protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken) { Utility.VerifyNonNullArgument("signingToken", signingToken); bool flag = false; System.IdentityModel.Tokens.SecurityToken result = null; if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal)) { System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken; if (x509SecurityToken == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature."); } System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider; if (rSACryptoServiceProvider == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm."); } using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider)) { flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature)); if (flag) { result = signingToken; } goto IL_133; } } if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal)) { byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput); byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature); using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator()) { while (enumerator.MoveNext()) { System.IdentityModel.Tokens.SecurityKey current = enumerator.Current; System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey; if (symmetricSecurityKey != null) { using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey)) { flag = symmetricSignatureProvider.Verify(bytes, signature2); if (flag) { result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey()); break; } } } } goto IL_133; } } throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm."); IL_133: if (!flag) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature."); } return(result); }
private System.IdentityModel.Tokens.SecurityToken ReadTokenCore(string token, bool isActorToken) { Utility.VerifyNonNullOrEmptyStringArgument("token", token); if (base.Configuration == null) { throw new System.InvalidOperationException("No configuration"); } if (base.Configuration.IssuerTokenResolver == null) { throw new System.InvalidOperationException("No configured IssuerTokenResolver"); } if (!this.CanReadToken(token)) { throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported security token."); } string[] array = token.Split(new char[] { '.' }); string text = array[0]; string text2 = array[1]; string text3 = array[2]; System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal); dictionary.DecodeFromJson(Base64UrlEncoder.Decode(text)); System.Collections.Generic.Dictionary <string, string> dictionary2 = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal); dictionary2.DecodeFromJson(Base64UrlEncoder.Decode(text2)); string text4; dictionary.TryGetValue("alg", out text4); System.IdentityModel.Tokens.SecurityToken issuerToken = null; if (!System.StringComparer.Ordinal.Equals(text4, "none")) { if (string.IsNullOrEmpty(text3)) { throw new System.IdentityModel.Tokens.SecurityTokenException("Missing signature."); } System.IdentityModel.Tokens.SecurityKeyIdentifier signingKeyIdentifier = this.GetSigningKeyIdentifier(dictionary, dictionary2); System.IdentityModel.Tokens.SecurityToken securityToken; base.Configuration.IssuerTokenResolver.TryResolveToken(signingKeyIdentifier, out securityToken); if (securityToken == null) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Could not resolve issuer token."); } issuerToken = this.VerifySignature(string.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}.{1}", new object[] { text, text2 }), text3, text4, securityToken); } JsonWebSecurityToken actorToken = null; if (!isActorToken) { actorToken = this.ReadActor(dictionary2); } string text5; dictionary2.TryGetValue("iss", out text5); if (string.IsNullOrEmpty(text5)) { throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an issuer."); } string text6; dictionary2.TryGetValue("aud", out text6); if (string.IsNullOrEmpty(text6)) { throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an audience."); } string text7; dictionary2.TryGetValue("nbf", out text7); if (string.IsNullOrEmpty(text7)) { throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an 'not before' claim."); } System.DateTime dateTimeFromSeconds = this.GetDateTimeFromSeconds(text7); text7 = ""; dictionary2.TryGetValue("exp", out text7); if (string.IsNullOrEmpty(text7)) { throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an 'expires at' claim."); } System.DateTime dateTimeFromSeconds2 = this.GetDateTimeFromSeconds(text7); JsonWebSecurityToken jsonWebSecurityToken = new JsonWebSecurityToken(text5, text6, dateTimeFromSeconds, dateTimeFromSeconds2, this.CreateClaims(dictionary2), issuerToken, actorToken); jsonWebSecurityToken.CaptureSourceData(token); return(jsonWebSecurityToken); }
public static string Decode(string arg) { return(Base64UrlEncoder.TextEncoding.GetString(Base64UrlEncoder.DecodeBytes(arg))); }
protected virtual System.IdentityModel.Tokens.SecurityKeyIdentifier GetSigningKeyIdentifier(System.Collections.Generic.IDictionary <string, string> header, System.Collections.Generic.IDictionary <string, string> payload) { string x; if (!header.TryGetValue("alg", out x)) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No signature algorithm specified in token header."); } System.IdentityModel.Tokens.SecurityKeyIdentifierClause securityKeyIdentifierClause; if (System.StringComparer.Ordinal.Equals(x, "RS256")) { string arg; if (!header.TryGetValue("x5t", out arg)) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No certificate thumbprint specified in token header."); } securityKeyIdentifierClause = new System.IdentityModel.Tokens.X509ThumbprintKeyIdentifierClause(Base64UrlEncoder.DecodeBytes(arg)); } else { if (!System.StringComparer.Ordinal.Equals(x, "HS256")) { throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Didn't find a supported signature algorithm in token header."); } string issuer; payload.TryGetValue("iss", out issuer); securityKeyIdentifierClause = new SymmetricIssuerKeyIdentifierClause(issuer); } return(new System.IdentityModel.Tokens.SecurityKeyIdentifier(new System.IdentityModel.Tokens.SecurityKeyIdentifierClause[] { securityKeyIdentifierClause })); }
public static string Encode(string arg) { Utility.VerifyNonNullOrEmptyStringArgument("arg", arg); return(Base64UrlEncoder.Encode(Base64UrlEncoder.TextEncoding.GetBytes(arg))); }