Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C) Validate a Google ID TokenDemonstrates how to verify the signature of a Google id token.
#include <C_CkHttpW.h> #include <C_CkJsonObjectW.h> #include <C_CkStringBuilderW.h> #include <C_CkRsaW.h> #include <C_CkPublicKeyW.h> void ChilkatSample(void) { HCkHttpW http; const wchar_t *jwkStr; HCkJsonObjectW json; BOOL success; HCkJsonObjectW jsonToken; HCkStringBuilderW sbIdToken; const wchar_t *sig_b64Url; const wchar_t *headerPlusPayload; HCkRsaW rsa; int numKeys; int i; HCkJsonObjectW jsonKey; HCkPublicKeyW pubKey; BOOL bVerified; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. http = CkHttpW_Create(); // First get the public key we'll be needing.. jwkStr = CkHttpW_quickGetStr(http,L"https://www.googleapis.com/oauth2/v3/certs"); if (CkHttpW_getLastMethodSuccess(http) == FALSE) { wprintf(L"%s\n",CkHttpW_lastErrorText(http)); CkHttpW_Dispose(http); return; } // We have the following: // { // "keys": [ // { // "kid": "e8732db06287515556213b80acbcfd08cfb302a9", // "n": "4RIrO30287Wsq3gqXCMkUYMVAeI3H8...w2mbMNEBQ", // "kty": "RSA", // "e": "AQAB", // "alg": "RS256", // "use": "sig" // }, // { // "kid": "8462a71da4f6d611fc0fecf0fc4ba9c37d65e6cd", // "e": "AQAB", // "n": "xT_ngLZNmT5GBtJZeTB...Ft4gK0eoFi0d3l8bcw", // "alg": "RS256", // "use": "sig", // "kty": "RSA" // } // ] // } json = CkJsonObjectW_Create(); success = CkJsonObjectW_Load(json,jwkStr); // ------------------------------------------------- // Load the following.. // { // "access_token": "ya29.a0...0f", // "expires_in": 3599, // "scope": "openid https://www.googleapis.com/auth/userinfo.email", // "token_type": "Bearer", // "id_token": "eyJhb...o5nQ" // } jsonToken = CkJsonObjectW_Create(); success = CkJsonObjectW_LoadFile(jsonToken,L"qa_data/tokens/google_sample_id_token.json"); if (success == FALSE) { wprintf(L"Failed to load the JSON file...\n"); CkHttpW_Dispose(http); CkJsonObjectW_Dispose(json); CkJsonObjectW_Dispose(jsonToken); return; } // Get the id_token; sbIdToken = CkStringBuilderW_Create(); success = CkStringBuilderW_Append(sbIdToken,CkJsonObjectW_stringOf(jsonToken,L"id_token")); // Get the signature in base64url format. // The header + payload remains in sbIdToken. sig_b64Url = CkStringBuilderW_getAfterFinal(sbIdToken,L".",TRUE); headerPlusPayload = CkStringBuilderW_getAsString(sbIdToken); wprintf(L"%s\n",sig_b64Url); wprintf(L"%s\n",headerPlusPayload); // --------------------------------------------- // Try validating with each cert's public key. // Hopefully one will be the key that verifies. rsa = CkRsaW_Create(); CkRsaW_putEncodingMode(rsa,L"base64url"); numKeys = CkJsonObjectW_SizeOfArray(json,L"keys"); i = 0; while (i < numKeys) { CkJsonObjectW_putI(json,i); jsonKey = CkJsonObjectW_ObjectOf(json,L"keys[i]"); pubKey = CkPublicKeyW_Create(); success = CkPublicKeyW_LoadFromString(pubKey,CkJsonObjectW_emit(jsonKey)); if (success == FALSE) { wprintf(L"%s\n",CkPublicKeyW_lastErrorText(pubKey)); CkHttpW_Dispose(http); CkJsonObjectW_Dispose(json); CkJsonObjectW_Dispose(jsonToken); CkStringBuilderW_Dispose(sbIdToken); CkRsaW_Dispose(rsa); CkPublicKeyW_Dispose(pubKey); return; } wprintf(L"%d\n",i); wprintf(L"%s\n",CkPublicKeyW_getPem(pubKey,TRUE)); CkJsonObjectW_Dispose(jsonKey); success = CkRsaW_ImportPublicKeyObj(rsa,pubKey); bVerified = CkRsaW_VerifyStringENC(rsa,headerPlusPayload,L"sha256",sig_b64Url); wprintf(L"bVerified = %d\n",bVerified); i = i + 1; } // The output is: // 0 // -----BEGIN RSA PUBLIC KEY----- // MIIBCgKCAQEA4RIrO30287Wsq3gqXCMkUYMVAeI3H8LVE6IXR1krdFeGnZLiGUPw // cbkeVpXf3lmJdsStOg+jijces2DZCfPyIBiQuLYfxxmAZE6ErJ0QJFg1stwli2Pz // 9ncYhFoqi8pXr7kEzEJBTzX4thuw56ydbGsshSEznPXoerCJOc7UI2+n0wFCWQ4Y // LHbh/PrWt4vdadyUUUW/QpQHXQLdD8q/Qwqdj0O9zlJE7R6Elw2E9EqnHyIGu1hm // LxhqrTru1M18SUhONYbVskV/BCEdVKs//X96849HorWQDCAgVMWfGsdMVq55FAdJ // 680N5UmQDRynIZ4+PeNGN4S9iw2mbMNEBQIDAQAB // -----END RSA PUBLIC KEY----- // // bVerified = True // 1 // -----BEGIN RSA PUBLIC KEY----- // MIIBCgKCAQEAxT/ngLZNmT5GBdkLtJZjNeTB+8B5yWgrq/e5eMZ1hrZhcmLK+dSn // IkpOPV8/OekV67EnQ7I4II2rcNJnHGrGKZziXO3XN2gtUHE+mBJC99oULSbX/QwB // Kz7gC/IBPq9EuxTt6Oq6fPkVQ9DbRIgWJSEGBF/KRaNl3kyAlIZfpY7XgHyJTTv8 // E7yAcYKPR+36gzdl+ps0sDLKzUuAtZNq8llK0u80z6AtAUIYwWdkEhM9upy6keKI // TasIxcsO7M6kZPINUSbh6t5VAm8FuqRmxpgg+9c9/GQSGd89InVypoVzWLQ+wOGg // 5G4H6JqIgtj0TRFt4gK0eoFi2U0d3l8bcwIDAQAB // -----END RSA PUBLIC KEY----- // // bVerified = False CkHttpW_Dispose(http); CkJsonObjectW_Dispose(json); CkJsonObjectW_Dispose(jsonToken); CkStringBuilderW_Dispose(sbIdToken); CkRsaW_Dispose(rsa); CkPublicKeyW_Dispose(pubKey); } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.