├── README.md
├── external
    ├── aspJSON.asp
    ├── base64.asp
    └── sha256.wsc
├── jwt.asp
└── utils.asp


/README.md:
--------------------------------------------------------------------------------
 1 | ## Classic ASP JWT
 2 | 
 3 | A JWT implementation in Classic ASP, currently only supports `JWTEncode(dictionary, secret)`.
 4 | 
 5 | ### Usage
 6 | 
 7 | ```asp
 8 | <!--#include file="jwt.asp" -->
 9 | <%
10 | Dim sKey, dAttributes, sToken
11 | 
12 | sKey = "Shared Secret"
13 | Set dAttributes=Server.CreateObject("Scripting.Dictionary")
14 | 
15 | ' The UniqueString and SecsSinceEpoch functions are provided by this implementation
16 | dAttributes.Add "jti", UniqueString
17 | dAttributes.Add "iat", SecsSinceEpoch
18 | dAttributes.Add "name", "Roger"
19 | dAttributes.Add "email", "roger@example.com"
20 | 
21 | sToken = JWTEncode(dAttributes, sKey)
22 | %>
23 | ```
24 | 
25 | ### License
26 | 
27 | The depdendencies in the `external` folder are subject to their respective licenses as noted in the files. This license only pertains to the other files in this repository.
28 | 
29 | Copyright 2013 Zendesk
30 | 
31 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
32 | You may obtain a copy of the License at
33 | 
34 | http://www.apache.org/licenses/LICENSE-2.0
35 | 
36 | Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
37 | 


--------------------------------------------------------------------------------
/external/aspJSON.asp:
--------------------------------------------------------------------------------
  1 | <%
  2 | 'July 2012 - Version 1.0 by Gerrit van Kuipers - http://www.aspjson.com/
  3 | Class aspJSON
  4 | 	Public data
  5 | 	Private p_JSONstring
  6 | 	Private p_datatype
  7 | 
  8 | 	Private Sub Class_Initialize()
  9 | 		Set data = Collection()
 10 | 		p_datatype = "{}"
 11 | 	End Sub
 12 | 
 13 | 	Private Sub Class_Terminate()
 14 | 		Set data = Nothing
 15 | 	End Sub
 16 | 
 17 | 	Public Function loadJSON(strInput)
 18 | 		p_JSONstring = CleanUpJSONstring(Trim(strInput))
 19 | 		lines = Split(p_JSONstring, vbCrLf)
 20 | 
 21 | 		Dim level(99)
 22 | 		currentlevel = 1
 23 | 		Set level(currentlevel) = data
 24 | 		For Each line In lines
 25 | 			currentkey = ""
 26 | 			currentvalue = ""
 27 | 			If Instr(line, ":") > 0 Then
 28 | 				'"created":"2010-04-30 09:20:09"
 29 | 
 30 | 				in_string = False
 31 | 				in_escape = False
 32 | 				For i_tmp = 1 To Len(line)
 33 | 					If in_escape Then
 34 | 						in_escape = False
 35 | 					Else
 36 | 						char = Mid(line, i_tmp, 1)
 37 | 						Select Case char
 38 | 							Case """"
 39 | 								in_string = Not in_string
 40 | 							Case ":"
 41 | 								If Not in_escape Then
 42 | 									currentkey = Left(line, i_tmp - 1)
 43 | 									currentvalue = Mid(line, i_tmp + 1)
 44 | 									Exit For
 45 | 								End If
 46 | 							Case "\"
 47 | 								in_escape = True
 48 | 						End Select
 49 | 					End If
 50 | 				Next
 51 | 				currentkey = Strip(JSONDecode(currentkey), """")
 52 | 				If Not level(currentlevel).exists(currentkey) Then level(currentlevel).Add currentkey, ""
 53 | 			End If
 54 | 			If Instr(line,"{") > 0 Or Instr(line,"[") > 0 Then
 55 | 				If Len(currentkey) = 0 Then currentkey = level(currentlevel).Count
 56 | 				Set level(currentlevel).Item(currentkey) = Collection()
 57 | 				Set level(currentlevel + 1) = level(currentlevel).Item(currentkey)
 58 | 				currentlevel = currentlevel + 1
 59 | 				currentkey = ""
 60 | 			ElseIf Instr(line,"}") > 0 Or Instr(line,"]") > 0 Then
 61 | 				currentlevel = currentlevel - 1
 62 | 			ElseIf Len(Trim(line)) > 0 Then
 63 | 				if Len(currentvalue) = 0 Then currentvalue = getJSONValue(line)
 64 | 				currentvalue = getJSONValue(currentvalue)
 65 | 
 66 | 				If Len(currentkey) = 0 Then currentkey = level(currentlevel).Count
 67 | 				level(currentlevel).Item(currentkey) = currentvalue
 68 | 			End If
 69 | 		Next
 70 | 	End Function
 71 | 
 72 | 	Public Function Collection()
 73 | 		set Collection = Server.CreateObject("Scripting.Dictionary")
 74 | 	End Function
 75 | 
 76 | 	Public Function AddToCollection(dictobj)
 77 | 		if TypeName(dictobj) <> "Dictionary" then Err.Raise 1, "AddToCollection Error", "Not a collection."
 78 | 		newlabel = dictobj.Count
 79 | 		dictobj.Add newlabel, Collection()
 80 | 		set AddToCollection = dictobj.item(newlabel)
 81 | 	end function
 82 | 
 83 | 	Private Function CleanUpJSONstring(originalstring)
 84 | 		originalstring = Replace(originalstring,vbCrLf, "")
 85 | 
 86 | 		p_datatype = Left(originalstring, 1) & Right(originalstring, 1)
 87 | 		originalstring = Mid(originalstring, 2, Len(originalstring) - 2)
 88 | 		in_string = False : in_escape = False
 89 | 		For i_tmp = 1 To Len(originalstring)
 90 | 			If in_escape Then
 91 | 				in_escape = False
 92 | 			Else
 93 | 				char_tmp = Mid(originalstring, i_tmp, 1)
 94 | 				Select Case char_tmp
 95 | 					Case "\" : in_escape = True
 96 | 					Case """" : s_tmp = s_tmp & char_tmp : in_string = Not in_string
 97 | 					Case "{", "["
 98 | 						s_tmp = s_tmp & char_tmp & InlineIf(in_string, "", vbCrLf)
 99 | 					Case "}", "]"
100 | 						s_tmp = s_tmp & InlineIf(in_string, "", vbCrLf) & char_tmp
101 | 					Case "," : s_tmp = s_tmp & char_tmp & InlineIf(in_string, "", vbCrLf)
102 | 					Case Else : s_tmp = s_tmp & char_tmp
103 | 				End Select
104 | 			End If
105 | 		Next
106 | 
107 | 		CleanUpJSONstring = ""
108 | 		s_tmp = split(s_tmp, vbCrLf)
109 | 		For Each line_tmp In s_tmp
110 | 			CleanUpJSONstring = CleanUpJSONstring & Trim(line_tmp) & vbCrLf
111 | 		Next
112 | 	End Function
113 | 
114 | 	Private Function getJSONValue(ByVal val)
115 | 		val = Trim(val)
116 | 		If Left(val,1) = ":"  Then val = Mid(val, 2)
117 | 		If Right(val,1) = "," Then val = Left(val, Len(val) - 1)
118 | 		val = Trim(val)
119 | 
120 | 		Select Case val
121 | 			Case "true"  : getJSONValue = True
122 | 			Case "false" : getJSONValue = False
123 | 			Case "null" : getJSONValue = Null
124 | 			Case Else
125 | 				If (Instr(val, """") = 0) Then
126 | 					If IsNumeric(val) Then
127 | 						getJSONValue = CDbl(val)
128 | 					Else
129 | 						getJSONValue = val
130 | 					End If
131 | 				Else
132 | 					If Left(val,1) = """" Then val = Mid(val, 2)
133 | 					If Right(val,1) = """" Then val = Left(val, Len(val) - 1)
134 | 					getJSONValue = JSONDecode(Trim(val))
135 | 				End If
136 | 		End Select
137 | 	End Function
138 | 
139 | 	Private JSONoutput_level
140 | 	Public Function JSONoutput()
141 | 		JSONoutput_level = 1
142 | 		JSONoutput = Left(p_datatype, 1) & vbCrLf & GetDict(data) & Right(p_datatype, 1)
143 | 	End Function
144 | 
145 | 	Private Function GetDict(objDict)
146 | 		For Each item In objDict
147 | 			Select Case TypeName(objDict.Item(item))
148 | 				Case "Dictionary"
149 | 					GetDict = GetDict & Space(JSONoutput_level * 4)
150 | 
151 | 					dicttype = "[]"
152 | 					For Each label In objDict.Item(item).Keys
153 | 						 If Not IsInt(label) Then dicttype = "{}"
154 | 					Next
155 | 
156 | 					If IsInt(item) Then
157 | 						GetDict = GetDict & Left(dicttype,1) & vbCrLf
158 | 					Else
159 | 						GetDict = GetDict & """" & JSONEncode(item) & """" & ": " & Left(dicttype,1) & vbCrLf
160 | 					End If
161 | 					JSONoutput_level = JSONoutput_level + 1
162 | 
163 | 					keyvals =  objDict.Keys
164 | 					GetDict = GetDict & GetSubDict(objDict.Item(item)) & Space(JSONoutput_level * 4) & Right(dicttype,1) & InlineIf(item = keyvals(objDict.Count - 1),"" , ",") & vbCrLf
165 | 				Case Else
166 | 					keyvals =  objDict.Keys
167 | 					GetDict = GetDict & Space(JSONoutput_level * 4) & InlineIf(IsInt(item), "", """" & JSONEncode(item) & """: ") & WriteValue(objDict.Item(item)) & InlineIf(item = keyvals(objDict.Count - 1),"" , ",") & vbCrLf
168 | 			End Select
169 | 		Next
170 | 	End Function
171 | 
172 | 	Private Function IsInt(val)
173 | 		IsInt = (TypeName(val) = "Integer" Or TypeName(val) = "Long")
174 | 	End Function
175 | 
176 | 	Private Function GetSubDict(objSubDict)
177 | 		GetSubDict = GetDict(objSubDict)
178 | 		JSONoutput_level= JSONoutput_level -1
179 | 	End Function
180 | 
181 | 	Private Function WriteValue(ByVal val)
182 | 		Select Case TypeName(val)
183 | 			Case "Double", "Integer", "Long": WriteValue = val
184 | 			Case "Null"						: WriteValue = "null"
185 | 			Case "Boolean"					: WriteValue = InlineIf(val, "true", "false")
186 | 			Case Else		: WriteValue = """" & JSONEncode(val) & """"
187 | 		End Select
188 | 	End Function
189 | 
190 | 	Private Function JSONEncode(ByVal val)
191 | 		val = Replace(val, "\", "\\")
192 | 		val = Replace(val, """", "\""")
193 | 		'val = Replace(val, "/", "\/")
194 | 		val = Replace(val, Chr(8), "\b")
195 | 		val = Replace(val, Chr(12), "\f")
196 | 		val = Replace(val, Chr(10), "\n")
197 | 		val = Replace(val, Chr(13), "\r")
198 | 		val = Replace(val, Chr(9), "\t")
199 | 		JSONEncode = Trim(val)
200 | 	End Function
201 | 
202 | 	Private Function JSONDecode(ByVal val)
203 | 		val = Replace(val, "\""", """")
204 | 		val = Replace(val, "\\", "\")
205 | 		val = Replace(val, "\/", "/")
206 | 		val = Replace(val, "\b", Chr(8))
207 | 		val = Replace(val, "\f", Chr(12))
208 | 		val = Replace(val, "\n", Chr(10))
209 | 		val = Replace(val, "\r", Chr(13))
210 | 		val = Replace(val, "\t", Chr(9))
211 | 		JSONDecode = Trim(val)
212 | 	End Function
213 | 
214 | 	Private Function InlineIf(condition, returntrue, returnfalse)
215 | 		If condition Then InlineIf = returntrue Else InlineIf = returnfalse
216 | 	End Function
217 | 
218 | 	Private Function Strip(ByVal val, stripper)
219 | 		If Left(val, 1) = stripper Then val = Mid(val, 2)
220 | 		If Right(val, 1) = stripper Then val = Left(val, Len(val) - 1)
221 | 		Strip = val
222 | 	End Function
223 | End Class
224 | %>
225 | 


--------------------------------------------------------------------------------
/external/base64.asp:
--------------------------------------------------------------------------------
  1 | <%
  2 | Function Base64Encode(inData)
  3 | 'rfc1521
  4 | '2001 Antonin Foller, Motobit Software, http://Motobit.cz
  5 | 'http://www.motobit.com/tips/detpg_Base64Encode/
  6 | 
  7 | Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
  8 | Dim cOut, sOut, I
  9 | 
 10 | 'For each group of 3 bytes
 11 | 
 12 | For I = 1 To Len(inData) Step 3
 13 | Dim nGroup, pOut, sGroup
 14 | 
 15 | 'Create one long from this 3 bytes.
 16 | 
 17 | nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _
 18 | &H100 * MyASC(Mid(inData, I + 1, 1)) + MyASC(Mid(inData, I + 2, 1))
 19 | 
 20 | 'Oct splits the long To 8 groups with 3 bits
 21 | 
 22 | nGroup = Oct(nGroup)
 23 | 
 24 | 'Add leading zeros
 25 | 
 26 | nGroup = String(8 - Len(nGroup), "0") & nGroup
 27 | 
 28 | 'Convert To base64
 29 | 
 30 | pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) + _
 31 | Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) + _
 32 | Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) + _
 33 | Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1)
 34 | 
 35 | 'Add the part To OutPut string
 36 | 
 37 | sOut = sOut + pOut
 38 | 
 39 | 'Add a new line For Each 76 chars In dest (76*3/4 = 57)
 40 | 'If (I + 2) Mod 57 = 0 Then sOut = sOut + vbCrLf
 41 | 
 42 | Next
 43 | Select Case Len(inData) Mod 3
 44 | Case 1: '8 bit final
 45 | 
 46 | sOut = Left(sOut, Len(sOut) - 2) + "=="
 47 | Case 2: '16 bit final
 48 | 
 49 | sOut = Left(sOut, Len(sOut) - 1) + "="
 50 | End Select
 51 | Base64Encode = sOut
 52 | End Function
 53 | 
 54 | Function MyASC(OneChar)
 55 | If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar)
 56 | End Function
 57 | 
 58 | 
 59 | 
 60 | Function Base64Decode(ByVal base64String)
 61 | 'rfc1521
 62 | '1999 Antonin Foller, Motobit Software, http://Motobit.cz
 63 | 
 64 | Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
 65 | Dim dataLength, sOut, groupBegin
 66 | 
 67 | 'remove white spaces, If any
 68 | 
 69 | base64String = Replace(base64String, vbCrLf, "")
 70 | base64String = Replace(base64String, vbTab, "")
 71 | base64String = Replace(base64String, " ", "")
 72 | 
 73 | 'The source must consists from groups with Len of 4 chars
 74 | 
 75 | dataLength = Len(base64String)
 76 | If dataLength Mod 4 <> 0 Then
 77 | Err.Raise 1, "Base64Decode", "Bad Base64 string."
 78 | Exit Function
 79 | End If
 80 | 
 81 | 
 82 | ' Now decode each group:
 83 | 
 84 | For groupBegin = 1 To dataLength Step 4
 85 | Dim numDataBytes, CharCounter, thisChar, thisData, nGroup, pOut
 86 | ' Each data group encodes up To 3 actual bytes.
 87 | 
 88 | numDataBytes = 3
 89 | nGroup = 0
 90 | 
 91 | For CharCounter = 0 To 3
 92 | ' Convert each character into 6 bits of data, And add it To
 93 | ' an integer For temporary storage. If a character is a '=', there
 94 | ' is one fewer data byte. (There can only be a maximum of 2 '=' In
 95 | ' the whole string.)
 96 | 
 97 | thisChar = Mid(base64String, groupBegin + CharCounter, 1)
 98 | 
 99 | If thisChar = "=" Then
100 | numDataBytes = numDataBytes - 1
101 | thisData = 0
102 | Else
103 | thisData = InStr(1, Base64, thisChar, vbBinaryCompare) - 1
104 | End If
105 | If thisData = -1 Then
106 | Err.Raise 2, "Base64Decode", "Bad character In Base64 string."
107 | Exit Function
108 | End If
109 | 
110 | nGroup = 64 * nGroup + thisData
111 | Next
112 | 
113 | 'Hex splits the long To 6 groups with 4 bits
114 | 
115 | nGroup = Hex(nGroup)
116 | 
117 | 'Add leading zeros
118 | 
119 | nGroup = String(6 - Len(nGroup), "0") & nGroup
120 | 
121 | 'Convert the 3 byte hex integer (6 chars) To 3 characters
122 | 
123 | pOut = Chr(CByte("&H" & Mid(nGroup, 1, 2))) + _
124 | Chr(CByte("&H" & Mid(nGroup, 3, 2))) + _
125 | Chr(CByte("&H" & Mid(nGroup, 5, 2)))
126 | 
127 | 'add numDataBytes characters To out string
128 | 
129 | sOut = sOut & Left(pOut, numDataBytes)
130 | Next
131 | 
132 | 
133 | 
134 | Base64Decode = sOut
135 | End Function
136 | %>
137 | 


--------------------------------------------------------------------------------
/external/sha256.wsc:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <component>
  3 | <?component error="true" debug="true"?>
  4 | <registration
  5 | 	description="sha256"
  6 | 	progid="sha256.WSC"
  7 | 	version="1.00"
  8 | 	classid="{E2EA9DA9-6B72-437B-85E8-4542DA19F7E6}"
  9 | >
 10 | </registration>
 11 | 
 12 | <public>
 13 | 
 14 | <!-- properties -->
 15 | 	<property name="hexcase">
 16 | 		<get/>
 17 | 		<put/>
 18 | 	</property>
 19 | 	<property name="b64pad">
 20 | 		<get/>
 21 | 		<put/>
 22 | 	</property>
 23 | 
 24 | <!-- methods -->
 25 | 	<method name="b64_hmac_sha256">
 26 | 		<PARAMETER name="k"/>
 27 | 		<PARAMETER name="d"/>
 28 | 	</method>
 29 | </public>
 30 | 
 31 | <script language="javascript">
 32 | <![CDATA[
 33 | 
 34 | /*	properties	*/
 35 | function get_hexcase()			{get_hexcase	= hexcase};
 36 | function put_hexcase(newValue)	{hexcase		= newValue};
 37 | 
 38 | function get_b64pad()			{get_b64pad		= b64pad};
 39 | function put_b64pad(newValue)	{b64pad			= newValue};
 40 | 
 41 | 
 42 | /*	methods	*/
 43 | /*
 44 | 
 45 | 
 46 | /*
 47 |  * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
 48 |  * in FIPS 180-2
 49 |  * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
 50 |  * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
 51 |  * Distributed under the BSD License
 52 |  * See http://pajhome.org.uk/crypt/md5 for details.
 53 |  * Adapted into a WSC for use in classic ASP by Daniel O'Malley
 54 |  * (based on an SHA-1 example by Erik Oosterwaal)
 55 |  * for use with the Amazon Product Advertising API
 56 |  */
 57 | 
 58 | /*
 59 |  * Configurable variables
 60 |  */
 61 | var hexcase = 1;  /* hex output format. 0 - lowercase; 1 - uppercase  */
 62 | var b64pad  = "="; /* base-64 pad character.  */
 63 | 
 64 | /*
 65 |  * Below is the signature-generation function for Amazon that takes two parameters:
 66 |  * k - your Amazon AWS "secret access key"
 67 |  * d - the data you wish to encode (the string to sign)
 68 |  * The function passes these parameters through HMAC-SHA256 hashing/encoding, then returns a
 69 |  * base-64 encoded string which you then use as your signature for the Amazon API call
 70 |  */
 71 | 
 72 | function b64_hmac_sha256(k, d)
 73 |   {
 74 | /* To avoid any ambiguity over use of linefeed characters, the line below replaces
 75 |  * any line break, carriage return or other whitespace in the input with a "\n" character
 76 |  * since that's what Amazon requires
 77 |  */
 78 | d=d.replace ( /\s/g, "\n");
 79 | return rstr2b64(rstr_hmac_sha256(str2rstr_utf8(k), str2rstr_utf8(d)));
 80 | }
 81 | 
 82 | 
 83 | /*
 84 |  * Calculate the HMAC-sha256 of a key and some data (raw strings)
 85 |  */
 86 | function rstr_hmac_sha256(key, data)
 87 | {
 88 |   var bkey = rstr2binb(key);
 89 |   if(bkey.length > 16) bkey = binb_sha256(bkey, key.length * 8);
 90 | 
 91 |   var ipad = Array(16), opad = Array(16);
 92 |   for(var i = 0; i < 16; i++)
 93 |   {
 94 |     ipad[i] = bkey[i] ^ 0x36363636;
 95 |     opad[i] = bkey[i] ^ 0x5C5C5C5C;
 96 |   }
 97 | 
 98 |   var hash = binb_sha256(ipad.concat(rstr2binb(data)), 512 + data.length * 8);
 99 |   return binb2rstr(binb_sha256(opad.concat(hash), 512 + 256));
100 | }
101 | 
102 | /*
103 |  * Convert a raw string to a hex string
104 |  */
105 | function rstr2hex(input)
106 | {
107 |   try { hexcase } catch(e) { hexcase=0; }
108 |   var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
109 |   var output = "";
110 |   var x;
111 |   for(var i = 0; i < input.length; i++)
112 |   {
113 |     x = input.charCodeAt(i);
114 |     output += hex_tab.charAt((x >>> 4) & 0x0F)
115 |            +  hex_tab.charAt( x        & 0x0F);
116 |   }
117 |   return output;
118 | }
119 | 
120 | /*
121 |  * Convert a raw string to a base-64 string
122 |  */
123 | function rstr2b64(input)
124 | {
125 |   try { b64pad } catch(e) { b64pad=''; }
126 |   var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
127 |   var output = "";
128 |   var len = input.length;
129 |   for(var i = 0; i < len; i += 3)
130 |   {
131 |     var triplet = (input.charCodeAt(i) << 16)
132 |                 | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
133 |                 | (i + 2 < len ? input.charCodeAt(i+2)      : 0);
134 |     for(var j = 0; j < 4; j++)
135 |     {
136 |       if(i * 8 + j * 6 > input.length * 8) output += b64pad;
137 |       else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
138 |     }
139 |   }
140 |   return output;
141 | }
142 | 
143 | /*
144 |  * Convert a raw string to an arbitrary string encoding
145 |  */
146 | function rstr2any(input, encoding)
147 | {
148 |   var divisor = encoding.length;
149 |   var remainders = Array();
150 |   var i, q, x, quotient;
151 | 
152 |   /* Convert to an array of 16-bit big-endian values, forming the dividend */
153 |   var dividend = Array(Math.ceil(input.length / 2));
154 |   for(i = 0; i < dividend.length; i++)
155 |   {
156 |     dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1);
157 |   }
158 | 
159 |   /*
160 |    * Repeatedly perform a long division. The binary array forms the dividend,
161 |    * the length of the encoding is the divisor. Once computed, the quotient
162 |    * forms the dividend for the next step. We stop when the dividend is zero.
163 |    * All remainders are stored for later use.
164 |    */
165 |   while(dividend.length > 0)
166 |   {
167 |     quotient = Array();
168 |     x = 0;
169 |     for(i = 0; i < dividend.length; i++)
170 |     {
171 |       x = (x << 16) + dividend[i];
172 |       q = Math.floor(x / divisor);
173 |       x -= q * divisor;
174 |       if(quotient.length > 0 || q > 0)
175 |         quotient[quotient.length] = q;
176 |     }
177 |     remainders[remainders.length] = x;
178 |     dividend = quotient;
179 |   }
180 | 
181 |   /* Convert the remainders to the output string */
182 |   var output = "";
183 |   for(i = remainders.length - 1; i >= 0; i--)
184 |     output += encoding.charAt(remainders[i]);
185 | 
186 |   /* Append leading zero equivalents */
187 |   var full_length = Math.ceil(input.length * 8 /
188 |                                     (Math.log(encoding.length) / Math.log(2)))
189 |   for(i = output.length; i < full_length; i++)
190 |     output = encoding[0] + output;
191 | 
192 |   return output;
193 | }
194 | 
195 | /*
196 |  * Encode a string as utf-8.
197 |  * For efficiency, this assumes the input is valid utf-16.
198 |  */
199 | function str2rstr_utf8(input)
200 | {
201 |   var output = "";
202 |   var i = -1;
203 |   var x, y;
204 | 
205 |   while(++i < input.length)
206 |   {
207 |     /* Decode utf-16 surrogate pairs */
208 |     x = input.charCodeAt(i);
209 |     y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;
210 |     if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF)
211 |     {
212 |       x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);
213 |       i++;
214 |     }
215 | 
216 |     /* Encode output as utf-8 */
217 |     if(x <= 0x7F)
218 |       output += String.fromCharCode(x);
219 |     else if(x <= 0x7FF)
220 |       output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F),
221 |                                     0x80 | ( x         & 0x3F));
222 |     else if(x <= 0xFFFF)
223 |       output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F),
224 |                                     0x80 | ((x >>> 6 ) & 0x3F),
225 |                                     0x80 | ( x         & 0x3F));
226 |     else if(x <= 0x1FFFFF)
227 |       output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07),
228 |                                     0x80 | ((x >>> 12) & 0x3F),
229 |                                     0x80 | ((x >>> 6 ) & 0x3F),
230 |                                     0x80 | ( x         & 0x3F));
231 |   }
232 |   return output;
233 | }
234 | 
235 | /*
236 |  * Encode a string as utf-16
237 |  */
238 | function str2rstr_utf16le(input)
239 | {
240 |   var output = "";
241 |   for(var i = 0; i < input.length; i++)
242 |     output += String.fromCharCode( input.charCodeAt(i)        & 0xFF,
243 |                                   (input.charCodeAt(i) >>> 8) & 0xFF);
244 |   return output;
245 | }
246 | 
247 | function str2rstr_utf16be(input)
248 | {
249 |   var output = "";
250 |   for(var i = 0; i < input.length; i++)
251 |     output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF,
252 |                                    input.charCodeAt(i)        & 0xFF);
253 |   return output;
254 | }
255 | 
256 | /*
257 |  * Convert a raw string to an array of big-endian words
258 |  * Characters >255 have their high-byte silently ignored.
259 |  */
260 | function rstr2binb(input)
261 | {
262 |   var output = Array(input.length >> 2);
263 |   for(var i = 0; i < output.length; i++)
264 |     output[i] = 0;
265 |   for(var i = 0; i < input.length * 8; i += 8)
266 |     output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32);
267 |   return output;
268 | }
269 | 
270 | /*
271 |  * Convert an array of big-endian words to a string
272 |  */
273 | function binb2rstr(input)
274 | {
275 |   var output = "";
276 |   for(var i = 0; i < input.length * 32; i += 8)
277 |     output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF);
278 |   return output;
279 | }
280 | 
281 | /*
282 |  * Main sha256 function, with its support functions
283 |  */
284 | function sha256_S (X, n) {return ( X >>> n ) | (X << (32 - n));}
285 | function sha256_R (X, n) {return ( X >>> n );}
286 | function sha256_Ch(x, y, z) {return ((x & y) ^ ((~x) & z));}
287 | function sha256_Maj(x, y, z) {return ((x & y) ^ (x & z) ^ (y & z));}
288 | function sha256_Sigma0256(x) {return (sha256_S(x, 2) ^ sha256_S(x, 13) ^ sha256_S(x, 22));}
289 | function sha256_Sigma1256(x) {return (sha256_S(x, 6) ^ sha256_S(x, 11) ^ sha256_S(x, 25));}
290 | function sha256_Gamma0256(x) {return (sha256_S(x, 7) ^ sha256_S(x, 18) ^ sha256_R(x, 3));}
291 | function sha256_Gamma1256(x) {return (sha256_S(x, 17) ^ sha256_S(x, 19) ^ sha256_R(x, 10));}
292 | function sha256_Sigma0512(x) {return (sha256_S(x, 28) ^ sha256_S(x, 34) ^ sha256_S(x, 39));}
293 | function sha256_Sigma1512(x) {return (sha256_S(x, 14) ^ sha256_S(x, 18) ^ sha256_S(x, 41));}
294 | function sha256_Gamma0512(x) {return (sha256_S(x, 1)  ^ sha256_S(x, 8) ^ sha256_R(x, 7));}
295 | function sha256_Gamma1512(x) {return (sha256_S(x, 19) ^ sha256_S(x, 61) ^ sha256_R(x, 6));}
296 | 
297 | var sha256_K = new Array
298 | (
299 |   1116352408, 1899447441, -1245643825, -373957723, 961987163, 1508970993,
300 |   -1841331548, -1424204075, -670586216, 310598401, 607225278, 1426881987,
301 |   1925078388, -2132889090, -1680079193, -1046744716, -459576895, -272742522,
302 |   264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986,
303 |   -1740746414, -1473132947, -1341970488, -1084653625, -958395405, -710438585,
304 |   113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291,
305 |   1695183700, 1986661051, -2117940946, -1838011259, -1564481375, -1474664885,
306 |   -1035236496, -949202525, -778901479, -694614492, -200395387, 275423344,
307 |   430227734, 506948616, 659060556, 883997877, 958139571, 1322822218,
308 |   1537002063, 1747873779, 1955562222, 2024104815, -2067236844, -1933114872,
309 |   -1866530822, -1538233109, -1090935817, -965641998
310 | );
311 | 
312 | function binb_sha256(m, l)
313 | {
314 |   var HASH = new Array(1779033703, -1150833019, 1013904242, -1521486534,
315 |                        1359893119, -1694144372, 528734635, 1541459225);
316 |   var W = new Array(64);
317 |   var a, b, c, d, e, f, g, h;
318 |   var i, j, T1, T2;
319 | 
320 |   /* append padding */
321 |   m[l >> 5] |= 0x80 << (24 - l % 32);
322 |   m[((l + 64 >> 9) << 4) + 15] = l;
323 | 
324 |   for(i = 0; i < m.length; i += 16)
325 |   {
326 |     a = HASH[0];
327 |     b = HASH[1];
328 |     c = HASH[2];
329 |     d = HASH[3];
330 |     e = HASH[4];
331 |     f = HASH[5];
332 |     g = HASH[6];
333 |     h = HASH[7];
334 | 
335 |     for(j = 0; j < 64; j++)
336 |     {
337 |       if (j < 16) W[j] = m[j + i];
338 |       else W[j] = safe_add(safe_add(safe_add(sha256_Gamma1256(W[j - 2]), W[j - 7]),
339 |                                             sha256_Gamma0256(W[j - 15])), W[j - 16]);
340 | 
341 |       T1 = safe_add(safe_add(safe_add(safe_add(h, sha256_Sigma1256(e)), sha256_Ch(e, f, g)),
342 |                                                           sha256_K[j]), W[j]);
343 |       T2 = safe_add(sha256_Sigma0256(a), sha256_Maj(a, b, c));
344 |       h = g;
345 |       g = f;
346 |       f = e;
347 |       e = safe_add(d, T1);
348 |       d = c;
349 |       c = b;
350 |       b = a;
351 |       a = safe_add(T1, T2);
352 |     }
353 | 
354 |     HASH[0] = safe_add(a, HASH[0]);
355 |     HASH[1] = safe_add(b, HASH[1]);
356 |     HASH[2] = safe_add(c, HASH[2]);
357 |     HASH[3] = safe_add(d, HASH[3]);
358 |     HASH[4] = safe_add(e, HASH[4]);
359 |     HASH[5] = safe_add(f, HASH[5]);
360 |     HASH[6] = safe_add(g, HASH[6]);
361 |     HASH[7] = safe_add(h, HASH[7]);
362 |   }
363 |   return HASH;
364 | }
365 | 
366 | function safe_add (x, y)
367 | {
368 |   var lsw = (x & 0xFFFF) + (y & 0xFFFF);
369 |   var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
370 |   return (msw << 16) | (lsw & 0xFFFF);
371 | }
372 | 
373 | 
374 | ]]>
375 | </script>
376 | </component>
377 | 


--------------------------------------------------------------------------------
/jwt.asp:
--------------------------------------------------------------------------------
 1 | <!--#include file="utils.asp"-->
 2 | <%
 3 | ' Accepts an ASP dictionary of key/value pairs and a secret and
 4 | ' returns a signed JSON Web Token
 5 | Function JWTEncode(dPayload, sSecret)
 6 |   Dim sPayload, sHeader, sBase64Payload, sBase64Header
 7 |   Dim sSignature, sToken
 8 | 
 9 |   sPayload = DictionaryToJSONString(dPayload)
10 |   sHeader  = JWTHeaderDictionary()
11 | 
12 |   sBase64Payload = SafeBase64Encode(sPayload)
13 |   sBase64Header  = SafeBase64Encode(sHeader)
14 | 
15 |   sPayload       = sBase64Header & "." & sBase64Payload
16 |   sSignature     = SHA256SignAndEncode(sPayload, sSecret)
17 |   sToken         = sPayload & "." & sSignature
18 | 
19 |   JWTEncode = sToken
20 | End Function
21 | 
22 | ' SHA256 HMAC
23 | Function SHA256SignAndEncode(sIn, sKey)
24 |   Dim sSignature
25 | 
26 |   'Open WSC object to access the encryption function
27 |   Set sha256 = GetObject("script:"&Server.MapPath("./external/sha256.wsc"))
28 | 
29 |   'SHA256 sign data
30 |   sSignature = sha256.b64_hmac_sha256(sKey, sIn)
31 |   sSignature = Base64ToSafeBase64(sSignature)
32 | 
33 |   SHA256SignAndEncode = sSignature
34 | End Function
35 | 
36 | ' Returns a static JWT header dictionary
37 | Function JWTHeaderDictionary()
38 |   Dim dOut
39 |   Set dOut = Server.CreateObject("Scripting.Dictionary")
40 |   dOut.Add "typ", "JWT"
41 |   dOut.Add "alg", "HS256"
42 | 
43 |   JWTHeaderDictionary = DictionaryToJSONString(dOut)
44 | End Function
45 | %>
46 | 


--------------------------------------------------------------------------------
/utils.asp:
--------------------------------------------------------------------------------
 1 | <!--#include file="external/base64.asp"-->
 2 | <!--#include file="external/aspJSON.asp"-->
 3 | <%
 4 | ' The URL- and filename-safe Base64 encoding described in RFC 4648 [RFC4648], Section 5,
 5 | ' with the (non URL-safe) '=' padding characters omitted, as permitted by Section 3.2.
 6 | ' (See Appendix C of [JWS] for notes on implementing base64url encoding without padding.)
 7 | ' http://tools.ietf.org/html/rfc4648
 8 | ' http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-10
 9 | Function SafeBase64Encode(sIn)
10 |   sOut = Base64Encode(sIn)
11 |   sOut = Base64ToSafeBase64(sOut)
12 | 
13 |   SafeBase64Encode = sOut
14 | End Function
15 | 
16 | ' Strips unsafe characters from a Base64 encoded string
17 | Function Base64ToSafeBase64(sIn)
18 |   sOut = Replace(sIn,"+","-")
19 |   sOut = Replace(sOut,"/","_")
20 |   sOut = Replace(sOut,"\r","")
21 |   sOut = Replace(sOut,"\n","")
22 |   sOut = Replace(sOut,"=","")
23 | 
24 |   Base64ToSafeBase64 = sOut
25 | End Function
26 | 
27 | ' Converts an ASP dictionary to a JSON string
28 | Function DictionaryToJSONString(dDictionary)
29 |   Set oJSONpayload = New aspJSON
30 | 
31 |   
32 |   Dim i, aKeys
33 |   aKeys = dDictionary.keys
34 |   
35 |   For i = 0 to dDictionary.Count-1
36 |     oJSONpayload.data (aKeys(i))= dDictionary(aKeys(i))
37 |   Next
38 | 
39 |   DictionaryToJSONString = oJSONpayload.JSONoutput()
40 | End Function
41 | 
42 | Function dtmAdjusted_date()
43 |   Dim dtmDateValue, dtmAdjusted
44 |   Dim objShell, lngBiasKey, lngBias, k
45 | 
46 |   dtmDateValue = Now()
47 | 
48 |   ' Obtain local Time Zone bias from machine registry.
49 |   Set objShell = CreateObject("Wscript.Shell")
50 |   lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
51 |       & "TimeZoneInformation\ActiveTimeBias")
52 |   If (UCase(TypeName(lngBiasKey)) = "LONG") Then
53 |       lngBias = lngBiasKey
54 |   ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
55 |       lngBias = 0
56 |       For k = 0 To UBound(lngBiasKey)
57 |           lngBias = lngBias + (lngBiasKey(k) * 256^k)
58 |       Next
59 |   End If
60 | 
61 |   ' Convert datetime value to UTC.
62 |   dtmAdjusted = DateAdd("n", lngBias, dtmDateValue)
63 |   dtmAdjusted_date = dtmAdjusted
64 | 
65 | End Function
66 | 
67 | 
68 | ' Returns the number of seconds since epoch
69 | Function SecsSinceEpoch()
70 |   SecsSinceEpoch = DateDiff("s", "01/01/1970 00:00:00", dtmAdjusted_date())
71 | End Function
72 | 
73 | ' Returns a random string to prevent replays
74 | Function UniqueString()
75 |   Set TypeLib = CreateObject("Scriptlet.TypeLib")
76 |     UniqueString = Left(CStr(TypeLib.Guid), 38)
77 |     Set TypeLib = Nothing
78 | End Function
79 | 
80 | 
81 | %>
82 | 


--------------------------------------------------------------------------------