public async Task SignDataShouldThrowForUnsupportedHashAlgorithm()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration);

            using (var ecdsa = materialized.ToECDsa())
            {
                var exception = Assert.Throws <NotSupportedException>(() =>
                                                                      ecdsa.SignData(Array.Empty <byte>(), new HashAlgorithmName("unsupported")));

                Assert.Equal("The specified algorithm is not supported.", exception.Message);
            }
        }
Beispiel #2
0
        public async Task SignDataShouldThrowForUnsupportedHashAlgorithm()
        {
            using (var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration))
            {
                using (var rsa = materialized.ToRSA())
                {
                    var exception = Assert.Throws <NotSupportedException>(() =>
                                                                          rsa.SignData(Array.Empty <byte>(), new HashAlgorithmName("unsupported"), RSASignaturePadding.Pkcs1));

                    Assert.Equal("The specified algorithm is not supported.", exception.Message);
                }
            }
        }
        public async Task SignDataShouldThrowForDigestAndKeySizeMismatch()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);

            using (var ecdsa = materialized.ToECDsa())
            {
                Assert.Equal(256, ecdsa.KeySize);

                var data = new byte[] { 1, 2, 3 };
                var ex   = Assert.Throws <NotSupportedException>(() => ecdsa.SignData(data, HashAlgorithmName.SHA384));
                Assert.Equal("The key size '256' is not valid for digest algorithm 'SHA384'.", ex.Message);
            }
        }
        public async Task ShouldHashDataAndVerifyWithKey()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);

            using (var ecdsa = materialized.ToECDsa())
            {
                var data = new byte[] { 1, 2, 3 };

                var signature = ecdsa.SignData(data, HashAlgorithmName.SHA256);
                var result    = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
                Assert.True(result);
            }
        }
        public async Task ShouldHashDataAndVerifyWithCertificate()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration);

            using (var rsa = materialized.ToRSA())
            {
                var data = new byte[] { 1, 2, 3 };

                var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                var result    = rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                Assert.True(result);
            }
        }
        public async Task ShouldRoundTripASignatureWithCertificateViaMsi()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateWithMSIConfiguration);

            using (var ecdsa = materialized.ToECDsa())
                using (var sha256 = SHA256.Create())
                {
                    var data      = new byte[] { 1, 2, 3 };
                    var digest    = sha256.ComputeHash(data);
                    var signature = ecdsa.SignHash(digest);
                    var result    = ecdsa.VerifyHash(digest, signature);
                    Assert.True(result);
                }
        }
        public async Task ShouldRoundTripASignatureWithCertificateViaMsi()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateWithMSIConfiguration);

            using (var rsa = materialized.ToRSA())
                using (var sha256 = SHA256.Create())
                {
                    var data      = new byte[] { 1, 2, 3 };
                    var digest    = sha256.ComputeHash(data);
                    var signature = rsa.SignHash(digest, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                    var result    = rsa.VerifyHash(digest, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                    Assert.True(result);
                }
        }
        public async Task ShouldRoundTripEncryptAndDecryptWithKey()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);

            using (var rsa = materialized.ToRSA())
            {
                var data         = Encoding.UTF8.GetBytes("Clear text");
                var cipherText   = rsa.Encrypt(data, RSAEncryptionPadding.Pkcs1);
                var returnedData = rsa.Decrypt(cipherText, RSAEncryptionPadding.Pkcs1);
                var text         = Encoding.UTF8.GetString(returnedData);

                Assert.Equal("Clear text", text);
            }
        }
        public async Task ShouldFailToVerifyBadSignatureWithCertificate()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration);

            using (var ecdsa = materialized.ToECDsa())
                using (var sha256 = SHA256.Create())
                {
                    var data      = new byte[] { 1, 2, 3 };
                    var digest    = sha256.ComputeHash(data);
                    var signature = ecdsa.SignHash(digest);
                    signature[0] = (byte)~signature[0]; //Flip some bits.
                    var result = ecdsa.VerifyHash(digest, signature);
                    Assert.False(result);
                }
        }
        public async Task SignHashShouldThrowForDigestAndKeySizeMismatch()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);

            using (var ecdsa = materialized.ToECDsa())
                using (var sha384 = SHA384.Create())
                {
                    Assert.Equal(256, ecdsa.KeySize);

                    var data   = new byte[] { 1, 2, 3 };
                    var digest = sha384.ComputeHash(data);
                    var ex     = Assert.Throws <NotSupportedException>(() => ecdsa.SignHash(digest));
                    Assert.Equal("The key size '256' is not valid for digest of size '48' bytes.", ex.Message);
                }
        }
        public async Task ShouldFailToVerifyBadSignatureWithKey()
        {
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);

            using (var rsa = materialized.ToRSA())
                using (var sha256 = SHA256.Create())
                {
                    var data      = new byte[] { 1, 2, 3 };
                    var digest    = sha256.ComputeHash(data);
                    var signature = rsa.SignHash(digest, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                    signature[0] = (byte)~signature[0]; //Flip some bits.
                    var result = rsa.VerifyHash(digest, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                    Assert.False(result);
                }
        }
        public async Task ShouldHashDataAndVerifyWorkWithCustomCryptographyClientOptions()
        {
            var cryptographyClientOptions = new CryptographyClientOptions
            {
                Transport = new HttpClientTransport()
            };
            var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration, cryptographyClientOptions);

            using (var rsa = materialized.ToRSA())
            {
                var data = new byte[] { 1, 2, 3 };

                var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                var result    = rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
                Assert.True(result);
            }
        }