示例#1
0
            //exmple
            //"eyJhbGciOiJSUzI1NiIsInR5cGUiOiJKV1QifQ.
            //eyJyZWZlcmVuY2UxIjoiNiIsInJlZmVyZW5jZTIiOiI0IiwicmVmZXJlbmNlMyI6bnVsbCwicmVmZXJlbmNlNCI6IjYiLCJzY29wZSI6Imh0dHA6Ly9wZXJjZW50LmNvbXBsZXRlL21hbmdvL2FwaS90aXRhbi8iLCJhdWRpZW5jZSI6Imh0dHA6Ly9wZXJjZW50LmNvbXBsZXRlLyIsImV4cGlyYXRpb24iOjE0OTQ4MDU5ODYsImlzc3VlZF9hdCI6MTQ5NDc2OTk4NiwidmFsaWQiOmZhbHNlfQ
            //._3aBo6Y2xZ4darI9CR9Eq07jhJrEnj-KjsJfYBiszM4"
            public static titan_token Decode(string token, byte[] keyBytes, bool verify){
                if(String.IsNullOrWhiteSpace(token) || null==keyBytes) {
                    titan_token t=new titan_token();
                    t.valid=false;
                    return t;
                }
                System.Web.Script.Serialization.JavaScriptSerializer jss = new System.Web.Script.Serialization.JavaScriptSerializer();
                var parts = token.Split('.');
                var header = parts[0];
                var payload = parts[1];
                byte[] crypto = Base64UrlDecode(parts[2]);
                

                var headerJSON = Encoding.UTF8.GetString(Base64UrlDecode(header));
                var payloadJSON=Encoding.UTF8.GetString(Base64UrlDecode(payload));
                jwt_header headerData = jss.Deserialize<jwt_header>(headerJSON);
                titan_token t_token=jss.Deserialize<titan_token>(payloadJSON);
                
                if (verify){
                    var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(header, ".", payload));
                    //var keyBytes    = Encoding.UTF8.GetBytes(key);
                    var algorithm   = headerData.alg;

                    var signature = HashAlgorithms[GetHashAlgorithm(algorithm)](keyBytes, bytesToSign);
                    var decodedCrypto = Convert.ToBase64String(crypto);
                    var decodedSignature = Convert.ToBase64String(signature);
                    var utc0 = new DateTime(1970,1,1,0,0,0,0, DateTimeKind.Utc);
                    var now = DateTime.Now;

                    var time = (int)now.Subtract(utc0).TotalSeconds;
            
                    if (decodedCrypto != decodedSignature || time<t_token.issued_at || time>t_token.expiration ){       //invalid signatures or expirations... blow up!
                        throw new ApplicationException(string.Format("Invalid signature. Expected {0} got {1}", decodedCrypto, decodedSignature));
                    }
                    t_token.valid=true;
                }
                

                return t_token;
            }
示例#2
0
            public static string Encode(titan_token payload, byte[] keyBytes, JwtHashAlgorithm algorithm){
                System.Web.Script.Serialization.JavaScriptSerializer jss = new System.Web.Script.Serialization.JavaScriptSerializer();
                var segments = new List<string>();
                jwt_header header= new jwt_header();
                header.alg=algorithm.ToString();
                header.type="JWT";

                byte[] headerBytes = Encoding.UTF8.GetBytes(jss.Serialize(header));
                byte[] payloadBytes = Encoding.UTF8.GetBytes(jss.Serialize(payload));

                segments.Add(Base64UrlEncode(headerBytes));
                segments.Add(Base64UrlEncode(payloadBytes));

                var stringToSign = string.Join(".", segments.ToArray());

                var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

                byte[] signature = HashAlgorithms[algorithm](keyBytes, bytesToSign);
                segments.Add(Base64UrlEncode(signature));

                return string.Join(".", segments.ToArray());
            }