private static JweToken ParseCompact(string jwe) { var parts = Compact.Iterate(jwe); var protectedHeaderBytes = parts.Next(); byte[] encryptedCek = parts.Next(); var iv = parts.Next(); var ciphertext = parts.Next(); var authTag = parts.Next(); var recipients = new List <JweRecipient>(); recipients.Add(new JweRecipient(encryptedCek, new Dictionary <string, object>())); return(new JweToken( protectedHeaderBytes: protectedHeaderBytes, unprotectedHeader: null, aad: null, recipients: recipients, iv: iv, ciphertext: ciphertext, authTag: authTag, encoding: SerializationMode.Compact)); }
private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null, byte[] payload = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); var parts = Compact.Iterate(token); if (parts.Count == 5) //encrypted JWT { return(JWE.Decrypt(token, key, expectedJweAlg, expectedJweEnc, settings).PlaintextBytes); } else { //signed or plain JWT var jwtSettings = GetSettings(settings); byte[] header = parts.Next(); var headerData = jwtSettings.JsonMapper.Parse <IDictionary <string, object> >(Encoding.UTF8.GetString(header)); bool b64 = true; object value; if (headerData.TryGetValue("b64", out value)) { b64 = (bool)value; } byte[] contentPayload = parts.Next(b64); byte[] signature = parts.Next(); var effectivePayload = payload ?? contentPayload; var algorithm = (string)headerData["alg"]; var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm); if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm) { throw new InvalidAlgorithmException( "The algorithm type passed to the Decode method did not match the algorithm type in the header."); } var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm); if (jwsAlgorithmImpl == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } if (!jwsAlgorithmImpl.Verify(signature, securedInput(header, effectivePayload, b64), key)) { throw new IntegrityException("Invalid signature."); } return(effectivePayload); } }
/// <summary> /// Parses signed JWT token, extracts and returns payload part as binary data. /// This method is NOT supported for encrypted JWT tokens. /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <returns>unmarshalled payload</returns> /// <exception cref="JoseException">if encrypted JWT token is provided</exception> public static byte[] PayloadBytes(string token, bool b64 = true) { var parts = Compact.Iterate(token); if (parts.Count < 3) { throw new JoseException( "The given token doesn't follow JWT format and must contains at least three parts."); } if (parts.Count > 3) { throw new JoseException( "Getting payload for encrypted tokens is not supported. Please use Jose.JWT.Decode() method instead."); } parts.Next(false); //skip header return(parts.Next(b64)); }
/// <summary> /// Parses JWT token, extracts and attempts to unmarshal headers to requested type /// This method is NOT performing integrity checking. /// </summary> /// <param name="token">signed JWT token</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <typeparam name="T">desired type after unmarshalling</typeparam> /// <returns>unmarshalled headers</returns> public static T Headers <T>(string token, JwtSettings settings = null) { var parts = Compact.Iterate(token); return(GetSettings(settings).JsonMapper.Parse <T>(Encoding.UTF8.GetString(parts.Next()))); }