Exemplo n.º 1
0
        protected virtual System.IdentityModel.Tokens.SecurityKeyIdentifier GetSigningKeyIdentifier(System.Collections.Generic.IDictionary <string, string> header, System.Collections.Generic.IDictionary <string, string> payload)
        {
            string x;

            if (!header.TryGetValue("alg", out x))
            {
                throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No signature algorithm specified in token header.");
            }
            System.IdentityModel.Tokens.SecurityKeyIdentifierClause securityKeyIdentifierClause;
            if (System.StringComparer.Ordinal.Equals(x, "RS256"))
            {
                string arg;
                if (!header.TryGetValue("x5t", out arg))
                {
                    throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No certificate thumbprint specified in token header.");
                }
                securityKeyIdentifierClause = new System.IdentityModel.Tokens.X509ThumbprintKeyIdentifierClause(Base64UrlEncoder.DecodeBytes(arg));
            }
            else
            {
                if (!System.StringComparer.Ordinal.Equals(x, "HS256"))
                {
                    throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Didn't find a supported signature algorithm in token header.");
                }
                string issuer;
                payload.TryGetValue("iss", out issuer);
                securityKeyIdentifierClause = new SymmetricIssuerKeyIdentifierClause(issuer);
            }
            return(new System.IdentityModel.Tokens.SecurityKeyIdentifier(new System.IdentityModel.Tokens.SecurityKeyIdentifierClause[]
            {
                securityKeyIdentifierClause
            }));
        }
Exemplo n.º 2
0
        protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken)
        {
            Utility.VerifyNonNullArgument("signingToken", signingToken);
            bool flag = false;

            System.IdentityModel.Tokens.SecurityToken result = null;
            if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal))
            {
                System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken;
                if (x509SecurityToken == null)
                {
                    throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature.");
                }
                System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider;
                if (rSACryptoServiceProvider == null)
                {
                    throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm.");
                }
                using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider))
                {
                    flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature));
                    if (flag)
                    {
                        result = signingToken;
                    }
                    goto IL_133;
                }
            }
            if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal))
            {
                byte[] bytes      = Base64UrlEncoder.TextEncoding.GetBytes(signingInput);
                byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature);
                using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator())
                {
                    while (enumerator.MoveNext())
                    {
                        System.IdentityModel.Tokens.SecurityKey          current = enumerator.Current;
                        System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey;
                        if (symmetricSecurityKey != null)
                        {
                            using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey))
                            {
                                flag = symmetricSignatureProvider.Verify(bytes, signature2);
                                if (flag)
                                {
                                    result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey());
                                    break;
                                }
                            }
                        }
                    }
                    goto IL_133;
                }
            }
            throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm.");
IL_133:
            if (!flag)
            {
                throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature.");
            }
            return(result);
        }
Exemplo n.º 3
0
 public static string Decode(string arg)
 {
     return(Base64UrlEncoder.TextEncoding.GetString(Base64UrlEncoder.DecodeBytes(arg)));
 }