using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Signers;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
using System.Text;
using System.Text.RegularExpressions;
namespace SpaceNation.Game.Common.Jwt
{
/// <summary>
/// jwt Ed25519验证
/// 具体程序使用这个验证
/// </summary>
public class JwtEd25519Verifier
{
/// <summary>
/// 公钥key
/// </summary>
private static string sPublicKeyString =
@"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAr6Jb/03OVQNE2Mqq/kZVTPSQhPEst+qYbJpMgAQUwoA=
-----END PUBLIC KEY-----
";
#region 方法一
public static bool VerifyJwtSignature(string jwt)
{
PemReader pemReader = new PemReader(new StringReader(sPublicKeyString));
Ed25519PublicKeyParameters publicKeyParameters = (Ed25519PublicKeyParameters)pemReader.ReadObject();
ISigner verifier = new Ed25519Signer();
verifier.Init(false, publicKeyParameters);
var parts = jwt.Split('.');
string encodedHeader = parts[0];
string encodedPayload = parts[1];
string encodedSignature = parts[2];
byte[] headerBytes = Base64UrlDecode(encodedHeader);
byte[] payloadBytes = Base64UrlDecode(encodedPayload);
byte[] signatureBytes = Base64UrlDecode(encodedSignature);
byte[] data = Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload);
verifier.BlockUpdate(data, 0, data.Length);
bool isValidSignature = verifier.VerifySignature(signatureBytes);
return isValidSignature;
}
private static byte[] Base64UrlDecode(string input)
{
string base64 = input.Replace('-', '+').Replace('_', '/');
while (base64.Length % 4 != 0)
{
base64 += '=';
}
return Convert.FromBase64String(base64);
}
#endregion
#region 方法二
private static string ClearStr2(string str)
{
// string base64PublicKey = Regex.Match(publicKey, @"-----BEGIN PUBLIC KEY-----(.*?)-----END PUBLIC KEY-----", RegexOptions.Singleline)?.Groups[1].Value.Trim();
string base64PublicKey = str.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "").Replace("\r", "").Replace("\n", "").Trim();
return base64PublicKey;
}
private static byte[] Base64UrlDecode4(string input)
{
string base64 = input.Replace("\n", "").Replace("\r", "").Replace('-', '+').Replace('_', '/');
while (base64.Length % 4 != 0)
{
base64 += '=';
}
return Convert.FromBase64String(base64);
}
public static bool VerifyJwtSignature22(string jwt)
{
try
{
var publicKeyBytes = Convert.FromBase64String(ClearStr2(sPublicKeyString));
var parts = jwt.Split('.');
string encodedHeader = ClearStr2(parts[0]);
string encodedPayload = ClearStr2(parts[1]);
byte[] signature = Base64UrlDecode4(parts[2]);
byte[] data = Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload);
var publicKeyParams = new Ed25519PublicKeyParameters(publicKeyBytes, 0);
var verifier = new Ed25519Signer();
verifier.Init(false, publicKeyParams);
verifier.BlockUpdate(data, 0, data.Length);
return verifier.VerifySignature(signature);
}
catch (Exception ex)
{
return false;
}
}
private static string ClearStr(string str)
{
string base64PublicKey = Regex.Match(sPublicKeyString, @"-----BEGIN PUBLIC KEY-----(.*?)-----END PUBLIC KEY-----", RegexOptions.Singleline)?.Groups[1].Value.Trim();
base64PublicKey = base64PublicKey.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "").Replace("\r", "").Replace("\n", "").Trim();
return base64PublicKey;
}
public static bool IsVerfier(string jwt)
{
//string cleanedJwt = ExtractPublicKey(jwt); // 清理 JWT 字符串
//string publicKeyString = ExtractPublicKey(sPublicKeyString); // 提取公钥字符串
//byte[] publicKeyBytes = Encoding.UTF8.GetBytes(publicKeyString); // 使用公钥字符串转换为字节数组
//var verifier = new JwtEd25519Verifier();
//bool isValidSignature = verifier.VerifyJwtSignature(cleanedJwt, publicKeyBytes);
PemReader pemReaderPublic = new PemReader(new StringReader(sPublicKeyString));
Ed25519PublicKeyParameters ed25519x509Parameters = (Ed25519PublicKeyParameters)pemReaderPublic.ReadObject();
ISigner verifier = new Ed25519Signer();
verifier.Init(false, ed25519x509Parameters);
var parts = jwt.Split('.');
string encodedHeader = parts[0];
string encodedPayload = parts[1];
byte[] signature = Encoding.UTF8.GetBytes(parts[2]);
byte[] data = Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload);
verifier.BlockUpdate(data, 0, data.Length);
//verifier.BlockUpdate(dataToSign, 0, dataToSign.Length);
bool isValidSignature = verifier.VerifySignature(signature);
return isValidSignature;
}
private static string ExtractPublicKey(string publicKeyString)
{
string trimmedKey = publicKeyString
.Replace("-----BEGIN PUBLIC KEY-----", "")
.Replace("-----END PUBLIC KEY-----", "")
.Replace("\n", "")
.Replace("\r", "")
.Replace(" ", "").Trim();
return trimmedKey;
}
/// <summary>
/// 验证调用方法
/// 调用主函数
/// </summary>
/// <param name="jwt"></param>
/// <returns></returns>
//public static bool IsVerfier(string jwt)
//{
// string cleanedJwt = ClearStr(jwt); // 清理 JWT 字符串
// byte[] publicKeyBytes = Convert.FromBase64String(sPublicKeyString); // 使用公钥字符串转换为字节数组
// var verifier = new JwtEd25519Verifier();
// bool isValidSignature = verifier.VerifyJwtSignature(cleanedJwt, publicKeyBytes);
// return isValidSignature;
//}
#endregion
/// <summary>
/// 获取jwt重要信息
/// </summary>
/// <param name="jwt">jwt</param>
/// <returns></returns>
public static Dictionary<string, object> ParseJwtPayload(string jwt)
{
var parts = jwt.Split('.');
string encodedPayload = parts[1];
byte[] payloadBytes = Convert.FromBase64String(encodedPayload);
string payloadJson = Encoding.UTF8.GetString(payloadBytes);
return JsonUtility.DeserializeObject<Dictionary<string, object>>(payloadJson);
}
/// <summary>
/// 验证加解析
/// 解析jwt
/// </summary>
/// <param name="jwt">jwt</param>
/// <returns></returns>
public static bool GetTryVerfierPayload(string jwt, out Dictionary<string, object>? payload)
{
bool isValidSignature = IsVerfier(jwt);
if (isValidSignature)
{
payload = ParseJwtPayload(jwt);
return true;
}
else
{
payload = null;
return false;
}
}
}
/// <summary>
/// Ed25519 验证
///
/// 测试而已
/// </summary>
public class Ed25519222
{
public void Example()
{
// 生成密钥对
var keyPair = GenerateKeyPair();
// 要签名的数据
byte[] data = Encoding.UTF8.GetBytes("Hello, World!");
// 使用私钥进行签名
byte[] signature = SignData(data, keyPair.Private);
// 使用公钥验证签名
bool isValid = VerifySignature(data, signature, keyPair.Public);
}
private static AsymmetricCipherKeyPair GenerateKeyPair()
{
var keyPairGenerator = new Ed25519KeyPairGenerator();
keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom()));
return keyPairGenerator.GenerateKeyPair();
}
private static byte[] SignData(byte[] data, AsymmetricKeyParameter privateKey)
{
var signer = new Ed25519Signer();
signer.Init(true, privateKey);
signer.BlockUpdate(data, 0, data.Length);
return signer.GenerateSignature();
}
private static bool VerifySignature(byte[] data, byte[] signature, AsymmetricKeyParameter publicKey)
{
var verifier = new Ed25519Signer();
verifier.Init(false, publicKey);
verifier.BlockUpdate(data, 0, data.Length);
return verifier.VerifySignature(signature);
}
}
public static class JwtUtil
{
private static string publicKey = @"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAr6Jb/03OVQNE2Mqq/kZVTPSQhPEst+qYbJpMgAQUwoA=
-----END PUBLIC KEY-----";
public static bool VerifyJwtSignature(string jwt)
{
try
{
var parts = jwt.Split('.');
if (parts.Length != 3)
{
// Invalid JWT format
return false;
}
string encodedHeader = parts[0];
string encodedPayload = parts[1];
byte[] signature = Base64UrlDecode(parts[2]);
string decodedHeader = Encoding.UTF8.GetString(Base64UrlDecode(encodedHeader));
string decodedPayload = Encoding.UTF8.GetString(Base64UrlDecode(encodedPayload));
using (TextReader reader = new StringReader(publicKey))
{
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadObject();
var publicKeyParams = (Ed25519PublicKeyParameters)pemObject;
var verifier = new Ed25519Signer();
verifier.Init(false, publicKeyParams);
verifier.BlockUpdate(Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload), 0, encodedHeader.Length + encodedPayload.Length);
bool isValidSignature = verifier.VerifySignature(signature);
return isValidSignature;
}
}
catch (Exception)
{
return false;
}
}
private static byte[] Base64UrlDecode(string input)
{
string base64 = input.Replace("\n", "").Replace("\r", "").Replace('-', '+').Replace('_', '/');
while (base64.Length % 4 != 0)
{
base64 += '=';
}
return Convert.FromBase64String(base64);
}
public static bool isyq(string jwt)
{
string ed25519x509 = @"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEA3mcwgf2DrWLR3mQ6l2d59bGU6qUStwQrln2+rKlKxoA=
-----END PUBLIC KEY-----";
var parts = jwt.Split('.');
if (parts.Length != 3)
{
// Invalid JWT format
return false;
}
string encodedHeader = parts[0];
string encodedPayload = parts[1];
byte[] signature = Base64UrlDecode(parts[2]);
var dataToSign = Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload);
using (TextReader reader = new StringReader(ed25519x509))
{
PemReader pemReaderPublic = new PemReader(reader);
Ed25519PublicKeyParameters ed25519x509Parameters = (Ed25519PublicKeyParameters)pemReaderPublic.ReadObject();
// Verify
ISigner verifier = new Ed25519Signer();
verifier.Init(false, ed25519x509Parameters);
verifier.BlockUpdate(dataToSign, 0, dataToSign.Length);
bool verified = verifier.VerifySignature(signature);
return verified;
}
}
}
public static class JwtUtil2
{
private static string publicKey = @"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAr6Jb/03OVQNE2Mqq/kZVTPSQhPEst+qYbJpMgAQUwoA=
-----END PUBLIC KEY-----";
public static bool VerifyJwtSignature(string jwt)
{
try
{
var parts = jwt.Split('.');
if (parts.Length != 3)
{
// Invalid JWT format
return false;
}
string encodedHeader = parts[0];
string encodedPayload = parts[1];
byte[] signature = Base64UrlDecode2(parts[2]);
string decodedHeader = Encoding.UTF8.GetString(Base64UrlDecode2(encodedHeader));
string decodedPayload = Encoding.UTF8.GetString(Base64UrlDecode2(encodedPayload));
using (TextReader reader = new StringReader(publicKey))
{
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadObject();
var publicKeyParams = (Ed25519PublicKeyParameters)pemObject;
var verifier = new Ed25519Signer();
verifier.Init(false, publicKeyParams);
verifier.BlockUpdate(Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload), 0, encodedHeader.Length + encodedPayload.Length);
bool isValidSignature = verifier.VerifySignature(signature);
return isValidSignature;
}
}
catch (Exception)
{
return false;
}
}
private static byte[] Base64UrlDecode2(string input)
{
string base64 = input.Replace("\n", "").Replace("\r", "").Replace('-', '+').Replace('_', '/');
while (base64.Length % 4 != 0)
{
base64 += '=';
}
return Convert.FromBase64String(base64);
}
}
public static class JwtUtil3
{
private static string publicKey = @"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAr6Jb/03OVQNE2Mqq/kZVTPSQhPEst+qYbJpMgAQUwoA=
-----END PUBLIC KEY-----";
public static bool VerifyJwtSignature3(string jwt)
{
try
{
var parts = jwt.Split('.');
if (parts.Length != 3)
{
// Invalid JWT format
return false;
}
string encodedHeader = parts[0];
string encodedPayload = parts[1];
byte[] signature = Base64UrlDecode3(parts[2]);
string decodedHeader = Encoding.UTF8.GetString(Base64UrlDecode3(encodedHeader));
string decodedPayload = Encoding.UTF8.GetString(Base64UrlDecode3(encodedPayload));
using (TextReader reader = new StringReader(publicKey))
{
var pemReader = new PemReader(reader);
var pemObject = pemReader.ReadObject();
var publicKeyParams = (Ed25519PublicKeyParameters)pemObject;
var verifier = new Ed25519Signer();
verifier.Init(false, publicKeyParams);
verifier.BlockUpdate(Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload), 0, encodedHeader.Length + encodedPayload.Length);
bool isValidSignature = verifier.VerifySignature(signature);
return isValidSignature;
}
}
catch (Exception)
{
return false;
}
}
private static byte[] Base64UrlDecode3(string input)
{
string base64 = input.Replace("\n", "").Replace("\r", "").Replace('-', '+').Replace('_', '/');
while (base64.Length % 4 != 0)
{
base64 += '=';
}
return Convert.FromBase64String(base64);
}
}
public class wooEd255190
{
private static string publicKey = @"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAr6Jb/03OVQNE2Mqq/kZVTPSQhPEst+qYbJpMgAQUwoA=
-----END PUBLIC KEY-----";
public static bool checkv(string jwt)
{
var parts = jwt.Split('.');
if (parts.Length != 3)
{
// Invalid JWT format
return false;
}
byte[] publicKeyarr = Convert.FromBase64String(publicKey);
string encodedHeader = parts[0];
string encodedPayload = parts[1];
//byte[] signature = Base64UrlDecode3(parts[2]);
byte[] signature = Encoding.UTF8.GetBytes(parts[2]);
string decodedHeader = Encoding.UTF8.GetString(Base64UrlDecode4(encodedHeader));
string decodedPayload = Encoding.UTF8.GetString(Base64UrlDecode4(encodedPayload));
var message = Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload);
ISigner verifier = SignerUtilities.GetSigner("ED25519");
//verifier.Init(false, publicKeyarr);
verifier.BlockUpdate(message, 0, message.Length);
bool isValid = verifier.VerifySignature(signature);
return isValid;
}
private static byte[] Base64UrlDecode4(string input)
{
string base64 = input.Replace("\n", "").Replace("\r", "").Replace('-', '+').Replace('_', '/');
while (base64.Length % 4 != 0)
{
base64 += '=';
}
return Convert.FromBase64String(base64);
}
private static string ClearStr2()
{
string base64PublicKey = Regex.Match(publicKey, @"-----BEGIN PUBLIC KEY-----(.*?)-----END PUBLIC KEY-----", RegexOptions.Singleline)?.Groups[1].Value.Trim();
base64PublicKey = base64PublicKey.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "").Replace("\r", "").Replace("\n", "").Trim();
return base64PublicKey;
}
public static bool testval(string jwt)
{
var parts = jwt.Split('.');
if (parts.Length != 3)
{
// Invalid JWT format
return false;
}
string encodedHeader = parts[0];
string encodedPayload = parts[1];
byte[] publicKeya = Base64UrlDecode4(ClearStr2()); // 替换为实际的公钥字节数组
//byte[] message = Encoding.UTF8.GetBytes("Hello, World!");
string decodedHeader = Encoding.UTF8.GetString(Base64UrlDecode4(encodedHeader));
string decodedPayload = Encoding.UTF8.GetString(Base64UrlDecode4(encodedPayload));
var message = Encoding.UTF8.GetBytes(encodedHeader + "." + encodedPayload);
byte[] signature = Base64UrlDecode4(parts[2]);
bool isValid = Ed25519.Signer.Validate(signature, message, publicKeya);
return isValid;
}
}
public class TestYq
{
public static void TestVail()
{
// string ed25519pkcs8 = @"-----BEGIN PRIVATE KEY-----
// MC4CAQAwBQYDK2VwBCIEIAYIsKL0xkTkAXDhUN6eDheqODEOGyFZ04jsgFNCFxZf
// -----END PRIVATE KEY-----";
string ed25519pkcs8 = @"-----BEGIN PRIVATE KEY-----
MC4CAQAwBLsSAl9Pxjj/IiYCG0
-----END PRIVATE KEY-----";
PemReader pemReaderPrivate = new PemReader(new StringReader(ed25519pkcs8));
Ed25519PrivateKeyParameters ed25519pkcs8Parameters = (Ed25519PrivateKeyParameters)pemReaderPrivate.ReadObject();
string str = """
{
"alg": "HS256",
"typ": "JWT"
}
""";
string data = """
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
""";
var data1 = Convert.ToBase64String(Encoding.UTF8.GetBytes(str));
var data2 = Convert.ToBase64String(Encoding.UTF8.GetBytes(data));
// Sign
byte[] dataToSign = Encoding.UTF8.GetBytes(data1 + "." + data2);
ISigner signer = new Ed25519Signer();
signer.Init(true, ed25519pkcs8Parameters);
signer.BlockUpdate(dataToSign, 0, dataToSign.Length);
byte[] signature = signer.GenerateSignature();
Console.WriteLine("Signature: " + Convert.ToBase64String(signature));
string strdata = @"eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJvaWQiOiJTTk84MzEzNTAxNjAxMjgwNSIsInRpZCI6NjIxMzU0MzY4NDM1NiwiaWF0IjoxNjkzMzI4NjQwLCJleHAiOjE2OTM5MzM0NDB9.BhjEHzRHlWfXu_v2us08UGEjeYXpwUxIpFlnNkn1teohGboK5o5SsXHxjqtSckFS0OSQjMOX6HWFGeIFJ1ZCCw";
var parts = strdata.Split('.');
var sing = Encoding.UTF8.GetBytes(parts[2]);
//
// Verifying
//
// Import public key
//string ed25519x509 = @"-----BEGIN PUBLIC KEY-----
// MCowBQYDK2VwAyEA3mcwgf2DrWLR3mQ6l2d59bGU6qUStwQrln2+rKlKxoA=
// -----END PUBLIC KEY-----";
string ed25519x509 = @"-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAr6Jb/03OVQNE2Mqq/kwoA=
-----END PUBLIC KEY-----";
PemReader pemReaderPublic = new PemReader(new StringReader(ed25519x509));
Ed25519PublicKeyParameters ed25519x509Parameters = (Ed25519PublicKeyParameters)pemReaderPublic.ReadObject();
// Verify
ISigner verifier = new Ed25519Signer();
verifier.Init(false, ed25519x509Parameters);
verifier.BlockUpdate(dataToSign, 0, dataToSign.Length);
//bool verified = verifier.VerifySignature(signature);
bool verified = verifier.VerifySignature(sing);
Console.WriteLine("Verification: " + verified); // Verification: True
}
}
}
C# Org.BouncyCastle.Crypto 把jwt 加密
最新推荐文章于 2024-04-25 11:48:52 发布