public IJwsTool JwsTool() { if (KeyType.StartsWith("ES")) { var tool = new ESJwsTool { HashSize = int.Parse(KeyType.Substring(2)) }; tool.Init(); tool.Import(KeyExport); return(tool); } if (KeyType.StartsWith("RS")) { var tool = new RSJwsTool { KeySize = int.Parse(KeyType.Substring(2)) }; tool.Init(); tool.Import(KeyExport); return(tool); } throw new Exception($"Unknown or unsupported KeyType [{KeyType}]"); }
public void SerDesEC() { var rng = RandomNumberGenerator.Create(); for (var i = 0; i < 1000; i++) { var original = new ESJwsTool(); // Default for ISigner original.Init(); var rawX = new byte[8034]; rng.GetBytes(rawX); var sigX = original.Sign(rawX); var exported = original.Export(); var copy = new ESJwsTool(); copy.Init(); copy.Import(exported); var verified = copy.Verify(rawX, sigX); Assert.AreEqual(true, verified); } }
void ValidateAccount(DbAccount acct, JwsSignedPayload signedPayload) { var ph = ExtractProtectedHeader(signedPayload); var jwk = JsonConvert.DeserializeObject <Dictionary <string, string> >(acct.Jwk); if (string.IsNullOrEmpty(ph.Alg)) { throw new Exception("invalid JWS header, missing 'alg'"); } if (string.IsNullOrEmpty(ph.Url)) { throw new Exception("invalid JWS header, missing 'url'"); } if (string.IsNullOrEmpty(ph.Nonce)) { throw new Exception("invalid JWS header, missing 'nonce'"); } IJwsTool tool = null; switch (ph.Alg) { case "RS256": tool = new RSJwsTool { HashSize = 256 }; ((RSJwsTool)tool).ImportJwk(acct.Jwk); break; case "RS384": tool = new RSJwsTool { HashSize = 384 }; ((RSJwsTool)tool).ImportJwk(acct.Jwk); break; case "RS512": tool = new RSJwsTool { HashSize = 512 }; ((RSJwsTool)tool).ImportJwk(acct.Jwk); break; case "ES256": tool = new ESJwsTool { HashSize = 256 }; break; case "ES384": tool = new ESJwsTool { HashSize = 384 }; break; case "ES512": tool = new ESJwsTool { HashSize = 512 }; break; default: throw new Exception("unknown or unsupported signature algorithm"); } var sig = CryptoHelper.Base64.UrlDecode(signedPayload.Signature); var pld = CryptoHelper.Base64.UrlDecode(signedPayload.Payload); var prt = CryptoHelper.Base64.UrlDecode(signedPayload.Protected); var sigInput = $"{signedPayload.Protected}.{signedPayload.Payload}"; var sigInputBytes = Encoding.ASCII.GetBytes(sigInput); if (!tool.Verify(sigInputBytes, sig)) { throw new Exception("account signature failure"); } }