protected virtual System.IdentityModel.Tokens.SecurityToken VerifySignature(string signingInput, string signature, string algorithm, System.IdentityModel.Tokens.SecurityToken signingToken)
{
Utility.VerifyNonNullArgument("signingToken", signingToken);
bool flag = false;
System.IdentityModel.Tokens.SecurityToken result = null;
if (string.Equals(algorithm, "RS256", System.StringComparison.Ordinal))
{
System.IdentityModel.Tokens.X509SecurityToken x509SecurityToken = signingToken as System.IdentityModel.Tokens.X509SecurityToken;
if (x509SecurityToken == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported issuer token type for asymmetric signature.");
}
System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = x509SecurityToken.Certificate.PublicKey.Key as System.Security.Cryptography.RSACryptoServiceProvider;
if (rSACryptoServiceProvider == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported asymmetric signing algorithm.");
}
using (X509AsymmetricSignatureProvider x509AsymmetricSignatureProvider = new X509AsymmetricSignatureProvider(rSACryptoServiceProvider))
{
flag = x509AsymmetricSignatureProvider.Verify(Base64UrlEncoder.TextEncoding.GetBytes(signingInput), Base64UrlEncoder.DecodeBytes(signature));
if (flag)
{
result = signingToken;
}
goto IL_133;
}
}
if (string.Equals(algorithm, "HS256", System.StringComparison.Ordinal))
{
byte[] bytes = Base64UrlEncoder.TextEncoding.GetBytes(signingInput);
byte[] signature2 = Base64UrlEncoder.DecodeBytes(signature);
using (System.Collections.Generic.IEnumerator <System.IdentityModel.Tokens.SecurityKey> enumerator = signingToken.SecurityKeys.GetEnumerator())
{
while (enumerator.MoveNext())
{
System.IdentityModel.Tokens.SecurityKey current = enumerator.Current;
System.IdentityModel.Tokens.SymmetricSecurityKey symmetricSecurityKey = current as System.IdentityModel.Tokens.SymmetricSecurityKey;
if (symmetricSecurityKey != null)
{
using (SymmetricSignatureProvider symmetricSignatureProvider = new SymmetricSignatureProvider(symmetricSecurityKey))
{
flag = symmetricSignatureProvider.Verify(bytes, signature2);
if (flag)
{
result = new BinarySecretSecurityToken(symmetricSecurityKey.GetSymmetricKey());
break;
}
}
}
}
goto IL_133;
}
}
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported signing algorithm.");
IL_133:
if (!flag)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid issuer or signature.");
}
return(result);
}
private System.IdentityModel.Tokens.SecurityToken ReadTokenCore(string token, bool isActorToken)
{
Utility.VerifyNonNullOrEmptyStringArgument("token", token);
if (base.Configuration == null)
{
throw new System.InvalidOperationException("No configuration");
}
if (base.Configuration.IssuerTokenResolver == null)
{
throw new System.InvalidOperationException("No configured IssuerTokenResolver");
}
if (!this.CanReadToken(token))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Unsupported security token.");
}
string[] array = token.Split(new char[]
{
'.'
});
string text = array[0];
string text2 = array[1];
string text3 = array[2];
System.Collections.Generic.Dictionary <string, string> dictionary = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal);
dictionary.DecodeFromJson(Base64UrlEncoder.Decode(text));
System.Collections.Generic.Dictionary <string, string> dictionary2 = new System.Collections.Generic.Dictionary <string, string>(System.StringComparer.Ordinal);
dictionary2.DecodeFromJson(Base64UrlEncoder.Decode(text2));
string text4;
dictionary.TryGetValue("alg", out text4);
System.IdentityModel.Tokens.SecurityToken issuerToken = null;
if (!System.StringComparer.Ordinal.Equals(text4, "none"))
{
if (string.IsNullOrEmpty(text3))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Missing signature.");
}
System.IdentityModel.Tokens.SecurityKeyIdentifier signingKeyIdentifier = this.GetSigningKeyIdentifier(dictionary, dictionary2);
System.IdentityModel.Tokens.SecurityToken securityToken;
base.Configuration.IssuerTokenResolver.TryResolveToken(signingKeyIdentifier, out securityToken);
if (securityToken == null)
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Could not resolve issuer token.");
}
issuerToken = this.VerifySignature(string.Format(System.Globalization.CultureInfo.InvariantCulture, "{0}.{1}", new object[]
{
text,
text2
}), text3, text4, securityToken);
}
JsonWebSecurityToken actorToken = null;
if (!isActorToken)
{
actorToken = this.ReadActor(dictionary2);
}
string text5;
dictionary2.TryGetValue("iss", out text5);
if (string.IsNullOrEmpty(text5))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an issuer.");
}
string text6;
dictionary2.TryGetValue("aud", out text6);
if (string.IsNullOrEmpty(text6))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an audience.");
}
string text7;
dictionary2.TryGetValue("nbf", out text7);
if (string.IsNullOrEmpty(text7))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an 'not before' claim.");
}
System.DateTime dateTimeFromSeconds = this.GetDateTimeFromSeconds(text7);
text7 = "";
dictionary2.TryGetValue("exp", out text7);
if (string.IsNullOrEmpty(text7))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("The token being parsed does not have an 'expires at' claim.");
}
System.DateTime dateTimeFromSeconds2 = this.GetDateTimeFromSeconds(text7);
JsonWebSecurityToken jsonWebSecurityToken = new JsonWebSecurityToken(text5, text6, dateTimeFromSeconds, dateTimeFromSeconds2, this.CreateClaims(dictionary2), issuerToken, actorToken);
jsonWebSecurityToken.CaptureSourceData(token);
return(jsonWebSecurityToken);
}
public static string Decode(string arg)
{
return(Base64UrlEncoder.TextEncoding.GetString(Base64UrlEncoder.DecodeBytes(arg)));
}
protected virtual System.IdentityModel.Tokens.SecurityKeyIdentifier GetSigningKeyIdentifier(System.Collections.Generic.IDictionary <string, string> header, System.Collections.Generic.IDictionary <string, string> payload)
{
string x;
if (!header.TryGetValue("alg", out x))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No signature algorithm specified in token header.");
}
System.IdentityModel.Tokens.SecurityKeyIdentifierClause securityKeyIdentifierClause;
if (System.StringComparer.Ordinal.Equals(x, "RS256"))
{
string arg;
if (!header.TryGetValue("x5t", out arg))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. No certificate thumbprint specified in token header.");
}
securityKeyIdentifierClause = new System.IdentityModel.Tokens.X509ThumbprintKeyIdentifierClause(Base64UrlEncoder.DecodeBytes(arg));
}
else
{
if (!System.StringComparer.Ordinal.Equals(x, "HS256"))
{
throw new System.IdentityModel.Tokens.SecurityTokenException("Invalid JWT token. Didn't find a supported signature algorithm in token header.");
}
string issuer;
payload.TryGetValue("iss", out issuer);
securityKeyIdentifierClause = new SymmetricIssuerKeyIdentifierClause(issuer);
}
return(new System.IdentityModel.Tokens.SecurityKeyIdentifier(new System.IdentityModel.Tokens.SecurityKeyIdentifierClause[]
{
securityKeyIdentifierClause
}));
}
public static string Encode(string arg)
{
Utility.VerifyNonNullOrEmptyStringArgument("arg", arg);
return(Base64UrlEncoder.Encode(Base64UrlEncoder.TextEncoding.GetBytes(arg)));
}
