public void WrapKeyAlgorithmNotSupported([EnumValues(Exclude = new[] { nameof(KeyType.Ec), nameof(KeyType.EcHsm) })] KeyType keyType)
{
JsonWebKey jwk = CreateKey(keyType);
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
Assert.ThrowsAsync <NotSupportedException>(async() => await client.WrapKeyAsync(new KeyWrapAlgorithm("ignored"), TestData));
}
public void WrapKeyOperationNotSupported()
{
JsonWebKey jwk = new JsonWebKey(RSA.Create(), keyOps: Array.Empty <KeyOperation>());
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
Assert.ThrowsAsync <NotSupportedException>(async() => await client.WrapKeyAsync(new KeyWrapAlgorithm("ignored"), TestData));
}
public async Task UnwrapKeyRequiresPrivateKey()
{
JsonWebKey jwk = CreateKey(KeyType.Rsa, keyOps: new[] { KeyOperation.WrapKey, KeyOperation.UnwrapKey });
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
WrapResult wrapped = await client.WrapKeyAsync(KeyWrapAlgorithm.RsaOaep, TestData);
Assert.ThrowsAsync(new InstanceOfTypeConstraint(typeof(CryptographicException)), async() => await client.UnwrapKeyAsync(KeyWrapAlgorithm.RsaOaep, wrapped.EncryptedKey));
}
public async Task WrapKeyUnwrapKeyRoundtrip([EnumValues(Exclude = new[] { nameof(KeyWrapAlgorithm.RsaOaep256) })] KeyWrapAlgorithm algorithm)
{
JsonWebKey jwk = KeyUtilities.CreateKey(algorithm, includePrivateParameters: true);
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
WrapResult wrapped = await client.WrapKeyAsync(algorithm, TestKey);
UnwrapResult unwrapped = await client.UnwrapKeyAsync(algorithm, wrapped.EncryptedKey);
CollectionAssert.AreEqual(TestKey, unwrapped.Key);
}
