当前位置: 移动技术网 > IT编程>开发语言>.net > IdentityServer4客户端JWT解密实现(基于.net4.0)

IdentityServer4客户端JWT解密实现(基于.net4.0)

2018年09月23日  | 移动技术网IT编程  | 我要评论

鱼台天气,人流没流干净的症状,一级建造师挂靠

情景:公司项目基于.net4.0,web客户端实现单点登录需要自己解密id_token,对于jwt解密,.net提供了identitymodel类库,但是4.0中该类库不可用,所以自己实现了解密方法..

使用了类库:https://github.com/jwt-dotnet/jwt

下面直接贴代码,直接调用decodejwt方法就行,参数为id_token,key默认为空字符串"",

        
         
         public static idictionary<string, object> decodejwt(string jwttoken,string key)
        {

            //从/.well-known/openid-configuration路径获取jwks_uri
            var webclient = new webclient();

            var endpoint = "http://localhost:5000/.well-known/openid-configuration";

            var json = webclient.downloadstring(endpoint);

            jobject metadata = jsonconvert.deserializeobject<jobject>(json);

            var jwksuri = metadata["jwks_uri"].tostring();

            //从jwks_uri获取keys
            json = webclient.downloadstring(jwksuri);

            var keys = jsonconvert.deserializeobject<customjwks>(json);


            //从jwt获取头部kid,并从keys中找到匹配kid的key
            string[] tokenparts = jwttoken.split('.');
            byte[] bytes = frombase64url(tokenparts[0]);
            string head= encoding.utf8.getstring(bytes);
            string kid = jsonconvert.deserializeobject<jobject>(head)["kid"].tostring();

            var defaultkey=keys.keys.where(t => t.kid == kid).firstordefault();

            if(defaultkey==null)
            {
                throw new exception("未找到匹配的kid");
            }

            //jwt解密
            return rs256decode(jwttoken, key, defaultkey.e, defaultkey.n);
        }


         public static idictionary<string, object> rs256decode(string token, string secret, string exponent,string modulus)
        {
            try
            {
                ijsonserializer serializer = new jsonnetserializer();
                idatetimeprovider provider = new utcdatetimeprovider();
                ijwtvalidator validator = new jwtvalidator(serializer, provider);
                ibase64urlencoder urlencoder = new jwtbase64urlencoder();
                rsalgorithmfactory rs256algorithm = new rsalgorithmfactory(() =>
                {
                    rsacryptoserviceprovider rsa = new rsacryptoserviceprovider();
                    rsa.importparameters(
                      new rsaparameters()
                      {
                          modulus = frombase64url(modulus),
                          exponent = frombase64url(exponent)
                      });


                    byte[] rsabytes = rsa.exportcspblob(true);

                    x509certificate2 cert = new x509certificate2(rsabytes);
                    return cert;
                });

                ijwtdecoder decoder = new jwtdecoder(serializer, validator, urlencoder, rs256algorithm);
                var json = decoder.decodetoobject(token, secret, verify: false);
                return json;
            }
            catch (tokenexpiredexception)
            {
                throw new exception("token已过期");
                //console.writeline("token has expired");
                //return null;
            }
            catch (signatureverificationexception)
            {
                throw new exception("token验证失败");
                //console.writeline("token has invalid signature");
                //return null;
            }
        }


        public static byte[] frombase64url(string base64url)
        {
            string padded = base64url.length % 4 == 0
                ? base64url : base64url + "====".substring(base64url.length % 4);
            string base64 = padded.replace("_", "/")
                                  .replace("-", "+");
            return convert.frombase64string(base64);
        }

 

您可能感兴趣的文章:

如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网