private Jwt(JwtHeaderDocument header, Jwt nested, byte[] rented)
{
_header = header;
_payload = nested.Payload;
_nested = nested;
_rented = rented;
}
public static TokenValidationResult TokenReplayed(Jwt token)
{
return(new TokenValidationResult
{
Status = TokenValidationStatus.TokenReplayed,
Token = token
});
}
private Jwt(JwtHeaderDocument header, Jwt nested, TokenValidationError error, byte[] rented)
{
_header = header;
_payload = nested.Payload;
_nested = nested;
_error = error;
_rented = rented;
}
public static TokenValidationResult Expired(Jwt token)
{
return(new TokenValidationResult
{
Status = TokenValidationStatus.Expired,
Token = token
});
}
public static TokenValidationResult Success(Jwt jwtToken)
{
return(new TokenValidationResult
{
Status = TokenValidationStatus.Success,
Token = jwtToken
});
}
public static TokenValidationResult NotYetValid(Jwt jwtToken)
{
return(new TokenValidationResult
{
Status = TokenValidationStatus.NotYetValid,
Token = jwtToken
});
}
internal Jwt(Jwt other)
{
_rawValue = other._rawValue;
_rented = other._rented;
_header = other._header;
_payload = other._payload;
_nested = other._nested;
_error = other._error;
}
public static TokenValidationResult MissingClaim(Jwt jwt, string claim)
{
return(new TokenValidationResult
{
Token = jwt,
Status = TokenValidationStatus.MissingClaim,
ErrorClaim = claim
});
}
public static TokenValidationResult MissingClaim(Jwt jwt, ReadOnlySpan <byte> claim)
{
return(new TokenValidationResult
{
Token = jwt,
Status = TokenValidationStatus.MissingClaim,
ErrorClaim = Utf8.GetString(claim)
});
}
/// <summary>
/// Try to validate the token, according to the <paramref name="jwt"/>.
/// </summary>
/// <param name="jwt"></param>
/// <returns></returns>
public TokenValidationResult TryValidateJwt(Jwt jwt)
{
var payload = jwt.Payload !;
if (payload.ValidationControl != 0)
{
if (payload.MissingAudience)
{
return(TokenValidationResult.MissingClaim(jwt, Claims.AudUtf8));
}
if (payload.InvalidAudience)
{
return(TokenValidationResult.InvalidClaim(jwt, Claims.AudUtf8));
}
if (payload.MissingIssuer)
{
return(TokenValidationResult.MissingClaim(jwt, Claims.IssUtf8));
}
if (payload.InvalidIssuer)
{
return(TokenValidationResult.InvalidClaim(jwt, Claims.IssUtf8));
}
if (payload.MissingExpirationTime)
{
return(TokenValidationResult.MissingClaim(jwt, Claims.ExpUtf8));
}
if (payload.Expired)
{
return(TokenValidationResult.Expired(jwt));
}
if (payload.NotYetValid)
{
return(TokenValidationResult.NotYetValid(jwt));
}
}
var validators = _validators;
for (int i = 0; i < validators.Length; i++)
{
var result = validators[i].TryValidate(jwt);
if (!result.Succedeed)
{
return(result);
}
}
return(TokenValidationResult.Success(jwt));
}
/// <summary>
/// Initializes a new instance of <see cref="Jwt"/>.
/// </summary>
protected Jwt(Jwt token)
{
if (token is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.token);
}
_payload = token._payload;
Header = token.Header;
_nestedToken = token._nestedToken;
SigningKey = token.SigningKey;
EncryptionKey = token.EncryptionKey;
Binary = token.Binary;
}
/// <summary>Parses and validates a JWT encoded as a JWS or JWE in compact serialized format.</summary>
/// <param name="token">The JWT encoded as JWE or JWS</param>
/// <param name="policy">The validation policy.</param>
/// <param name="jwt">The resulting <see cref="Jwt"/>.</param>
public static bool TryParse(string token, TokenValidationPolicy policy, out Jwt jwt)
{
if (token is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.token);
}
if (policy is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.policy);
}
if (token.Length == 0)
{
jwt = new Jwt(TokenValidationError.MalformedToken());
return(false);
}
int length = Utf8.GetMaxByteCount(token.Length);
if (length > policy.MaximumTokenSizeInBytes)
{
jwt = new Jwt(TokenValidationError.MalformedToken());
return(false);
}
byte[]? utf8ArrayToReturnToPool = null;
var utf8Token = length <= Constants.MaxStackallocBytes
? stackalloc byte[length]
: (utf8ArrayToReturnToPool = ArrayPool <byte> .Shared.Rent(length));
try
{
int bytesWritten = Utf8.GetBytes(token, utf8Token);
return(TryParse(utf8Token.Slice(0, bytesWritten), policy, out jwt));
}
finally
{
if (utf8ArrayToReturnToPool != null)
{
ArrayPool <byte> .Shared.Return(utf8ArrayToReturnToPool);
}
}
}
public static SecurityEventToken AsSecurityEventToken(this Jwt token)
{
if (token is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
}
if (token.Payload is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.payload);
}
if (!token.Payload.ContainsKey(SetClaims.EventsUtf8))
{
throw new InvalidOperationException();
}
return(new SecurityEventToken(token));
}
/// <inheritdoc />
public TokenValidationResult TryValidate(Jwt jwt)
{
if (jwt is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
}
if (jwt.Payload is null)
{
return(TokenValidationResult.MalformedToken());
}
if (jwt.Payload.TryGetValue(OidcClaims.AuthTimeUtf8, out var _))
{
return(TokenValidationResult.Success(jwt));
}
return(TokenValidationResult.MissingClaim(jwt, OidcClaims.AuthTimeUtf8));
}
/// <summary>
/// Creates a new instance of <see cref="Jwt"/>.
/// </summary>
/// <param name="header"></param>
/// <param name="nestedToken"></param>
/// <param name="encryptionKey"></param>
public static Jwt Create(JwtHeader header, Jwt nestedToken, Jwk encryptionKey)
{
if (header is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.header);
}
if (nestedToken is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.nestedToken);
}
if (encryptionKey is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.encryptionKey);
}
return(new Jwt(header, nestedToken, encryptionKey));
}
public TokenValidationResult TryValidate(Jwt jwt)
{
if (jwt is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.jwt);
}
if (jwt.Payload is null)
{
return(TokenValidationResult.MalformedToken());
}
if (!jwt.Payload.TryGetValue(OidcClaims.AcrUtf8, out var property))
{
return(TokenValidationResult.MissingClaim(jwt, OidcClaims.AcrUtf8));
}
if (string.Equals(_requiredAcr, (string?)property.Value, StringComparison.Ordinal))
{
return(TokenValidationResult.InvalidClaim(jwt, OidcClaims.AcrUtf8));
}
return(TokenValidationResult.Success(jwt));
}
/// <summary>
/// Initializes a new instance of <see cref="TokenValidationContext"/>.
/// </summary>
/// <param name="jwt"></param>
public TokenValidationContext(Jwt jwt)
{
Jwt = jwt;
}
public static Jwt Create(JwtHeader header, Jwt nestedToken, Jwk encryptionKey) => throw new NotImplementedException();
public SecurityEventToken(Jwt token)
: base(token)
{
}
internal Jwt(JwtHeader header, Jwt nestedToken, Jwk encryptionKey)
{
Header = header;
_nestedToken = nestedToken;
EncryptionKey = encryptionKey;
}
/// <summary>Parses and validates a JWT encoded as a JWS or JWE in compact serialized format.</summary>
/// <param name="utf8Token">The JWT encoded as JWE or JWS.</param>
/// <param name="policy">The validation policy.</param>
/// <param name="jwt">The resulting <see cref="Jwt"/>.</param>
public static bool TryParse(ReadOnlySequence <byte> utf8Token, TokenValidationPolicy policy, out Jwt jwt)
{
if (utf8Token.IsSingleSegment)
{
return(TryParse(utf8Token.First.Span, policy, out jwt));
}
return(TryParse(utf8Token.ToArray(), policy, out jwt));
}
/// <summary>Parses and validates a JWT encoded as a JWS or JWE in compact serialized format.</summary>
/// <param name="utf8Token">The JWT encoded as JWE or JWS</param>
/// <param name="policy">The validation policy.</param>
/// <param name="jwt">The resulting <see cref="Jwt"/>.</param>
public static bool TryParse(ReadOnlySpan <byte> utf8Token, TokenValidationPolicy policy, out Jwt jwt)
{
if (policy is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.policy);
}
TokenValidationError?error;
if (utf8Token.IsEmpty)
{
error = TokenValidationError.MalformedToken();
goto TokenError;
}
if (utf8Token.Length > policy.MaximumTokenSizeInBytes)
{
error = TokenValidationError.MalformedToken();
goto TokenError;
}
Span <TokenSegment> segments = stackalloc TokenSegment[Constants.JweSegmentCount];
ref TokenSegment segmentsRef = ref MemoryMarshal.GetReference(segments);
public IdToken(Jwt token)
: base(token)
{
}
public static TokenValidationResult InvalidClaim(Jwt jwt, string claim) => throw new NotImplementedException();
public static TokenValidationResult InvalidClaim(Jwt jwt, ReadOnlySpan <byte> claim) => throw new NotImplementedException();
public static TokenValidationResult Success(Jwt jwtToken) => throw new NotImplementedException();
public static TokenValidationResult TokenReplayed(Jwt token) => throw new NotImplementedException();
