Merge pull request #1056 from GekySan/master

openbullet · web-flow · commit a0ae36b4165b · 2024-07-11T00:48:08.000+02:00
Implemented RSA signing for JWT
diff --git a/RuriLib/Blocks/Functions/Crypto/Methods.cs b/RuriLib/Blocks/Functions/Crypto/Methods.cs
@@ -217,7 +217,7 @@ public static string AESDecryptString(BotData data, byte[] cipherText, byte[] ke
         }
 
         [Block("Generates a JSON Web Token using a secret key, payload, optional extra headers and specified algorithm type",
-            name = "JWT Encode", extraInfo = "The header already contains the selected algorithm and token type (JWT) by default")]
+            name = "JWT Encode", extraInfo = "The header already contains the selected algorithm and token type (JWT) by default. For JWTs using asymmetric key signatures, the secret must be provided in PEM format.")]
         public static string JwtEncode(BotData data, JwtAlgorithmName algorithm, string secret, string extraHeaders = "{}", string payload = "{}")
         {
             var extraHeadersDictionary = JsonConvert.DeserializeObject<Dictionary<string, object>>(extraHeaders);
diff --git a/RuriLib/Functions/Crypto/Crypto.cs b/RuriLib/Functions/Crypto/Crypto.cs
@@ -626,19 +626,65 @@ private static byte[] PerformCryptography(byte[] data, ICryptoTransform cryptoTr
         #region JWT
         public static string JwtEncode(JwtAlgorithmName algorithmName, string secret, IDictionary<string, object> extraHeaders, IDictionary<string, object> payload)
         {
-            IJwtAlgorithm algorithm = algorithmName switch
+            IJwtAlgorithm algorithm = null;
+            RSA rsa = null;
+            try
             {
-                JwtAlgorithmName.HS256 => new HMACSHA256Algorithm(),
-                JwtAlgorithmName.HS384 => new HMACSHA384Algorithm(),
-                JwtAlgorithmName.HS512 => new HMACSHA512Algorithm(),
-                _ => throw new NotSupportedException("This algorithm is not supported at the moment")
-            };
-
-            var jsonSerializer = new JsonNetSerializer();
-            var urlEncoder = new JwtBase64UrlEncoder();
-            var jwtEncoder = new JwtEncoder(algorithm, jsonSerializer, urlEncoder);
-
-            return jwtEncoder.Encode(extraHeaders, payload, secret);
+                switch (algorithmName)
+                {
+                    case JwtAlgorithmName.HS256:
+                        algorithm = new HMACSHA256Algorithm();
+                        break;
+                    case JwtAlgorithmName.HS384:
+                        algorithm = new HMACSHA384Algorithm();
+                        break;
+                    case JwtAlgorithmName.HS512:
+                        algorithm = new HMACSHA512Algorithm();
+                        break;
+                    case JwtAlgorithmName.RS256:
+                        rsa = RSA.Create();
+                        rsa.ImportFromPem(secret.ToCharArray());
+                        algorithm = new RS256Algorithm(rsa, rsa);
+                        break;
+                    case JwtAlgorithmName.RS384:
+                        rsa = RSA.Create();
+                        rsa.ImportFromPem(secret.ToCharArray());
+                        algorithm = new RS384Algorithm(rsa, rsa);
+                        break;
+                    case JwtAlgorithmName.RS512:
+                        rsa = RSA.Create();
+                        rsa.ImportFromPem(secret.ToCharArray());
+                        algorithm = new RS512Algorithm(rsa, rsa);
+                        break;
+                    case JwtAlgorithmName.RS1024:
+                        rsa = RSA.Create();
+                        rsa.ImportFromPem(secret.ToCharArray());
+                        algorithm = new RS1024Algorithm(rsa, rsa);
+                        break;
+                    case JwtAlgorithmName.RS2048:
+                        rsa = RSA.Create();
+                        rsa.ImportFromPem(secret.ToCharArray());
+                        algorithm = new RS2048Algorithm(rsa, rsa);
+                        break;
+                    case JwtAlgorithmName.RS4096:
+                        rsa = RSA.Create();
+                        rsa.ImportFromPem(secret.ToCharArray());
+                        algorithm = new RS4096Algorithm(rsa, rsa);
+                        break;
+                    default:
+                        throw new NotSupportedException("This algorithm is not supported at the moment");
+                }
+            
+                var jsonSerializer = new JsonNetSerializer();
+                var urlEncoder = new JwtBase64UrlEncoder();
+                var jwtEncoder = new JwtEncoder(algorithm, jsonSerializer, urlEncoder);
+            
+                return jwtEncoder.Encode(extraHeaders, payload, secret);
+            }
+            finally
+            {
+                rsa?.Dispose();
+            }
         }
         #endregion
 

Original file line number	Diff line number	Diff line change
`@@ -217,7 +217,7 @@ public static string AESDecryptString(BotData data, byte[] cipherText, byte[] ke`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`[Block("Generates a JSON Web Token using a secret key, payload, optional extra headers and specified algorithm type",`
`220`		`- name = "JWT Encode", extraInfo = "The header already contains the selected algorithm and token type (JWT) by default")]`
	`220`	`+ name = "JWT Encode", extraInfo = "The header already contains the selected algorithm and token type (JWT) by default. For JWTs using asymmetric key signatures, the secret must be provided in PEM format.")]`
`221`	`221`	`public static string JwtEncode(BotData data, JwtAlgorithmName algorithm, string secret, string extraHeaders = "{}", string payload = "{}")`
`222`	`222`	`{`
`223`	`223`	`var extraHeadersDictionary = JsonConvert.DeserializeObject<Dictionary<string, object>>(extraHeaders);`