/// <summary>
/// Gets a user JWT from a user JWT or chained credentials file.
/// </summary>
/// <param name="path">Full path to the JWT or cred file.</param>
/// <returns>The encoded JWT</returns>
public static string LoadUserFromFile(string path)
{
string text = null;
string line = null;
StringReader reader = null;
try
{
text = File.ReadAllText(path).Trim();
if (string.IsNullOrEmpty(text))
{
throw new NATSException("Credentials file is empty");
}
reader = new StringReader(text);
for (line = reader.ReadLine(); line != null; line = reader.ReadLine())
{
if (line.Contains("-----BEGIN NATS USER JWT-----"))
{
return(reader.ReadLine());
}
Nkeys.Wipe(line);
}
throw new NATSException("Credentials file does not contain a JWT");
}
finally
{
Nkeys.Wipe(text);
Nkeys.Wipe(line);
reader?.Dispose();
}
}
/// <summary>
/// Generates a NATS Ed25519 keypair, used to sign server nonces, from a
/// private credentials file.
/// </summary>
/// <param name="path">The credentials file, could be a "*.nk" or "*.creds" file.</param>
/// <returns>A NATS Ed25519 KeyPair</returns>
public static NkeyPair LoadNkeyPairFromSeedFile(string path)
{
NkeyPair kp = null;
string text = null;
string line = null;
string seed = null;
StringReader reader = null;
try
{
text = File.ReadAllText(path).Trim();
if (string.IsNullOrEmpty(text))
{
throw new NATSException("Credentials file is empty");
}
// if it's a nk file, it only has the nkey
if (text.StartsWith("SU"))
{
kp = Nkeys.FromSeed(text);
return(kp);
}
// otherwise assume it's a creds file.
reader = new StringReader(text);
for (line = reader.ReadLine(); line != null; line = reader.ReadLine())
{
if (line.Contains("-----BEGIN USER NKEY SEED-----"))
{
seed = reader.ReadLine();
kp = Nkeys.FromSeed(seed);
Nkeys.Wipe(seed);
}
Nkeys.Wipe(line);
}
if (kp == null)
{
throw new NATSException("Seed not found in credentials file.");
}
else
{
return(kp);
}
}
finally
{
Nkeys.Wipe(line);
Nkeys.Wipe(text);
Nkeys.Wipe(seed);
reader?.Dispose();
}
}
/// <summary>
/// Returns a seed's public key.
/// </summary>
/// <param name="seed"></param>
/// <returns>A the public key corresponding to Seed</returns>
public static string PublicKeyFromSeed(string seed)
{
byte[] s = Nkeys.Decode(seed);
if ((s[0] & (31 << 3)) != PrefixByteSeed)
{
throw new NATSException("Not a seed");
}
// reconstruct prefix byte
byte prefixByte = (byte)((s[0] & 7) << 5 | ((s[1] >> 3) & 31));
byte[] pubKey = Ed25519.PublicKeyFromSeed(DecodeSeed(s));
return(Encode(prefixByte, false, pubKey));
}
internal static byte[] DecodeSeed(string src)
{
return(DecodeSeed(Nkeys.Decode(src)));
}
/// <summary>
/// Wipes clean the internal private keys.
/// </summary>
public void Wipe()
{
Nkeys.Wipe(ref seed);
Nkeys.Wipe(ref expandedPrivateKey);
}
private static byte[] DecodeSeed(string src)
{
return(DecodeSeed(Nkeys.Decode(src)));
}