKeysHaveValues(keys)) { throw new ArgumentOutOfRangeException(nameof(keys)); } var decodedPayload = GetString(_urlEncoder.Decode(jwt.Payload)); var decodedSignature = _urlEncoder.Decode(jwt.Signature); var header = DecodeHeader <JwtHeader>(jwt); var alg = _algFactory.Create(JwtDecoderContext.Create(header, decodedPayload, jwt)); var bytesToSign = GetBytes(jwt.Header, (byte)'.', jwt.Payload); if (alg is IAsymmetricAlgorithm asymmAlg) { _jwtValidator.Validate(decodedPayload, asymmAlg, bytesToSign, decodedSignature); } else { // the signature on the token, with the leading = var rawSignature = Convert.ToBase64String(decodedSignature); // the signatures re-created by the algorithm, with the leading = var recreatedSignatures = keys.Select(key => Convert.ToBase64String(alg.Sign(key, bytesToSign))) .ToArray(); _jwtValidator.Validate(decodedPayload, rawSignature, recreatedSignatures); } }
/// <inheritdoc /> /// <exception cref="ArgumentNullException" /> public string Decode(JwtParts jwt) { if (jwt is null) { throw new ArgumentNullException(nameof(jwt)); } var decoded = _urlEncoder.Decode(jwt.Payload); return(GetString(decoded)); }
/// <inheritdoc /> /// <exception cref="ArgumentNullException" /> public T DecodeHeader <T>(JwtParts jwt) { if (jwt is null) { throw new ArgumentNullException(nameof(jwt)); } var decodedHeader = _urlEncoder.Decode(jwt.Header); var stringHeader = GetString(decodedHeader); return(_jsonSerializer.Deserialize <T>(stringHeader)); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> public string DecodeHeader(string token) { if (String.IsNullOrEmpty(token)) { throw new ArgumentException(nameof(token)); } var header = new JwtParts(token).Header; var decoded = _urlEncoder.Decode(header); return(GetString(decoded)); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> /// <exception cref="SignatureVerificationException" /> /// <exception cref="TokenExpiredException" /> public string Decode(JwtParts jwt, byte[][] keys, bool verify) { if (jwt is null) { throw new ArgumentNullException(nameof(jwt)); } if (verify) { if (_jwtValidator is null || _algFactory is null) { throw new InvalidOperationException("This instance was constructed without validator and algorithm so cannot be used for signature validation"); } Validate(jwt, keys); } return(Decode(jwt)); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> public string Decode(string token, byte[][] keys, bool verify) { if (String.IsNullOrWhiteSpace(token)) { throw new ArgumentException(nameof(token)); } if (keys is null) { throw new ArgumentNullException(nameof(keys)); } if (keys.Length == 0 || !AllKeysHaveValues(keys)) { throw new ArgumentOutOfRangeException(nameof(keys)); } var jwt = new JwtParts(token); if (verify) { Validate(jwt, keys); } return(Decode(jwt)); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> public string Decode(JwtParts jwt) { var decoded = _urlEncoder.Decode(jwt.Payload); return(GetString(decoded)); }
/// <summary> /// Given a JWT, decodes it and return the payload. /// </summary> /// <param name="decoder">The decoder instance</param> /// <param name="jwt">The JWT</param> /// <returns>A string containing the JSON payload</returns> public static string Decode(this IJwtDecoder decoder, JwtParts jwt) => decoder.Decode(jwt, (byte[])null, verify: false);
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> /// <exception cref="SignatureVerificationException" /> /// <exception cref="TokenExpiredException" /> public T DecodeToObject <T>(JwtParts jwt, byte[][] keys, bool verify) { var payload = Decode(jwt, keys, verify); return(_jsonSerializer.Deserialize <T>(payload)); }
/// <inheritdoc /> /// <exception cref="ArgumentException" /> /// <exception cref="ArgumentNullException" /> /// <exception cref="ArgumentOutOfRangeException" /> /// <exception cref="FormatException" /> public T DecodeToObject <T>(JwtParts jwt) { var payload = Decode(jwt); return(_jsonSerializer.Deserialize <T>(payload)); }
public static JwtDecoderContext Create(JwtHeader header, string decodedPayload, JwtParts jwt) => new JwtDecoderContext { Token = jwt, Header = header, Payload = decodedPayload };