Пример #1
0
        /// <summary>
        /// This constructor should be used to load and incoming token.
        /// </summary>
        /// <param name="token">The compact serialized token.</param>
        /// <param name="secret">The secret to validate the token.</param>
        /// <param name="validateSignature">A boolean value that indicates when token should be validated with the secret.</param>
        /// <param name="supportNoneAlgo">This property specifies whether the none algorithm should be supported. As this is a security risk, it has to be explicitly set to accept.</param>
        public JwtToken(string token, byte[] secret, bool validateSignature = true, bool supportNoneAlgo = false)
        {
            mIncoming = new JwtRoot(token);

            Header = new JOSEHeader(mIncoming.JoseHeader);
            if (!string.Equals(Header.Type, "JWT", StringComparison.InvariantCultureIgnoreCase))
            {
                throw new JwtTokenStructureInvalidException("The JWT declaration is not in the JOSE Header");
            }

            //Check that the algorithm is supported.
            var algo = Header.SupportedAlgorithm;

            if (algo == JwtHashAlgorithm.None && !supportNoneAlgo)
            {
                throw new JwtAlgorithmNoneNotAllowedException();
            }

            Claims = new JwtClaims(JwtRoot.UTF8ToJSONConvert(mIncoming.Raw[1]));

            if (validateSignature && !JwtValidateIncoming(mIncoming, algo, secret))
            {
                throw new JwtSignatureInvalidException();
            }
        }
Пример #2
0
        /// <summary>
        /// This method signs the token and returns it using JWS Compact Serialization notation.
        /// </summary>
        /// <param name="key">The key.</param>
        /// <returns>Returns a compact serialization key.</returns>
        public string ToString(byte[] key)
        {
            JwtHashAlgorithm algo = Header.SupportedAlgorithm;

            string b64joseHeader   = JwtHelper.SafeBase64UrlEncode(Encoding.UTF8.GetBytes(Header.ToString()));
            string b64jwtClaimsSet = JwtHelper.SafeBase64UrlEncode(Encoding.UTF8.GetBytes(Claims.ToString()));

            string signature = JwtRoot.CalculateAuthSignature(algo, key, b64joseHeader, b64jwtClaimsSet);

            return($"{b64joseHeader}.{b64jwtClaimsSet}.{signature}");
        }
Пример #3
0
        private bool JwtValidateIncoming(JwtRoot incoming, JwtHashAlgorithm algo, byte[] key)
        {
            if (incoming == null)
            {
                throw new ArgumentOutOfRangeException("Incoming token not set.");
            }

            if (key == null)
            {
                throw new ArgumentNullException("key", $"{nameof(JwtValidateIncoming)} - key cannot be null");
            }

            string b64joseHeader   = JwtHelper.SafeBase64UrlEncode(incoming.Raw[0]);
            string b64jwtClaimsSet = JwtHelper.SafeBase64UrlEncode(incoming.Raw[1]);

            var signed   = JwtRoot.CalculateAuthSignature(algo, key, b64joseHeader, b64jwtClaimsSet);
            var original = JwtHelper.SafeBase64UrlEncode(incoming.Raw[2]);

            return(original == signed);
        }