private static void ValidateSignature(JsonWebToken token, JsonWebTokenValidationParameters parameters)
{
ArgumentUtility.CheckForNull(token, nameof(token));
ArgumentUtility.CheckForNull(parameters, nameof(parameters));
if (!parameters.ValidateSignature)
{
return;
}
string encodedData = token.EncodedToken;
string[] parts = encodedData.Split('.');
if (parts.Length != 3)
{
throw new InvalidTokenException(JwtResources.EncodedTokenDataMalformed()); //validation exception
}
if (string.IsNullOrEmpty(parts[2]))
{
throw new InvalidTokenException(JwtResources.SignatureNotFound()); //validation exception
}
if (token.Algorithm == JWTAlgorithm.None)
{
throw new InvalidTokenException(JwtResources.InvalidSignatureAlgorithm()); //validation exception
}
ArgumentUtility.CheckForNull(parameters.SigningCredentials, nameof(parameters.SigningCredentials));
//ArgumentUtility.CheckEnumerableForNullOrEmpty(parameters.SigningToken.SecurityKeys, nameof(parameters.SigningToken.SecurityKeys));
byte[] sourceInput = Encoding.UTF8.GetBytes(string.Format("{0}.{1}", parts[0], parts[1]));
byte[] sourceSignature = parts[2].FromBase64StringNoPadding();
try
{
if (parameters.SigningCredentials.VerifySignature(sourceInput, sourceSignature))
{
return;
}
}
catch (Exception)
{
//swallow exceptions here, we'll throw if nothing works...
}
throw new SignatureValidationException(); //valiation exception
}
internal static JWTAlgorithm ValidateSigningCredentials(VssSigningCredentials credentials, bool allowExpiredToken = false)
{
if (credentials == null)
{
return(JWTAlgorithm.None);
}
if (!credentials.CanSignData)
{
throw new InvalidCredentialsException(JwtResources.SigningTokenNoPrivateKey());
}
if (!allowExpiredToken && credentials.ValidTo.ToUniversalTime() < (DateTime.UtcNow - TimeSpan.FromMinutes(5)))
{
throw new InvalidCredentialsException(JwtResources.SigningTokenExpired());
}
return(credentials.SignatureAlgorithm);
}
public SignatureAlgorithmUnsupportedException(int providerType)
: base(JwtResources.ProviderTypeUnsupported(providerType))
{
}
public DigestUnsupportedException(string supportedDigest, string invalidDigest)
: base(JwtResources.DigestUnsupportedException(supportedDigest, invalidDigest))
{
}
public SignatureAlgorithmUnsupportedException(string invalidAlgorithm)
: base(JwtResources.SignatureAlgorithmUnsupportedException(invalidAlgorithm))
{
}
public InvalidScopeException()
: base(JwtResources.TokenScopeNotAuthorizedException())
{
}
public JsonWebTokenDeserializationException()
: base(JwtResources.DeserializationException())
{
}
public SignatureValidationException()
: base(JwtResources.SignatureValidationException())
{
}
public InvalidIssuerException()
: base(JwtResources.InvalidIssuerException())
{
}
public TokenExpiredException()
: base(JwtResources.TokenExpiredException())
{
}
public InvalidAudienceException()
: base(JwtResources.InvalidAudienceException())
{
}
public TokenNotYetValidException()
: base(JwtResources.TokenNotYetValidException())
{
}
public ActorValidationException()
: base(JwtResources.ActorValidationException())
{
}
public ValidFromAfterValidToException()
: base(JwtResources.ValidFromAfterValidToException())
{
}
public InvalidValidToValueException()
: base(JwtResources.InvalidValidToValueException())
{
}
public InvalidClockSkewException()
: base(JwtResources.InvalidClockSkewException())
{
}
