private static string Decode(string token, object key = null, JwsAlgorithm?jwsAlg = null, JweAlgorithm?jweAlg = null, JweEncryption?jweEnc = null, JwtSettings settings = null, string payload = null, bool requireSignature = false) { byte[] detached = payload != null?Encoding.UTF8.GetBytes(payload) : null; byte[] payloadBytes = DecodeBytes(token, key, jwsAlg, jweAlg, jweEnc, settings, detached, requireSignature); return(Encoding.UTF8.GetString(payloadBytes)); }
/// <summary> /// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting json string will be parsed and mapped to desired type via configured IJsonMapper implementation. /// </summary> /// <typeparam name="T">Deserid object type after json mapping</typeparam> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used, can be null.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>object of provided T, result of decoded json mapping</returns> /// <exception cref="IntegrityException">if signature validation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception> public static T Decode <T>(string token, object key = null, JwtSettings settings = null, bool requireSignature = false) { return(GetSettings(settings).JsonMapper.Parse <T>(Decode(token, key, settings, null, requireSignature))); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null, byte[] payload = null, bool requireSignature = false) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); Compact.Iterator parts = Compact.Iterate(token); if (parts.Count == 5) //encrypted JWT { return(DecryptBytes(parts, key, expectedJweAlg, expectedJweEnc, settings)); } else { //signed or plain JWT JwtSettings jwtSettings = GetSettings(settings); byte[] header = parts.Next(); Dictionary <string, object> headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header)); bool b64 = true; if (headerData.TryGetValue("b64", out object value)) { b64 = (bool)value; } byte[] contentPayload = parts.Next(b64); byte[] signature = parts.Next(); byte[] effectivePayload = payload ?? contentPayload; if (requireSignature && signature.Length == 0) { throw new JoseException("Payload is missing required signature"); } string algorithm = (string)headerData["alg"]; JwsAlgorithm jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm); if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm) { throw new InvalidAlgorithmException("The algorithm type passed to the Decode method did not match the algorithm type in the header."); } IJwsAlgorithm jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm); if (jwsAlgorithmImpl == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } // If the key has not been specified, attempt to read it from the header. if (key == null && headerData.ContainsKey("kid") && jwsAlgorithm != JwsAlgorithm.none) { if (jwsAlgorithm == JwsAlgorithm.ES256K) { key = (BitcoinPubKeyAddress)BitcoinPubKeyAddress.Create((string)headerData["kid"], jwtSettings.Network); } else { key = (string)headerData["kid"]; } } if (!jwsAlgorithmImpl.Verify(signature, securedInput(header, effectivePayload, b64), key)) { throw new IntegrityException("Invalid signature."); } return(effectivePayload); } }
/// <summary> /// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting binary payload is returned untouched (e.g. no parsing or mapping) /// </summary> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used, can be null.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="payload">optional detached payload</param> /// <returns>The payload as binary data</returns> /// <exception cref="IntegrityException">if signature validation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception> public static byte[] DecodeBytes(string token, object key = null, JwtSettings settings = null, byte[] payload = null) { return(DecodeBytes(token, key, null, null, null, settings, payload)); }
/// <summary> /// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting json string will be parsed and mapped to desired type via configured IJsonMapper implementation. /// </summary> /// <typeparam name="T">Deserid object type after json mapping</typeparam> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used.</param> /// <param name="alg">The algorithm type that we expect to receive in the header.</param> /// <param name="enc">The encryption type that we expect to receive in the header.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>object of provided T, result of decoded json mapping</returns> /// <exception cref="IntegrityException">if signature validation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception> public static T Decode <T>(string token, object key, JweAlgorithm alg, JweEncryption enc, JwtSettings settings = null) { return(GetSettings(settings).JsonMapper.Parse <T>(Decode(token, key, alg, enc, settings))); }
static JWT() { defaultSettings = new JwtSettings(); }
/// <summary> /// Parses signed JWT token, extracts payload part and attempts to unmarshal string to requested type with configured json mapper. /// This method is NOT supported for encrypted JWT tokens. /// This method is NOT performing integrity checking. /// </summary> /// <typeparam name="T">desired type after unmarshalling</typeparam> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>unmarshalled payload</returns> /// <exception cref="JoseException">if encrypted JWT token is provided</exception> public static T Payload <T>(string token, JwtSettings settings = null) { return(GetSettings(settings).JsonMapper.Parse <T>(Payload(token))); }
/// <summary> /// Encodes given binary data to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="options">additional encoding options</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string EncodeBytes(byte[] payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } JwtSettings jwtSettings = GetSettings(settings); JwtOptions jwtOptions = options ?? JwtOptions.Default; var jwtHeader = new Dictionary <string, object> { { "alg", jwtSettings.JwsHeaderValue(algorithm) } }; if (extraHeaders == null) //allow overload, but keep backward compatible defaults { extraHeaders = new Dictionary <string, object> { { "typ", "JWT" } }; } if (!jwtOptions.EncodePayload) { jwtHeader["b64"] = false; jwtHeader["crit"] = Collections.Union(new[] { "b64" }, Dictionaries.Get(extraHeaders, "crit")); } Dictionaries.Append(jwtHeader, extraHeaders); byte[] headerBytes = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader)); IJwsAlgorithm jwsAlgorithm = jwtSettings.Jws(algorithm); if (jwsAlgorithm == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } byte[] signature = jwsAlgorithm.Sign(securedInput(headerBytes, payload, jwtOptions.EncodePayload), key); byte[] payloadBytes = jwtOptions.DetachPayload ? new byte[0] : payload; return(jwtOptions.EncodePayload ? Compact.Serialize(headerBytes, payloadBytes, signature) : Compact.Serialize(headerBytes, Encoding.UTF8.GetString(payloadBytes), signature)); }
/// <summary> /// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting bytes of the payload are returned untouched (e.g. no parsing or mapping) /// </summary> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used.</param> /// <param name="alg">The algorithm type that we expect to receive in the header.</param> /// <param name="enc">The encryption type that we expect to receive in the header.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>Decrypted payload as binary data</returns> /// <exception cref="IntegrityException">if signature validation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception> public static byte[] DecodeBytes(string token, object key, JweAlgorithm alg, JweEncryption enc, JwtSettings settings = null, bool requireSignature = false) { return(DecodeBytes(token, key, null, alg, enc, settings, null, requireSignature)); }
/// <summary> /// Serialize and encodes object to JWT token and sign it using given algorithm. /// Json string to encode will be obtained via configured IJsonMapper implementation. /// </summary> /// <param name="payload">object to map to json string and encode</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="options">additional encoding options</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string Encode(object payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null) { return(Encode(GetSettings(settings).JsonMapper.Serialize(payload), key, algorithm, extraHeaders, settings, options)); }
/// <summary> /// Encodes given json string to JWT token and sign it using given algorithm. /// </summary> /// <param name="payload">json string to encode (not null or whitespace)</param> /// <param name="key">key for signing, suitable for provided JWS algorithm, can be null.</param> /// <param name="algorithm">JWT algorithm to be used.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="options">additional encoding options</param> /// <returns>JWT in compact serialization form, digitally signed.</returns> public static string Encode(string payload, object key, JwsAlgorithm algorithm, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null, JwtOptions options = null) { Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null."); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); return(EncodeBytes(payloadBytes, key, algorithm, extraHeaders, settings, options)); }
/// <summary> /// Encodes given binary data to JWT token and applies requested encryption/compression algorithms. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param> /// <param name="alg">JWT algorithm to be used.</param> /// <param name="enc">encryption algorithm to be used.</param> /// <param name="compression">optional compression type to use.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns> public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } JwtSettings jwtSettings = GetSettings(settings); IKeyManagement keys = jwtSettings.Jwa(alg); IJweAlgorithm _enc = jwtSettings.Jwe(enc); if (keys == null) { throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", alg)); } if (_enc == null) { throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", enc)); } IDictionary <string, object> jwtHeader = new Dictionary <string, object> { { "alg", jwtSettings.JwaHeaderValue(alg) }, { "enc", jwtSettings.JweHeaderValue(enc) } }; Dictionaries.Append(jwtHeader, extraHeaders); byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, key, jwtHeader); byte[] cek = contentKeys[0]; byte[] encryptedCek = contentKeys[1]; if (compression.HasValue) { jwtHeader["zip"] = jwtSettings.CompressionHeader(compression.Value); payload = jwtSettings.Compression(compression.Value).Compress(payload); } byte[] header = Encoding.UTF8.GetBytes(jwtSettings.JsonMapper.Serialize(jwtHeader)); byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header)); byte[][] encParts = _enc.Encrypt(aad, payload, cek); return(Compact.Serialize(header, encryptedCek, encParts[0], encParts[1], encParts[2])); }
/// <summary> /// Encodes given json string to JWT token and applies requested encryption/compression algorithms. /// Json string to encode will be obtained via configured IJsonMapper implementation. /// </summary> /// <param name="payload">json string to encode (not null or whitespace)</param> /// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param> /// <param name="alg">JWT algorithm to be used.</param> /// <param name="enc">encryption algorithm to be used.</param> /// <param name="compression">optional compression type to use.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns> public static string Encode(string payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { Ensure.IsNotEmpty(payload, "Payload expected to be not empty, whitespace or null."); byte[] plainText = Encoding.UTF8.GetBytes(payload); return(EncodeBytes(plainText, key, alg, enc, compression, extraHeaders, settings)); }
/// <summary> /// Serialize and encodes object to JWT token and applies requested encryption/compression algorithms. /// </summary> /// <param name="payload">json string to encode</param> /// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param> /// <param name="alg">JWT algorithm to be used.</param> /// <param name="enc">encryption algorithm to be used.</param> /// <param name="compression">optional compression type to use.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns> public static string Encode(object payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { return(Encode(GetSettings(settings).JsonMapper.Serialize(payload), key, alg, enc, compression, extraHeaders, settings)); }
private static byte[] DecryptBytes(Compact.Iterator parts, object key, JweAlgorithm?jweAlg, JweEncryption?jweEnc, JwtSettings settings = null) { byte[] header = parts.Next(); byte[] encryptedCek = parts.Next(); byte[] iv = parts.Next(); byte[] cipherText = parts.Next(); byte[] authTag = parts.Next(); JwtSettings jwtSettings = GetSettings(settings); IDictionary <string, object> jwtHeader = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header)); JweAlgorithm headerAlg = jwtSettings.JwaAlgorithmFromHeader((string)jwtHeader["alg"]); JweEncryption headerEnc = jwtSettings.JweAlgorithmFromHeader((string)jwtHeader["enc"]); IKeyManagement keys = jwtSettings.Jwa(headerAlg); IJweAlgorithm enc = jwtSettings.Jwe(headerEnc); if (keys == null) { throw new JoseException(string.Format("Unsupported JWA algorithm requested: {0}", headerAlg)); } if (enc == null) { throw new JoseException(string.Format("Unsupported JWE algorithm requested: {0}", headerEnc)); } if (jweAlg != null && (JweAlgorithm)jweAlg != headerAlg) { throw new InvalidAlgorithmException("The algorithm type passed to the Decrypt method did not match the algorithm type in the header."); } if (jweEnc != null && (JweEncryption)jweEnc != headerEnc) { throw new InvalidAlgorithmException("The encryption type passed to the Decrypt method did not match the encryption type in the header."); } byte[] cek = keys.Unwrap(encryptedCek, key, enc.KeySize, jwtHeader); byte[] aad = Encoding.UTF8.GetBytes(Compact.Serialize(header)); byte[] plainText = enc.Decrypt(aad, cek, iv, cipherText, authTag); if (jwtHeader.ContainsKey("zip")) { ICompression compression = jwtSettings.Compression((string)jwtHeader["zip"]); plainText = compression.Decompress(plainText); } return(plainText); }
/// <summary> /// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting bytes of the payload are returned untouched (e.g. no parsing or mapping) /// </summary> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used.</param> /// <param name="alg">The algorithm type that we expect to receive in the header.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="payload">optional detached payload</param> /// <returns>The payload as binary data</returns> /// <exception cref="IntegrityException">if signature validation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception> public static byte[] DecodeBytes(string token, object key, JwsAlgorithm alg, JwtSettings settings = null, byte[] payload = null, bool requireSignature = false) { return(DecodeBytes(token, key, alg, null, null, settings, payload, requireSignature)); }
private static JwtSettings GetSettings(JwtSettings settings) { return(settings ?? defaultSettings); }
/// <summary> /// Decodes JWT token by performing necessary decompression/decryption and signature verification as defined in JWT token header. /// Resulting json string is returned untouched (e.g. no parsing or mapping) /// </summary> /// <param name="token">JWT token in compact serialization form.</param> /// <param name="key">key for decoding suitable for JWT algorithm used, can be null.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <param name="payload">optional detached payload</param> /// <returns>decoded json string</returns> /// <exception cref="IntegrityException">if signature validation failed</exception> /// <exception cref="EncryptionException">if JWT token can't be decrypted</exception> /// <exception cref="InvalidAlgorithmException">if JWT signature, encryption or compression algorithm is not supported</exception> public static string Decode(string token, object key = null, JwtSettings settings = null, string payload = null, bool requireSignature = false) { return(Decode(token, key, null, null, null, settings, payload, requireSignature)); }
/// <summary> /// Parses JWT token, extracts and unmarshal headers as IDictionary<string, object>. /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>unmarshalled headers</returns> public static IDictionary <string, object> Headers(string token, JwtSettings settings = null) { return(Headers <IDictionary <string, object> >(token, settings)); }
/// <summary> /// Parses JWT token, extracts and attempts to unmarshal headers to requested type /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <typeparam name="T">desired type after unmarshalling</typeparam> /// <returns>unmarshalled headers</returns> public static T Headers <T>(string token, JwtSettings settings = null) { Compact.Iterator parts = Compact.Iterate(token); return(GetSettings(settings).JsonMapper.Parse <T>(Encoding.UTF8.GetString(parts.Next()))); }