/// <summary>CreateJwtBearerTokenFlowAssertion</summary> /// <param name="iss">client_id</param> /// <param name="aud">Token2 EndPointのuri</param> /// <param name="forExp">DateTimeOffset</param> /// <param name="scopes">scopes</param> /// <param name="xmlPrivateKey">RS256用のXML秘密鍵</param> /// <returns>JwtAssertion</returns> public static string CreateJwtBearerTokenFlowAssertion( string iss, string aud, TimeSpan forExp, string scopes, string xmlPrivateKey) { string json = ""; string jwt = ""; #region ClaimSetの生成 Dictionary <string, object> jwtAssertionClaimSet = new Dictionary <string, object>(); jwtAssertionClaimSet.Add("iss", iss); // client_id jwtAssertionClaimSet.Add("aud", aud); // Token2 EndPointのuri。 #if NET45 jwtAssertionClaimSet.Add("exp", PubCmnFunction.ToUnixTime(DateTimeOffset.Now.Add(forExp)).ToString()); jwtAssertionClaimSet.Add("iat", PubCmnFunction.ToUnixTime(DateTimeOffset.Now).ToString()); #else jwtAssertionClaimSet.Add("exp", (DateTimeOffset.Now.Add(forExp)).ToUnixTimeSeconds().ToString()); jwtAssertionClaimSet.Add("iat", DateTimeOffset.Now.ToUnixTimeSeconds().ToString()); #endif jwtAssertionClaimSet.Add("jti", Guid.NewGuid().ToString("N")); jwtAssertionClaimSet.Add("scope", scopes); // scopes json = JsonConvert.SerializeObject(jwtAssertionClaimSet); #endregion #region JWT化 JWT_RS256_XML jwtRS256 = null; // 署名 jwtRS256 = new JWT_RS256_XML(xmlPrivateKey); jwt = jwtRS256.Create(json); // 検証 jwtRS256 = new JWT_RS256_XML(xmlPrivateKey); if (jwtRS256.Verify(jwt)) { return(jwt); // 検証できた。 } else { return(""); // 検証できなかった。 } #endregion }
/// <summary>JWT生成</summary> private void btnJWTSign_Click(object sender, EventArgs e) { if (rbnJWTHS256.Checked) { // HS256 string password = GetPassword.Generate(20, 10); JWT_HS256 jwtHS256 = new JWT_HS256(CustomEncode.StringToByte(password, CustomEncode.UTF_8)); // 生成 string jwt = jwtHS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = password; this.txtJWTJWK.Text = jwtHS256.JWK; this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else if (rbnJWTRS256_XML.Checked) { // RS256 (XML) JWT_RS256_XML jwtRS256 = new JWT_RS256_XML(); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = jwtRS256.XMLPublicKey; this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey( RS256_KeyConverter.XmlToProvider(jwtRS256.XMLPublicKey).ExportParameters(false)); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else if (rbnJWTRS256_Param.Checked) { // RS256 (Param) JWT_RS256_Param jwtRS256 = new JWT_RS256_Param(); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = RS256_KeyConverter.ParamToXmlPublicKey(jwtRS256.RsaPublicParameters); this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey(jwtRS256.RsaPublicParameters); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } else { // RS256 (X509) JWT_RS256_X509 jwtRS256 = new JWT_RS256_X509(this.CertificateFilePath_pfx, this.CertificateFilePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); // 生成 string jwt = jwtRS256.Create(this.txtJWTPayload.Text); // 出力 this.txtJWTKey.Text = jwtRS256.DigitalSignX509.X509PublicKey; this.txtJWTJWK.Text = RS256_KeyConverter.ParamToJwkPublicKey( RS256_KeyConverter.X509CerToProvider( this.CertificateFilePath_cer).ExportParameters(false)); this.txtJWTSign.Text = jwt; // 改竄可能なフィールドに出力 string[] temp = jwt.Split('.'); this.txtJWTHeader.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[0]), CustomEncode.UTF_8); this.txtJWTPayload.Text = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(temp[1]), CustomEncode.UTF_8); } }