private static byte[] DecodeBytes(string token, object key = null, JwsAlgorithm?expectedJwsAlg = null, JweAlgorithm?expectedJweAlg = null, JweEncryption?expectedJweEnc = null, JwtSettings settings = null, byte[] payload = null) { Ensure.IsNotEmpty(token, "Incoming token expected to be in compact serialization form, not empty, whitespace or null."); var parts = Compact.Iterate(token); if (parts.Count == 5) //encrypted JWT { return(JWE.Decrypt(token, key, expectedJweAlg, expectedJweEnc, settings).PlaintextBytes); } else { //signed or plain JWT var jwtSettings = GetSettings(settings); byte[] header = parts.Next(); var headerData = jwtSettings.JsonMapper.Parse <Dictionary <string, object> >(Encoding.UTF8.GetString(header)); bool b64 = true; object value; if (headerData.TryGetValue("b64", out value)) { b64 = (bool)value; } byte[] contentPayload = parts.Next(b64); byte[] signature = parts.Next(); var effectivePayload = payload ?? contentPayload; var algorithm = (string)headerData["alg"]; var jwsAlgorithm = jwtSettings.JwsAlgorithmFromHeader(algorithm); if (expectedJwsAlg != null && expectedJwsAlg != jwsAlgorithm) { throw new InvalidAlgorithmException( "The algorithm type passed to the Decode method did not match the algorithm type in the header."); } var jwsAlgorithmImpl = jwtSettings.Jws(jwsAlgorithm); if (jwsAlgorithmImpl == null) { throw new JoseException(string.Format("Unsupported JWS algorithm requested: {0}", algorithm)); } if (!jwsAlgorithmImpl.Verify(signature, securedInput(header, effectivePayload, b64), key)) { throw new IntegrityException("Invalid signature."); } return(effectivePayload); } }
/// <summary> /// Encodes given binary data to JWT token and applies requested encryption/compression algorithms. /// </summary> /// <param name="payload">Binary data to encode (not null)</param> /// <param name="key">key for encryption, suitable for provided JWS algorithm, can be null.</param> /// <param name="alg">JWT algorithm to be used.</param> /// <param name="enc">encryption algorithm to be used.</param> /// <param name="compression">optional compression type to use.</param> /// <param name="extraHeaders">optional extra headers to pass along with the payload.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns> public static string EncodeBytes(byte[] payload, object key, JweAlgorithm alg, JweEncryption enc, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { return(JWE.EncryptBytes(payload, new JweRecipient[] { new JweRecipient(alg, key) }, enc, aad: null, SerializationMode.Compact, compression, extraHeaders, null, settings)); }