private static void ValidateSignature(JsonWebToken token, JsonWebTokenValidationParameters parameters) { ArgumentUtility.CheckForNull(token, nameof(token)); ArgumentUtility.CheckForNull(parameters, nameof(parameters)); if (!parameters.ValidateSignature) { return; } string encodedData = token.EncodedToken; string[] parts = encodedData.Split('.'); if (parts.Length != 3) { throw new InvalidTokenException(JwtResources.EncodedTokenDataMalformed()); //validation exception } if (string.IsNullOrEmpty(parts[2])) { throw new InvalidTokenException(JwtResources.SignatureNotFound()); //validation exception } if (token.Algorithm == JWTAlgorithm.None) { throw new InvalidTokenException(JwtResources.InvalidSignatureAlgorithm()); //validation exception } ArgumentUtility.CheckForNull(parameters.SigningCredentials, nameof(parameters.SigningCredentials)); //ArgumentUtility.CheckEnumerableForNullOrEmpty(parameters.SigningToken.SecurityKeys, nameof(parameters.SigningToken.SecurityKeys)); byte[] sourceInput = Encoding.UTF8.GetBytes(string.Format("{0}.{1}", parts[0], parts[1])); byte[] sourceSignature = parts[2].FromBase64StringNoPadding(); try { if (parameters.SigningCredentials.VerifySignature(sourceInput, sourceSignature)) { return; } } catch (Exception) { //swallow exceptions here, we'll throw if nothing works... } throw new SignatureValidationException(); //valiation exception }
internal static JWTAlgorithm ValidateSigningCredentials(VssSigningCredentials credentials, bool allowExpiredToken = false) { if (credentials == null) { return(JWTAlgorithm.None); } if (!credentials.CanSignData) { throw new InvalidCredentialsException(JwtResources.SigningTokenNoPrivateKey()); } if (!allowExpiredToken && credentials.ValidTo.ToUniversalTime() < (DateTime.UtcNow - TimeSpan.FromMinutes(5))) { throw new InvalidCredentialsException(JwtResources.SigningTokenExpired()); } return(credentials.SignatureAlgorithm); }
public SignatureAlgorithmUnsupportedException(int providerType) : base(JwtResources.ProviderTypeUnsupported(providerType)) { }
public DigestUnsupportedException(string supportedDigest, string invalidDigest) : base(JwtResources.DigestUnsupportedException(supportedDigest, invalidDigest)) { }
public SignatureAlgorithmUnsupportedException(string invalidAlgorithm) : base(JwtResources.SignatureAlgorithmUnsupportedException(invalidAlgorithm)) { }
public InvalidScopeException() : base(JwtResources.TokenScopeNotAuthorizedException()) { }
public JsonWebTokenDeserializationException() : base(JwtResources.DeserializationException()) { }
public SignatureValidationException() : base(JwtResources.SignatureValidationException()) { }
public InvalidIssuerException() : base(JwtResources.InvalidIssuerException()) { }
public TokenExpiredException() : base(JwtResources.TokenExpiredException()) { }
public InvalidAudienceException() : base(JwtResources.InvalidAudienceException()) { }
public TokenNotYetValidException() : base(JwtResources.TokenNotYetValidException()) { }
public ActorValidationException() : base(JwtResources.ActorValidationException()) { }
public ValidFromAfterValidToException() : base(JwtResources.ValidFromAfterValidToException()) { }
public InvalidValidToValueException() : base(JwtResources.InvalidValidToValueException()) { }
public InvalidClockSkewException() : base(JwtResources.InvalidClockSkewException()) { }