Ejemplo n.º 1
0
        private static JwsDescriptorWrapper CreateDescriptor(SignatureAlgorithm algorithm)
        {
            var jwk = algorithm.Category switch
            {
                Cryptography.AlgorithmCategory.None => Jwk.None,
                Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm),
                Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
                Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
                Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
                Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
                _ => throw new InvalidOperationException()
            };

            var descriptor = new JwsDescriptor(jwk, algorithm)
            {
                Payload = new JwtPayload
                {
                    { JwtClaimNames.Iat, EpochTime.UtcNow },
                    { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
                    { JwtClaimNames.Iss, "https://idp.example.com/" },
                    { JwtClaimNames.Aud, "636C69656E745F6964" }
                }
            };

            return(new JwsDescriptorWrapper(descriptor));
        }
    }
Ejemplo n.º 2
0
        public void Equal()
        {
            var key = RsaJwk.GeneratePrivateKey(4096);

            Assert.True(key.Equals(key));
            Assert.Equal(key, key);
            var publicKey = key.AsPublicKey();

            Assert.NotEqual(key, publicKey);
            var copiedKey = Jwk.FromJson(key.ToString());

            Assert.Equal(key, copiedKey);

            // 'kid' is not a discriminant, excepted if the value is different.
            copiedKey.Kid = default;
            Assert.Equal(key, copiedKey);
            Assert.Equal(copiedKey, key);
            key.Kid = default;
            Assert.Equal(key, copiedKey);
            key.Kid       = JsonEncodedText.Encode("X");
            copiedKey.Kid = JsonEncodedText.Encode("Y");
            Assert.NotEqual(key, copiedKey);

            Assert.NotEqual(key, Jwk.None);
        }
Ejemplo n.º 3
0
        private static void GenerateKeys()
        {
            // The GenerateKey method creates a new crypto-random asymmetric key for elliptic curve algorithms
            var ecKey = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES512);

            Console.WriteLine("Asymmetric generated JWK for elliptic curve P-521, for ES512 signature algorithm:");
            Console.WriteLine(ecKey);
            Console.WriteLine();

            // The GenerateKey method creates a new crypto-random asymmetric key for RSA algorithms
            // You may specify a bigger key size. The default is the minimum size (2048 bits for RSA)
            var rsaKey = RsaJwk.GeneratePrivateKey(SignatureAlgorithm.PS384);

            Console.WriteLine("Asymmetric generated JWK of 2048 bits for RSA, for PS384 signature algorithm:");
            Console.WriteLine(rsaKey);
            Console.WriteLine();

            // The GenerateKey method creates a new crypto-random symmetric key for symmetric algorithms
            var symmetricKey = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256);

            Console.WriteLine("Symmetric generated JWK of 128 bits, for HS256 signature algorithm:");
            Console.WriteLine(symmetricKey);
            Console.WriteLine();

            // The GenerateKey method creates a new crypto-random aymmetric key for RSA algorithms
            var symmetricKey2 = SymmetricJwk.GenerateKey(256, computeThumbprint: false);

            Console.WriteLine("Symmetric generated JWK of 256 bits, without specified signature algorithm, without key identifier (the thumbprint):");
            Console.WriteLine(symmetricKey2);
            Console.WriteLine();
        }
Ejemplo n.º 4
0
        private Jwk TryWrapKey_Success(SymmetricJwk keyToWrap, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
        {
            var keyEncryptionKey = RsaJwk.GeneratePrivateKey(alg.RequiredKeySizeInBits);
            var wrapper          = new RsaKeyWrapper(keyEncryptionKey, enc, alg);
            var cek = WrapKey(wrapper, keyToWrap, out var header);

            Assert.Equal(0, header.Count);
            return(cek);
        }
Ejemplo n.º 5
0
        public void WrapKey_Failure()
        {
            var keyEncryptionKey = RsaJwk.GeneratePrivateKey(2048);
            var wrapper          = new RsaKeyWrapper(keyEncryptionKey, EncryptionAlgorithm.A256CbcHS512, KeyManagementAlgorithm.RsaOaep);
            var destination      = new byte[0];
            var header           = new JwtHeader();

            Assert.Throws <CryptographicException>(() => wrapper.WrapKey(null, header, destination));
            wrapper.Dispose();
            Assert.Throws <ObjectDisposedException>(() => wrapper.WrapKey(null, header, destination));

            Assert.Equal(0, header.Count);
        }
Ejemplo n.º 6
0
        public override void Canonicalize()
        {
            var jwk = RsaJwk.GeneratePrivateKey(2048, SignatureAlgorithm.RS256);
            var canonicalizedKey = (RsaJwk)CanonicalizeKey(jwk);

            Assert.False(canonicalizedKey.E.IsEmpty);
            Assert.False(canonicalizedKey.N.IsEmpty);

            Assert.True(canonicalizedKey.DP.IsEmpty);
            Assert.True(canonicalizedKey.DQ.IsEmpty);
            Assert.True(canonicalizedKey.D.IsEmpty);
            Assert.True(canonicalizedKey.P.IsEmpty);
            Assert.True(canonicalizedKey.Q.IsEmpty);
            Assert.True(canonicalizedKey.QI.IsEmpty);
        }
Ejemplo n.º 7
0
        public void Setup()
        {
            var key    = SymmetricJwk.GenerateKey(256);
            var rsaKey = RsaJwk.GeneratePrivateKey(2048);
            var ecKey  = ECJwk.GeneratePrivateKey(EllipticalCurve.P256);

            for (int i = 0; i < Count; i++)
            {
                key.TryGetSigner(SignatureAlgorithm.HS256, out var signer);
                id = i;
                _dictionary.Add(id, signer);
                _concurrentDictionary.TryAdd(id, signer);
                _cryptoStore.TryAdd(id, signer);
                _cryptoStore2.TryAdd(id, signer);
            }
        }
Ejemplo n.º 8
0
        private static JweWrapper CreateDescriptor(KeyManagementAlgorithm algorithm, EncryptionAlgorithm encryptionAlgorithm)
        {
            var jwk = algorithm.Category switch
            {
                Cryptography.AlgorithmCategory.None => Jwk.None,
                Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256, algorithm),
                Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
                Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
                Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
                Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
                Cryptography.AlgorithmCategory.Direct => SymmetricJwk.GenerateKey(encryptionAlgorithm),
                Cryptography.AlgorithmCategory.Direct | Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256),
                _ => throw new InvalidOperationException(algorithm.Category.ToString())
            };

            var descriptor = new JweDescriptor(jwk, algorithm, encryptionAlgorithm)
            {
                Payload = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None)
                {
                    Payload = new JwtPayload
                    {
                        { JwtClaimNames.Iat, EpochTime.UtcNow },
                        { JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
                        { JwtClaimNames.Iss, "https://idp.example.com/" },
                        { JwtClaimNames.Aud, "636C69656E745F6964" }
                    }
                }
            };
            var policy = new TokenValidationPolicyBuilder()
                         .AcceptUnsecureToken("https://idp.example.com/")
                         .WithDecryptionKey(jwk)
                         .Build();

            var writer = new JwtWriter();

            return(new JweWrapper(writer.WriteToken(descriptor), algorithm, encryptionAlgorithm, policy));
        }
    }