Пример #1
0
        private static byte[] DecryptBytes(Compact.Iterator parts, object key, JweAlgorithm?jweAlg, JweEncryption?jweEnc, JwtSettings settings = null)
        {
            byte[] header       = parts.Next();
            byte[] encryptedCek = parts.Next();
            byte[] iv           = parts.Next();
            byte[] cipherText   = parts.Next();
            byte[] authTag      = parts.Next();

            JwtSettings jwtSettings = GetSettings(settings);
            IDictionary <string, object> jwtHeader = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));

            JweAlgorithm  headerAlg = jwtSettings.JwaAlgorithmFromHeader((string)jwtHeader["alg"]);
            JweEncryption headerEnc = jwtSettings.JweAlgorithmFromHeader((string)jwtHeader["enc"]);

            IKeyManagement keys = jwtSettings.Jwa(headerAlg);
            IJweAlgorithm  enc  = jwtSettings.Jwe(headerEnc);

            if (keys == null)
            {
                throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", headerAlg));
            }

            if (enc == null)
            {
                throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc));
            }

            if (jweAlg != null && (JweAlgorithm)jweAlg != headerAlg)
            {
                throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header.");
            }

            if (jweEnc != null && (JweEncryption)jweEnc != headerEnc)
            {
                throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header.");
            }

            byte[] cek = keys.Unwrap(encryptedCek, key, enc.KeySize, jwtHeader);
            byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header));

            byte[] plainText = enc.Decrypt(aad, cek, iv, cipherText, authTag);

            if (jwtHeader.ContainsKey("zip"))
            {
                ICompression compression = jwtSettings.Compression((string)jwtHeader["zip"]);

                plainText = compression.Decompress(plainText);
            }

            return(plainText);
        }
Пример #2
0
        /// <summary>
        /// Encodes given binary data to JWT token and applies requested encryption/compression algorithms.
        /// </summary>
        /// <param name="payload">Binary data to encode (not null)</param>
        /// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param>
        /// <param name="alg">JWT algorithm to be used.</param>
        /// <param name="enc">encryption algorithm to be used.</param>
        /// <param name="compression">optional compression type to use.</param>
        /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
        /// <param name="settings">optional settings to override global DefaultSettings</param>
        /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns>
        public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null)
        {
            if (payload == null)
            {
                throw new ArgumentNullException(nameof(payload));
            }
            JwtSettings    jwtSettings = GetSettings(settings);
            IKeyManagement keys        = jwtSettings.Jwa(alg);
            IJweAlgorithm  _enc        = jwtSettings.Jwe(enc);

            if (keys == null)
            {
                throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", alg));
            }

            if (_enc == null)
            {
                throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", enc));
            }

            IDictionary <string, object> jwtHeader = new Dictionary <string, object> {
                { "alg", jwtSettings.JwaHeaderValue(alg) }, { "enc", jwtSettings.JweHeaderValue(enc) }
            };

            Dictionaries.Append(jwtHeader, extraHeaders);

            byte[][] contentKeys  = keys.WrapNewKey(_enc.KeySize, key, jwtHeader);
            byte[]   cek          = contentKeys[0];
            byte[]   encryptedCek = contentKeys[1];

            if (compression.HasValue)
            {
                jwtHeader["zip"] = jwtSettings.CompressionHeader(compression.Value);
                payload          = jwtSettings.Compression(compression.Value).Compress(payload);
            }

            byte[]   header   = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader));
            byte[]   aad      = Encoding.UTF8.GetBytes(Compact.Serialize(header));
            byte[][] encParts = _enc.Encrypt(aad, payload, cek);

            return(Compact.Serialize(header, encryptedCek, encParts[0], encParts[1], encParts[2]));
        }