private static JweToken ParseJson(IDictionary <string, object> json)
{
var recipients = new List <JweRecipient>();
IEnumerable _recipients = Dictionaries.Get <IEnumerable>(json, "recipients");
if (_recipients != null)
{
foreach (IDictionary <string, object> recipient in _recipients)
{
byte[] encryptedCek = Base64Url.Decode(Dictionaries.Get <string>(recipient, "encrypted_key"));
recipients.Add(new JweRecipient(encryptedCek, Dictionaries.Get <IDictionary <string, object> >(recipient, "header")));
}
}
else if (recipients.Count == 0)
{
byte[] encryptedCek = Base64Url.Decode(Dictionaries.Get <string>(json, "encrypted_key"));
recipients.Add(new JweRecipient(encryptedCek, Dictionaries.Get <IDictionary <string, object> >(json, "header")));
}
var _protected = Dictionaries.Get <string>(json, "protected");
var _aad = Dictionaries.Get <string>(json, "aad");
return(new JweToken(
protectedHeaderBytes: _protected == null ? new byte[0] : Base64Url.Decode(_protected),
unprotectedHeader: Dictionaries.Get <IDictionary <string, object> >(json, "unprotected"),
recipients: recipients,
aad: _aad == null ? null : Base64Url.Decode(_aad),
iv: Base64Url.Decode(Dictionaries.Get <string>(json, "iv")),
ciphertext: Base64Url.Decode(Dictionaries.Get <string>(json, "ciphertext")),
authTag: Base64Url.Decode(Dictionaries.Get <string>(json, "tag")),
encoding: SerializationMode.Json));
}
public static JwkSet FromDictionary(IDictionary <string, object> data)
{
var keyList = Dictionaries.Get <IEnumerable <object> >(data, "keys");
JwkSet result = new JwkSet();
foreach (var key in keyList)
{
result.Add(Jwk.FromDictionary((IDictionary <string, object>)key));
}
return(result);
}
/// <summary>
/// Encodes given binary data to JWT token and sign it using given algorithm.
/// </summary>
/// <param name="payload">Binary data to encode (not null)</param>
/// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param>
/// <param name="algorithm">JWT algorithm to be used.</param>
/// <param name="extraHeaders">optional extra headers to pass along with the payload.</param>
/// <param name="settings">optional settings to override global DefaultSettings</param>
/// <param name="options">additional encoding options</param>
/// <returns>JWT in compact serialization form, digitally signed.</returns>
public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null)
{
if (payload == null)
{
throw new ArgumentNullException(nameof(payload));
}
var jwtSettings = GetSettings(settings);
var jwtOptions = options ?? JwtOptions.Default;
var jwtHeader = new Dictionary <string, object> {
{ "alg", jwtSettings.JwsHeaderValue(algorithm) }
};
if (extraHeaders == null) //allow overload, but keep backward compatible defaults
{
extraHeaders = new Dictionary <string, object> {
{ "typ", "JWT" }
};
}
if (!jwtOptions.EncodePayload)
{
jwtHeader["b64"] = false;
jwtHeader["crit"] = Collections.Union(new[] { "b64" }, Dictionaries.Get <object>(extraHeaders, "crit"));
}
Dictionaries.Append(jwtHeader, extraHeaders);
byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader));
var jwsAlgorithm = jwtSettings.Jws(algorithm);
if (jwsAlgorithm == null)
{
throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm));
}
byte[] signature = jwsAlgorithm.Sign(securedInput(headerBytes, payload, jwtOptions.EncodePayload), key);
byte[] payloadBytes = jwtOptions.DetachPayload ? new byte[0] : payload;
return(jwtOptions.EncodePayload
? Compact.Serialize(headerBytes, payloadBytes, signature)
: Compact.Serialize(headerBytes, Encoding.UTF8.GetString(payloadBytes), signature));
}