public string CreateLoginJWT(LoginUsr usr, int defCompanyId, int defProjectId, byte defSystemId, UsrCurr curr, UsrImpr impr, string resources, int validSeconds, string guidHandle) { Func <byte[], string> base64UrlEncode = (c) => Convert.ToBase64String(c).TrimEnd(new char[] { '=' }).Replace('_', '/').Replace('-', '+'); var utc0 = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc); var issueTime = DateTime.Now.ToUniversalTime(); var iat = (int)issueTime.Subtract(utc0).TotalSeconds; var exp = (int)issueTime.AddSeconds(validSeconds).Subtract(utc0).TotalSeconds; // Expiration time is up to 1 hour, but lets play on safe side var encryptionKey = GetSessionEncryptionKey(iat.ToString(), usr.UsrId.ToString()); var signingKey = GetSessionSigningKey(iat.ToString(), usr.UsrId.ToString()); RintagiLoginJWT token = new RintagiLoginJWT() { iat = iat, exp = exp, nbf = iat, loginToken = CreateEncryptedLoginToken(usr, defCompanyId, defProjectId, defSystemId, curr, impr, resources, encryptionKey), loginId = usr.UsrId.ToString(), handle = guidHandle }; string payLoad = Newtonsoft.Json.JsonConvert.SerializeObject(token); string header = "{\"typ\":\"JWT\",\"alg\":\"HS256\"}"; HMACSHA256 hmac = new HMACSHA256(System.Text.UTF8Encoding.UTF8.GetBytes(signingKey)); string content = base64UrlEncode(System.Text.UTF8Encoding.UTF8.GetBytes(header)) + "." + base64UrlEncode(System.Text.UTF8Encoding.UTF8.GetBytes(payLoad)); byte[] hash = hmac.ComputeHash(System.Text.UTF8Encoding.UTF8.GetBytes(content)); return(content + "." + base64UrlEncode(hash)); }
public RintagiLoginJWT GetLoginUsrInfo(string jwt) { string[] x = (jwt ?? "").Split(new char[] { '.' }); Func <string, byte[]> base64UrlDecode = s => Convert.FromBase64String(s.Replace('-', '+').Replace('_', '/') + (s.Length % 4 > 1 ? new string('=', 4 - s.Length % 4) : "")); if (x.Length >= 3) { try { Dictionary <string, string> header = Newtonsoft.Json.JsonConvert.DeserializeObject <Dictionary <string, string> >(System.Text.UTF8Encoding.UTF8.GetString(base64UrlDecode(x[0]))); try { RintagiLoginJWT loginJWT = Newtonsoft.Json.JsonConvert.DeserializeObject <RintagiLoginJWT>(System.Text.UTF8Encoding.UTF8.GetString(base64UrlDecode(x[1]))); string signingKey = GetSessionSigningKey(loginJWT.iat.ToString(), loginJWT.loginId.ToString()); bool valid = header["typ"] == "JWT" && header["alg"] == "HS256" && VerifyHS256JWT(x[0], x[1], x[2], signingKey); if (valid) { return(loginJWT); } else { return(null); } } catch { return(null); } } catch { return(null); } } else { return(null); } }