/// <summary>JWT検証</summary> private void btnJWTVerify_Click(object sender, EventArgs e) { bool ret = false; if (rbnJWTHS256.Checked) { // HS256 // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 //JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(this.txtJWTKey.Text, CustomEncode.UTF_8)); JWT_HS256 jwtHS256 = new JWT_HS256(this.txtJWTJWK.Text); ret = jwtHS256.Verify(newJWT); } else if (rbnJWTRS256_XML.Checked) { // RS256 (XML) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(this.txtJWTKey.Text); ret = jwtRS256.Verify(newJWT); } else if (rbnJWTRS256_Param.Checked) { // RS256 (Param) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 //JWT_RS256_Param jwtRS256 = new JWT_RS256_Param( // RS256_KeyConverter.XmlToProvider(this.txtJWTKey.Text).ExportParameters(false)); JWT_RS256_Param jwtRS256 = new JWT_RS256_Param( RS256_KeyConverter.JwkToProvider(this.txtJWTJWK.Text).ExportParameters(false)); ret = jwtRS256.Verify(newJWT); } else { // RS256 (X509) // 入力 string[] temp = this.txtJWTSign.Text.Split('.'); // 改変可能なフィールドから入力 string newJWT = CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTHeader.Text, CustomEncode.UTF_8)) + "." + CustomEncode.ToBase64UrlString(CustomEncode.StringToByte(this.txtJWTPayload.Text, CustomEncode.UTF_8)) + "." + temp[2]; // 検証 JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_cer, ""); ret = jwtRS256.Verify(newJWT); } if (ret) { MessageBox.Show("検証成功"); } else { MessageBox.Show("検証失敗"); } }
/// <summary>汎用認証サイトの発行したJWT形式のTokenを検証する。</summary> /// <param name="jwtAccessToken"> /// JWT形式のTokenで以下の項目が必要 /// - iss /// - aud /// - iat /// - exp /// - sub /// - roles (option) /// - scopes (option) /// - その他 (option) /// </param> /// <param name="sub">string</param> /// <param name="roles">List(string)</param> /// <param name="scopes">List(string)</param> /// <param name="jobj">JObject</param> /// <returns>検証結果</returns> public static bool Verify(string jwtAccessToken, out string sub, out List <string> roles, out List <string> scopes, out JObject jobj) { sub = ""; roles = new List <string>(); scopes = new List <string>(); jobj = null; JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(OAuth2AndOIDCParams.RS256Cer, ""); if (jwtRS256.Verify(jwtAccessToken)) { Base64UrlTextEncoder base64UrlEncoder = new Base64UrlTextEncoder(); string jwtPayload = Encoding.UTF8.GetString(base64UrlEncoder.Decode(jwtAccessToken.Split('.')[1])); jobj = ((JObject)JsonConvert.DeserializeObject(jwtPayload)); //string nonce = (string)jobj["nonce"]; string iss = (string)jobj["iss"]; string aud = (string)jobj["aud"]; //string iat = (string)jobj["iat"]; string exp = (string)jobj["exp"]; sub = (string)jobj["sub"]; if (jobj["roles"] != null) { roles = JsonConvert.DeserializeObject <List <string> >(jobj["roles"].ToString()); } if (jobj["scopes"] != null) { scopes = JsonConvert.DeserializeObject <List <string> >(jobj["scopes"].ToString()); } long unixTimeSeconds = 0; #if NET45 unixTimeSeconds = PubCmnFunction.ToUnixTime(DateTimeOffset.Now); #else unixTimeSeconds = DateTimeOffset.Now.ToUnixTimeSeconds(); #endif if (iss == OAuth2AndOIDCParams.Isser && aud == OAuth2AndOIDCParams.ClientID && long.Parse(exp) >= unixTimeSeconds) { // 認証に成功(OAuth2 Clientバージョンの実装) return(true); } else if (iss == OAuth2AndOIDCParams.Isser && OAuth2AndOIDCParams.ClientIDs.Any(x => x == aud) && long.Parse(exp) >= unixTimeSeconds) { // 認証に成功(OAuth2 ResourcesServerバージョンの実装) return(true); } else { // JWTの内容検証に失敗 } } else { // JWTの署名検証に失敗 } // 認証に失敗 return(false); }
/// <summary>JWT生成</summary> private void btnJWTSign_Click(object sender, EventArgs e) { if (rbnJWTHS256.Checked) { // HS256 string password = GetPassword.Generate(20, 10); JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(password, CustomEncode.UTF_8)); // 生成 string jwt = jwtHS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = password; this.txtJWTJWK.Text = jwtHS256.JWK; this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else if (rbnJWTRS256_XML.Checked) { // RS256 (XML) JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = jwtRS256.XMLPublicKey; this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey( RS256_KeyConverter.XmlToProvider(jwtRS256.XMLPublicKey).ExportParameters(false)); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else if (rbnJWTRS256_Param.Checked) { // RS256 (Param) JWT_RS256_Param jwtRS256 = new JWT_RS256_Param(); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = RS256_KeyConverter.ParamToXmlPublicKey(jwtRS256.RsaPublicParameters); this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey(jwtRS256.RsaPublicParameters); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else { // RS256 (X509) JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_pfx, this.CertificateFilePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = jwtRS256.DigitalSignX509.X509PublicKey; this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey( RS256_KeyConverter.X509CerToProvider( this.CertificateFilePath_cer).ExportParameters(false)); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } }