public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] sharedKey = byteKey(key);
Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L));
Ensure.Contains(header, new[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found");
Ensure.Contains(header, new[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found");
byte[] iv = Base64Url.Decode((string)header["iv"]);
byte[] authTag = Base64Url.Decode((string)header["tag"]);
return(AesGcm.Decrypt(sharedKey, iv, null, encryptedCek, authTag));
}
private byte[] DeriveKey(IDictionary <string, object> header, int cekSizeBits, CngKey externalPublicKey, CngKey privateKey)
{
byte[] enc = Encoding.UTF8.GetBytes((string)header[algIdHeader]);
byte[] apv = header.ContainsKey("apv") ? Base64Url.Decode((string)header["apv"]) : Arrays.Empty;
byte[] apu = header.ContainsKey("apu") ? Base64Url.Decode((string)header["apu"]) : Arrays.Empty;
byte[] algorithmId = Arrays.Concat(Arrays.IntToBytes(enc.Length), enc);
byte[] partyUInfo = Arrays.Concat(Arrays.IntToBytes(apu.Length), apu);
byte[] partyVInfo = Arrays.Concat(Arrays.IntToBytes(apv.Length), apv);
byte[] suppPubInfo = Arrays.IntToBytes(cekSizeBits);
return(ConcatKDF.DeriveKey(externalPublicKey, privateKey, cekSizeBits, algorithmId, partyVInfo, partyUInfo, suppPubInfo));
}
public RSA RsaKey()
{
if (rsaKey == null && E != null && N != null)
{
RSAParameters param = new RSAParameters();
param.Modulus = Base64Url.Decode(N);
param.Exponent = Base64Url.Decode(E);
if (D != null)
{
param.D = Base64Url.Decode(D);
}
if (P != null)
{
param.P = Base64Url.Decode(P);
}
if (Q != null)
{
param.Q = Base64Url.Decode(Q);
}
if (DP != null)
{
param.DP = Base64Url.Decode(DP);
}
if (DQ != null)
{
param.DQ = Base64Url.Decode(DQ);
}
if (QI != null)
{
param.InverseQ = Base64Url.Decode(QI);
}
#if NETSTANDARD
rsaKey = RSA.Create();
rsaKey.ImportParameters(param);
# elif NET461 || NET472
rsaKey = new RSACng(Jose.keys.RsaKey.New(param));
#else
throw new NotImplementedException("Not supported, requires .NET 4.6.1+ or NETSTANDARD");
#endif
}
public virtual byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
CngKey cngKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type.", new object[0]);
Ensure.Contains(header, new string[] { "epk" }, "EcdhKeyManagement algorithm expects 'epk' key param in JWT header, but was not found", new object[0]);
Ensure.Contains(header, new string[] { this.algIdHeader }, "EcdhKeyManagement algorithm expects 'enc' header to be present in JWT header, but was not found", new object[0]);
IDictionary <string, object> item = (IDictionary <string, object>)header["epk"];
Ensure.Contains(item, new string[] { "x", "y", "crv" }, "EcdhKeyManagement algorithm expects 'epk' key to contain 'x','y' and 'crv' fields.", new object[0]);
byte[] numArray = Base64Url.Decode((string)item["x"]);
byte[] numArray1 = Base64Url.Decode((string)item["y"]);
CngKey cngKey1 = EccKey.New(numArray, numArray1, null, CngKeyUsages.KeyAgreement);
return(this.DeriveKey(header, cekSizeBits, cngKey1, cngKey));
}
public virtual byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
var privateKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type.");
Ensure.Contains(header, new[] { "epk" }, "EcdhKeyManagement algorithm expects 'epk' key param in JWT header, but was not found");
Ensure.Contains(header, new[] { algIdHeader }, "EcdhKeyManagement algorithm expects 'enc' header to be present in JWT header, but was not found");
var epk = (IDictionary <string, object>)header["epk"];
Ensure.Contains(epk, new[] { "x", "y", "crv" }, "EcdhKeyManagement algorithm expects 'epk' key to contain 'x','y' and 'crv' fields.");
var x = Base64Url.Decode((string)epk["x"]);
var y = Base64Url.Decode((string)epk["y"]);
var externalPublicKey = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement);
return(DeriveKey(header, cekSizeBits, externalPublicKey, privateKey));
}
public static byte[][] Parse(string token)
{
if (token == null)
{
throw new ArgumentNullException(nameof(token));
}
string[] parts = token.Split('.');
var result = new byte[parts.Length][];
for (int i = 0; i < parts.Length; i++)
{
result[i] = Base64Url.Decode(parts[i]);
}
return(result);
}
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] numArray;
string str = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string.", new object[0]);
byte[] bytes = Encoding.UTF8.GetBytes(str);
Ensure.Contains(header, new string[] { "p2c" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2c' param in JWT header, but was not found", new object[0]);
Ensure.Contains(header, new string[] { "p2s" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2s' param in JWT header, but was not found", new object[0]);
byte[] bytes1 = Encoding.UTF8.GetBytes((string)header["alg"]);
int num = Convert.ToInt32(header["p2c"]);
byte[] numArray1 = Base64Url.Decode((string)header["p2s"]);
byte[] numArray2 = Arrays.Concat(new byte[][] { bytes1, Arrays.Zero, numArray1 });
using (HMAC pRF = this.PRF)
{
numArray = PBKDF2.DeriveKey(bytes, numArray2, num, this.keyLengthBits, pRF);
}
return(this.aesKW.Unwrap(encryptedCek, numArray, cekSizeBits, header));
}
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null)
{
Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null.");
if (token == null)
{
throw new ArgumentNullException(nameof(token));
}
string[] stringParts = token.Split('.');
if (stringParts.Length == 5) //encrypted JWT
{
byte[][] parts = Compact.Parse(token);
return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings));
}
else
{
//signed or plain JWT
byte[] header = Base64Url.Decode(stringParts[0]);
byte[] payload;
byte[] signature = Base64Url.Decode(stringParts[2]);
bool base64DecodePayload = GetBase64DecodeFlag(header);
//Always base 64 decode paylod, even in b64=false detached since we have already attached the payload and encoded it
payload = Base64Url.Decode(stringParts[1]);
byte[] securedInput;
if (base64DecodePayload)
{
securedInput = Encoding.UTF8.GetBytes(Compact.Serialize(header, payload));
}
else
{
var tmpBytes = Encoding.UTF8.GetBytes(Compact.Serialize(header) + ".");
securedInput = new byte[tmpBytes.Length + payload.Length];
System.Buffer.BlockCopy(tmpBytes, 0, securedInput, 0, tmpBytes.Length);
System.Buffer.BlockCopy(payload, 0, securedInput, tmpBytes.Length, payload.Length);
}
var jwtSettings = GetSettings(settings);
var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header));
var algorithm = (string)headerData["alg"];
var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm);
if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm)
{
throw new InvalidAlgorithmException(
"The algorithm type passed to the Decode method did not match the algorithm type in the header.");
}
var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm);
if (jwsAlgorithmImpl == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
if (!jwsAlgorithmImpl.Verify(signature, securedInput, key))
{
throw new IntegrityException("Invalid signature.");
}
return(payload);
}
}
