public void BasicThumbprintTest()
{
var dataPath = Path.Combine(GetTestDirPath(), "aes-gcm-certcrypted");
var activeCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "1.out")).First();
var primaryCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "2.out")).First();
using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath),
CertEncryptedKeySet.Creator(GetThumbprint())))
using (var crypter = new Crypter(ks))
{
var activeDecrypted = crypter.Decrypt(activeCiphertext);
Expect(activeDecrypted, Is.EqualTo(CertEncryptedTest.Input));
var primaryDecrypted = crypter.Decrypt(primaryCiphertext);
Expect(primaryDecrypted, Is.EqualTo(CertEncryptedTest.Input));
}
}
public void BasicThumbprintTestSign()
{
var dataPath = Path.Combine(GetTestDirPath(), "rsa-sign-certcrypted");
var activeSig = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "1.out")).First();
var primarySig = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "2.out")).First();
using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath),
CertEncryptedKeySet.Creator(GetThumbprint())))
using (var verifier = new Verifier(ks))
{
var activeDecrypted = verifier.Verify(CertEncryptedTest.Input, activeSig);
Expect(activeDecrypted, Is.True);
var primaryDecrypted = verifier.Verify(CertEncryptedTest.Input, primarySig);
Expect(primaryDecrypted, Is.True);
}
}
public void JWTBasicVerifyTest(string testDta, bool certCrypted)
{
var keySetPath = Path.Combine(GetTestDirPath(), testDta);
var issueDate = DateTime.UtcNow;
var expireDate = issueDate.AddDays(1);
using (var pfxStream = File.OpenRead(PfxPath()))
{
var layers = new List <Func <IKeySet, ILayeredKeySet> >();
if (certCrypted)
{
layers.Add(CertEncryptedKeySet.Creator(pfxStream, () => PfxPass));
}
using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(keySetPath), layers.ToArray()))
{
var signingKey = new KeyzureSigningCredentials(ks);
var token = new JwtSecurityToken("http://test.issue", "http://test.audience",
new ClaimsIdentity().Claims, issueDate,
expireDate, signingKey);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
Console.WriteLine(jwt);
var param = new TokenValidationParameters
{
IssuerSigningKey = new KeySetKey(ks),
ValidAudience = "http://test.audience",
ValidIssuer = "http://test.issue",
};
var result = handler.ValidateToken(jwt, param, out var token2);
Expect(result, Is.Not.Null);
}
}
}
