Created
January 5, 2022 20:17
-
-
Save Marusyk/f11aa36652e535f2feef05d502ccda21 to your computer and use it in GitHub Desktop.
Decrypt JWE with X.509 private key
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private static X509Certificate2 LoadCertificate(string certName) | |
| { | |
| using var store = new X509Store(StoreLocation.CurrentUser); | |
| store.Open(OpenFlags.ReadOnly); | |
| var certificateCollection = store.Certificates.Find(X509FindType.FindBySubjectName, certName, false); | |
| if (certificateCollection.Count == 0) | |
| { | |
| throw new Exception($"No matching certificate found for subject '{deviceName}'"); | |
| } | |
| return certificateCollection[0]; | |
| } | |
| IdentityModelEventSource.ShowPII = true; | |
| var cer = LoadCertificate("d728a77360d4bef1"); | |
| string token = "eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2Etb2FlcCIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJfcXBWWnRGTnJEaHJmRmxXLWg3OHBlbG5heVkiLCJ0eXAiOiJKV1QifQ.PaCmW-wYbT1_prWnsAGxGle95hJmQgPaZfth_HZxkUAhBAq454UZfDkS1pJwa7hzGEiW9_tol1PT3Zuyf-OD69o84hbVEffE2voobCjY78S5MqZbiSHAaro8liBm-_Y1coCI8Kk_V7vSBiZSp-rv3DSFJT2y6VJkIggZCbQaGULYGPqt1NJCr82tck0XfKxokG4hdUDw9xsbaHgRARSYH_E_9kTw1rIJYpU_wrvGMVOKBnAwDJLThdmSg2sNcnS6_VeNk8vBxvKZbYNxsP3o3TWFCN-cwHlK7Y5Rd2o-iKP38-yxn6sLpqFNtE4EMx4Nt6C4QGL9CfGT0aOeSAhFZA.ntkLXtgYU9s_eNEWFMH8DA.S27KLbz2pz-jPRHLch-wPzw-dqbpig00tHCC79AlrLlLg_zJccEg0f5YKCBKG_cCj1evbFQa8-sMGgZv7yC_32NppaSNYi5OjtWgLgvjBXK6p1dTthNfByC6K7GcFLgYVbHpOuKs-jPV6xSHOnVUy0vuOyotrEoYx3aeB9LXzF1_v6LG6Cvo7QJ43X7qoVjFBQxS00mGPMv9Zpda8QdQ_s7t7Th3CjfePbnwYYTbKPDJpNIFnGBcGPei-z3FPd_RrtnFTBZUWRj33OAMKv1AaoBujB-N6AmroHuDEyTFCsHb7y9Sqw6Jfty2hp3MCTpoPdNZj5wqY-BMwuZLGwJkOmiNaiKg-qoTdCLnLbBkbJg8G_N4G7SBR_VBDtw3W0AVoz1J8q4jyqSBfKMsyT0-dVhtKAgZATj7fwvz43EL5RctbWoUWPb0dCIItJkq7qX1me1BI66BZvNPB8qc09kWmPiAeNBPsMd5rdd3ZoP6X_zNPYMVSPNcAZOOTG3R_Bqk-t94-29NFzMd_dYmC0w18b2E2N2Wj0M4R5o49zbHZqFj7Lid_Ond5ZX124PUtUH1eWEloXkFQc0xAK-LFYdpncVrNfLNYMb6hixgVzsSluYQ6-EoGgMEcAYAJnkRhspEcRKZhc3F_BeUU9dIADc6tN3vOBs4o7wyRo-k96vw4vrgRKaA7NbONM3FqGtB19c97Jo32Rjk567lD-Ulb2qJDC65349o5TMibPWfrvEmh4zOjsJGHzow1WHBtWlLjj5z8XKfyjOF4SNZKW6UPWD79j2kVDSzx7tpPZwbRpuF0EX6jJUDd7c7demTjCCst1QJ5Kxxd3O2iz0oXmNE5Q7MjFAK_r7-oGU9EWstOqjuu-4.zaC1cI-5rO_rYD4WObtdhQ"; | |
| var handler = new JwtSecurityTokenHandler(); | |
| var claimsPrincipal = handler.ValidateToken( | |
| token, | |
| new TokenValidationParameters | |
| { | |
| ValidateIssuer = false, | |
| ValidateAudience = false, | |
| ValidateActor = false, | |
| ValidateIssuerSigningKey = false, | |
| RequireSignedTokens = false, | |
| RequireAudience = false, | |
| ValidIssuer = "client-identity-dev", | |
| TokenDecryptionKey = new X509SecurityKey(cer), | |
| SignatureValidator = delegate(string token, TokenValidationParameters parameters) | |
| { | |
| return new JwtSecurityToken(token); | |
| }, | |
| //TokenDecryptionKey = new RsaSecurityKey(cer.GetRSAPrivateKey().ExportParameters(false)) | |
| }, | |
| out SecurityToken securityToken); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment