时间戳

首页 > 解决方案 > 在 C# 中如何使用用 ECDSA 私钥签名的 ECDSA 公钥验证 JWT

c# - 在 C# 中如何使用用 ECDSA 私钥签名的 ECDSA 公钥验证 JWT

问题描述

我想验证通过 ECDSA SHA256 算法签名的 jwt。我使用的点网库是 System.IdentityModel.Tokens.Jwt 。我可以访问公钥。

标签: c#validationjwtecdsa

解决方案

// using System.Security.Cryptography;
// using System.Text.RegularExpressions;
// using Microsoft.IdentityModel.Tokens;

// `openssl ecparam -name prime256v1 -genkey -noout -out es256-private.pem`
// `openssl ec -in es256-private.pem -pubout -out es256-public.pem`
const string es256PublicKey = @"-----BEGIN PUBLIC KEY-----
  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWWNSXIcIZ7iKiSnNVOzzkZEEpDvf
  sPux0GlqPl1aamHIiZgj364xcIrmaazMb1dsZaNBGLyvyJk0xRKk7BSSrg==
  -----END PUBLIC KEY-----";

// Remove all whitespace and also remove '-----XXX YYY-----'
// '\s+' Matches one or more whitespace characters
// '|' Is a logical OR operator
// '(?:        )' Is a non-capturing group
// '-+[^-]+-+' Matches one or more hyphens, followed by one or more non-hyphens, followed by one or more hyphens
var pemData = Regex.Replace(es256PublicKey, @"\s+|(?:-+[^-]+-+)", string.Empty);

var keyBytes = Convert.FromBase64String(keyData);

// Example of DER encoded P-256 curve at https://tools.ietf.org/html/rfc5759
var pointBytes = keyBytes.TakeLast(64);
var pubKeyX = pointBytes.Take(32).ToArray();
var pubKeyY = pointBytes.TakeLast(32).ToArray();

var ecdsa = ECDsa.Create(new ECParameters
  {
    Curve = ECCurve.NamedCurves.nistP256,
    Q = new ECPoint
    {
      X = pubKeyX,
      Y = pubKeyY
    }
  });

var tokenValidationParameters = new TokenValidationParameters
  {
    IssuerSigningKey = new ECDsaSecurityKey(ECDsaPublic.Value),
    ValidAlgorithms = new[]
    {
      @"ES256"
    }
  };

// https://stackoverflow.com/a/39974628/414655
var handler = new JwtSecurityTokenHandler();
var claimsPrincipal = handler.ValidateToken(jwt, tokenValidationParameters, out SecurityToken securityToken);

推荐阅读