public void TrimLeadingZeroes()
{
Assert.Equal(new byte[] { 1 }, Pkcs8.TrimLeadingZeroes(new byte[] { 0, 1 }, alignTo8Bytes: false));
Assert.Equal(new byte[] { 0, 0, 0, 0, 0, 0, 0, 1 }, Pkcs8.TrimLeadingZeroes(new byte[] { 0, 1 }, alignTo8Bytes: true));
Assert.Equal(new byte[] { 1 }, Pkcs8.TrimLeadingZeroes(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }, alignTo8Bytes: false));
Assert.Equal(new byte[] { 0, 0, 0, 0, 0, 0, 0, 1 }, Pkcs8.TrimLeadingZeroes(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }, alignTo8Bytes: true));
}
public void Encode_pkcs8_key()
{
var privateKey = Pkcs8.ParsePem(key);
// What changes in our output?
Assert.Equal(@"-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0L4rYpkT1hNmDLTgA7t42/PVEJqmc/GqOjRaAI2ImA3YP+lA
VE7HEMBm+qyL5ZTLXE+gXUuKzClML5EkBWzteIIuxYmQY+HiSr3jm1Z7fUT8ak9b
cQYnhDxbYCWpYdBqcgqORlJmnYKnvvPWRflUARRNoTKGYQZ8vxQ22tv6gyJNRppL
HV4wuu2SNBGEQhiO9Xl4zqUF/8DibLaLDEEUkx4zyoWSr2U7Y5LDEVpvEpUKMjkW
Sl7Fejhis7ToniL53CqF95a5ErqWsSfr9MmECSBdrkxQ22wgy/Om4FCe08mSfV9Q
L65xxjVqfkM0AQ20wjKWQrmPNQEXbgR3mnKkdwIDAQABAoIBACuwsfn4GjvDYael
MAH3+irnVSAdjltUKJH4JSJafU1+EFYIJwu+VVH/Q06SUNGjnBDdJa6BQjLLLgQC
t+xeyTFg5hM4YL1XKPsF1Z7MshodF0vVAkmcxSabT3DHUTWE3tKxvOehFZNAJoYE
GUQaFGgJbNohbhjet7tyqqySQFOzuDD6H0Is8DXDJog6kVdK51Oh4JiEUOuITDId
W558OCN+XrDl4ztTtj4sMsitIx7lc3gTXg9MBFzSyD+Aqg7ENAysgTyl2VuG5hZ5
bquLPlb4DzHM1JYuz4dGzOxtaEdCxZ2ZPLUjvXGeJS3GaWOZh4O5R80hOqDwMa5D
2KGvuiECgYEA+iOymlHJpEI/rzkNfLGQgNvLV6o1tnBgeE4ahtrmHhyvJIYY4fz4
9O0xa/F46c9YDa9TTQSYUfULP3TvTVgl0urNH7Fc/4JvDd+sO5HAXvlKON1CLd1O
sb2VRuHiWFntgeftLGXl8zH8xocLoFZIpzidAqFaRhUwcj659ezvU/ECgYEA1aIu
QDu47y958S0Mn18ul4ZB75p60VOYVXh64DtvtE7IwBzUYRhqykzA6gqzLyasV21w
MDSCsT3cxgl42puEM2l4KfPmyVhzXlDUX21lMVaPzM36eKMDeqAjlTdnE658/3aB
Ybk9S4w49iiufoWOqrZXh/odNF4wotMa0xgqRucCgYA8tKcmvoyiOZW9D6qPRYSd
UTpDN0K72QAAkmvrqHpKeomi4oxtY/iDcIEbAkpm6/QhthgQS/ovgbnOF7Hv4mGj
k2pes6uvMteC1XK2LkQyiGuT61ahTOFJT4pH3pARAxoZ+dBcgwpQgCQphiKzMd2F
/75TIheHhKLyRvjYjzzx8QKBgQDUKqiidG27ZjxGEMaLdR0xsU3Ep3g4cjxFDk2C
aqUKvn/ThA5Mi9JrLYUeKxg/yLm6bl7QESaG3nhnWbrj6TWHVcTYbXmUF7skPURd
railMmHINfz+WG85Ftef9xDw1AciM1BVfIHqiM19c3OxBfVlh4gw7G6atry4yM3I
PiSmmwKBgCO5LqBgXbyB53t2N7bnECc3J2CN26aW4cp9XZpvI7Gmlq7Qbxagm9ct
TI2qC+JTYvm63Xem6VebuOOxgUHxvKNy9Zbl05LET5sIeTW4V1pf4nolnOlkC+rK
/EPr0mAygKPec3YVib1rPv7+zX1qBZStQ3Ab6viBS7nAXYtP/YVx
-----END RSA PRIVATE KEY-----".Replace("\r\n", "\n"), privateKey.ToPemString());
}
public void Decode_pkcs8_key2()
{
var key = Pkcs8.ParsePem(key2).Key;
Assert.Equal("ABB045529906A77F8B426950631D9EAB30D5FB1786F24C7FB10155D7C4B9261CC678824D03BDB049EBA410FA23B6A5325F627409C88F061EDEA9C950DB3A40B3", ToHex(key.Modulus));
Assert.Equal("010001", ToHex(key.Exponent));
}
static string CreateAccessToken(string privateKey,
string iapClientId, string email)
{
var now = DateTime.UtcNow;
var currentTime = ToUnixEpochDate(now);
var expTime = ToUnixEpochDate(now.AddMinutes(10));
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Aud, OAUTH_TOKEN_URI),
new Claim(JwtRegisteredClaimNames.Sub, email),
new Claim(JwtRegisteredClaimNames.Iat, currentTime.ToString()),
new Claim(JwtRegisteredClaimNames.Exp, expTime.ToString()),
new Claim(JwtRegisteredClaimNames.Iss, email),
// We need to add this
new Claim("target_audience", iapClientId)
};
// Both the PHP and Java samples use RS256 for signing.
// https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-8
// Samples:
// https://github.com/GoogleCloudPlatform/java-docs-samples/blob/master/iap/src/main/java/com/example/iap/BuildIapRequest.java
// https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/iap/src/make_iap_request.php
SecurityKey key = new RsaSecurityKey(
Pkcs8.DecodeRsaParameters(privateKey));
var creds = new SigningCredentials(key,
SecurityAlgorithms.RsaSha256);
var token = new JwtSecurityToken(
claims: claims,
signingCredentials: creds);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public void Pkcs8Decoder()
{
RSAParameters ps = Pkcs8.DecodeRsaParameters(testPrivateKey);
Assert.Equal("D0BE2B629913D613660CB4E003BB78DBF3D5109AA673F1AA3A345A008D88980DD83FE940544EC710C066FAAC8BE594CB5C4FA05D4B8ACC294C2F9124056CED78822EC5899063E1E24ABDE39B567B7D44FC6A4F5B710627843C5B6025A961D06A720A8E4652669D82A7BEF3D645F95401144DA1328661067CBF1436DADBFA83224D469A4B1D5E30BAED9234118442188EF57978CEA505FFC0E26CB68B0C4114931E33CA8592AF653B6392C3115A6F12950A3239164A5EC57A3862B3B4E89E22F9DC2A85F796B912BA96B127EBF4C98409205DAE4C50DB6C20CBF3A6E0509ED3C9927D5F502FAE71C6356A7E4334010DB4C2329642B98F3501176E04779A72A477", ToHex(ps.Modulus));
Assert.Equal("010001", ToHex(ps.Exponent));
Assert.Equal("2BB0B1F9F81A3BC361A7A53001F7FA2AE755201D8E5B542891F825225A7D4D7E105608270BBE5551FF434E9250D1A39C10DD25AE814232CB2E0402B7EC5EC93160E6133860BD5728FB05D59ECCB21A1D174BD502499CC5269B4F70C7513584DED2B1BCE7A115934026860419441A1468096CDA216E18DEB7BB72AAAC924053B3B830FA1F422CF035C326883A91574AE753A1E0988450EB884C321D5B9E7C38237E5EB0E5E33B53B63E2C32C8AD231EE57378135E0F4C045CD2C83F80AA0EC4340CAC813CA5D95B86E616796EAB8B3E56F80F31CCD4962ECF8746CCEC6D684742C59D993CB523BD719E252DC66963998783B947CD213AA0F031AE43D8A1AFBA21", ToHex(ps.D));
Assert.Equal("FA23B29A51C9A4423FAF390D7CB19080DBCB57AA35B67060784E1A86DAE61E1CAF248618E1FCF8F4ED316BF178E9CF580DAF534D049851F50B3F74EF4D5825D2EACD1FB15CFF826F0DDFAC3B91C05EF94A38DD422DDD4EB1BD9546E1E25859ED81E7ED2C65E5F331FCC6870BA05648A7389D02A15A461530723EB9F5ECEF53F1", ToHex(ps.P));
Assert.Equal("D5A22E403BB8EF2F79F12D0C9F5F2E978641EF9A7AD1539855787AE03B6FB44EC8C01CD461186ACA4CC0EA0AB32F26AC576D70303482B13DDCC60978DA9B8433697829F3E6C958735E50D45F6D6531568FCCCDFA78A3037AA02395376713AE7CFF768161B93D4B8C38F628AE7E858EAAB65787FA1D345E30A2D31AD3182A46E7", ToHex(ps.Q));
Assert.Equal("3CB4A726BE8CA23995BD0FAA8F45849D513A433742BBD90000926BEBA87A4A7A89A2E28C6D63F88370811B024A66EBF421B618104BFA2F81B9CE17B1EFE261A3936A5EB3ABAF32D782D572B62E4432886B93EB56A14CE1494F8A47DE9011031A19F9D05C830A508024298622B331DD85FFBE5322178784A2F246F8D88F3CF1F1", ToHex(ps.DP));
Assert.Equal("D42AA8A2746DBB663C4610C68B751D31B14DC4A77838723C450E4D826AA50ABE7FD3840E4C8BD26B2D851E2B183FC8B9BA6E5ED0112686DE786759BAE3E9358755C4D86D799417BB243D445DADA8A53261C835FCFE586F3916D79FF710F0D407223350557C81EA88CD7D7373B105F565878830EC6E9AB6BCB8C8CDC83E24A69B", ToHex(ps.DQ));
Assert.Equal("23B92EA0605DBC81E77B7637B6E710273727608DDBA696E1CA7D5D9A6F23B1A696AED06F16A09BD72D4C8DAA0BE25362F9BADD77A6E9579BB8E3B18141F1BCA372F596E5D392C44F9B087935B8575A5FE27A259CE9640BEACAFC43EBD2603280A3DE73761589BD6B3EFEFECD7D6A0594AD43701BEAF8814BB9C05D8B4FFD8571", ToHex(ps.InverseQ));
}
public void RsaFuzzTest()
{
// Create many RSA keys, encode them in PKCS8, verify the Pkcs8 class can decode them correctly.
// This test does take a few (possibly 10s of) seconds, longer than most unit tests.
for (int i = 0; i < 1000; i++)
{
// This SecureRandom constructor is deprecated,
// but is the easiest way to create a deterministic SecureRandom.
#pragma warning disable CS0618
var rnd = new Org.BouncyCastle.Security.SecureRandom(new byte[] { (byte)(i & 0xff), (byte)((i >> 8) & 0xff) });
#pragma warning restore CS0618
var rsa = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator();
// 384 is the shortest valid key length. Use this for speed.
rsa.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(rnd, 384));
var keys = rsa.GenerateKeyPair();
var pkcs8Generator = new Org.BouncyCastle.OpenSsl.Pkcs8Generator(keys.Private);
var pem = pkcs8Generator.Generate();
var ms = new System.IO.MemoryStream();
var stWriter = new System.IO.StreamWriter(ms);
var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(stWriter);
pemWriter.WriteObject(pem);
stWriter.Close();
var pkcs8 = System.Text.Encoding.ASCII.GetString(ms.ToArray());
var rsaParameters = Pkcs8.DecodeRsaParameters(pkcs8);
var key = RSA.Create();
try
{
// Test that the parameters can be imported.
// Throws CryptographicException if the rsaParameters is invalid
key.ImportParameters(rsaParameters);
}
catch (CryptographicException e)
{
// Fails in iteration 8 without the Pkcs8 fix in PR#937
Assert.True(false, $"Failed in iteration {i}: {e}");
}
// Check that all the parameters exported are equal to the originally created parameters
var exportedParams = key.ExportParameters(true);
var privateKey = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)keys.Private;
Assert.Equal(privateKey.P.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.P, false));
Assert.Equal(privateKey.Q.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.Q, false));
Assert.Equal(privateKey.DP.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.DP, false));
Assert.Equal(privateKey.DQ.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.DQ, false));
var publicKey = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)keys.Public;
Assert.Equal(publicKey.Exponent.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.Exponent, false));
Assert.Equal(publicKey.Modulus.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.Modulus, false));
}
}
// [Fact]
public void Should_install_a_x509_certificate_and_update_bindings()
{
// Arrange
var x509 = new X509Certificate2(Encoding.ASCII.GetBytes(TestCertificate), (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);
var sut = new IISServerConfigurationProvider();
var privateKey = Pkcs8.ParsePem(TestPrivateKey).Key;
var csp = new CspParameters {
KeyContainerName = x509.GetCertHashString(),
Flags = CspProviderFlags.UseMachineKeyStore
};
var rsa2 = new RSACryptoServiceProvider(csp);
rsa2.ImportParameters(privateKey);
x509.PrivateKey = rsa2;
// Act
sut.ConfigureServer("test.startliste.info", x509.GetCertHash(), "my", null, null);
}
public async Task ValidLocallySignedAccessToken_FromX509Certificate()
{
#if NETCOREAPP1_0 || NETCOREAPP1_1 || NETCOREAPP2_0
const string sPfx = @"
MIIGMQIBAzCCBfcGCSqGSIb3DQEHAaCCBegEggXkMIIF4DCCAt8GCSqGSIb3DQEHBqCCAtAwggLM
AgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQImgNbotR3pnACAggAgIICmMHYqn7R
91hqe5gpwTGxNHaDmrvaLWfBq17xyVIdboPxzSAX4MoNasJplZgCzlN4vMwsY9CG3aY/AV5b4qF3
GRlkR5Ou3xJ84WJUkKkjVcql7hXZ8Zl8hyMKfQgW7SYpmJK/I4qYPqz5wg2ivZ4YbH4KA+VL9eaX
XR5KKdePWt+P9T3oFD1GYAjdPRTL/phSflvv01v2vkmx6In5hS10w2LjxyOJQtiHocOyEe7XAtor
bjsPi9jzMQmW5OESh9c+LDgEHCQQrccc0kG9j+GYJ65b7qORGq9OzBarVgiK+QGrC6aZhGgXZjMD
2K/efd4igVN/QqbpMHB+BDkZKQDRiEc4ezDqZ1VRP8T6VrYP/C+vhvPjZLgIacsxzxZ3f497OkOQ
pnrdpvBC6vPUxzsBpSTMcYlUGObWu+PNuwbOsQabps55c/jb67g/POKmkAqnJMFPXY45tT0/FrHX
hVK3rsSXQBwxy9/qzzPN+nBF7VlgvSoVzrF384t5Slf2ehwYTw3sgJoUudZ4c12kyE+uLdrOVl3Q
BHKDLfy1hRgxMQS/c3uNKkSgXAH3lk9SqMZ9dBzUoY2hZ45YogsP0dQDvzs3AQEdhGW0ZoGEQjC/
QcTTvp7lg/M9gRoBUp/DegGjf2p0N1OlPhj4m63Q2XEm65AvOkA5xxs5RTZKgcU28BJjkgEUpVNt
1rnp0sBsMABmtZ4FXP1YNcKCBdNkIYw67DOO5MRfAGqaDqosT3CL9EOGna61KLQEmtOS33NAx49y
ZtCeh/N91jnC+AMjjhhqwzRtrXJ6g/MLxEmmIFvNYcEipeYHfPynhuVywVVH/tj0SqmnDP4cQd4t
HvFQL5frBq963Wl0ToPVAC+koMvsplAr0dvJLVfNceIwggL5BgkqhkiG9w0BBwGgggLqBIIC5jCC
AuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMwDgQINLkrmjjeasQCAggA
BIICgIc2PtM3mraGPkm8MqvJOEj64fTocAnAHzGVJ8BhwBXkQI++2d9eAGlSB7pO0JioT7uMBwCL
i3zVQ6bvDw2tbgVD3Pmc/qY0TpIySptODk6X1Y9fI1Bwrvgi+6cx7PIdFUrypnL/djNTtVIkIfFk
TO48YTlT6Gsn+z2Pe6asI0PSDoLgmw2yPauN7Xz1KkAg0KHDT+vMlSLaAYWF8k3+/jFNgPVUpaMM
t/DzuJti0R5+eVnpAPkMTJhncumvMdBYzg2Wx0URHzU4+24hSXE8/xMBN3pVsj11T7Eu5jPazIKR
qB5a5dn/ICVx/JHzz5dFonHilIvyiMfNE7VKTTerisEhCSdUgqq+sIhlPAlLTBCoyUgcGiCi7dKW
GAT47PJ4rvJsGHSUcaNORF71W1GqQQ5iTsJK5rPmGpMUmGwjsemmWmgp00BeMtmqO19B1yRrjDZO
atDYISR3UkmeI0A9VlXAspZ2ngmbuWvW0M8nrzwvDLIfgJ8rsFwexIVecFO58j2YSKBmVEykUvSd
x+PH3gr8IWAd/Ct0VNLF1Jk2ktOXx1pnM9GWUl8rbvTvM5lNevArHpWp+7vY6JlkM+trdaSE66Lr
cvvI+faKAnj4QtkmkbKPF0qLFsDssFv7AI0l7/65PhRZwJ12WpZEOKsqkUyAUbQI16Cva6cuY38y
XZ++x67rU4ldumq0YKOJPdPbAtptwMdCn7lepDaxT8mwv4SIZSd37hAP8UNvmRdRWL4dYx3m8Y+l
4hnClZt+GbKmMgXu/o4ua37kOlCV1T0VqmuRzpOwnct8HBvtVS6TuScExeiEkNBA4KwSIY04ZSm+
Sell3vQywF3jry7v/FMgPhoxJTAjBgkqhkiG9w0BCRUxFgQU+7ZMLd/K3gq6I9wxj3LcCb2tf5Uw
MTAhMAkGBSsOAwIaBQAEFOM/amdwLHU0WBmyCw96Za0+5Z+PBAgvp7LF+Qwu+AICCAA=";
var x509Cert = new X509Certificate2(Convert.FromBase64String(sPfx));
#elif NET452 || NET46
const string sPrivateKey = @"
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALQoMIfUT93VMvb5
4U5dsJLXD1D6z4o/VuVlNUaf5xH01qAv8Egpxe6f5frLB/p1eNyDjNIZ3QitD6aN
9Vfh4ifg6txBuBJtIMfSDvRJITNZ2SjKJREbflZuBk0HINKYQk2H+3TIzUbE/pN4
Cu6Mids5L/oVOnRWIe3bEC+PHR7ZAgMBAAECgYBI1qrwb+2ukeFeK59lcMnQRLVD
l3RLv9ohOy80E7h38RbJgzhR5NnK5ck1AduC7vXjqihIVf6g4F+ghmq4knI94KPQ
2fOyQGVV6jVeRVqMusx7tP9V1H26yABiK6TPklcCsWwADFmexfOxfIgbBGSmlbAd
N2/ad1Xog1xDebrbEQJBAO+2qSIDX1ahfxUyvvcMaix6Mrh/OYKb5aH1Y/7MfAav
lpbQavQHNvak2147aPNxy0ZvWdJ2HVA7hUMkgysYWSUCQQDAZalkZMSrve+Onh55
U+w5xjLklhh8PhYxx8plT8ae9VG75dGvWSz/W81B3ILg2lrNU6o08NKBJdZsJYmc
BeKlAkBtJh3zF9gEaTqlW1rqwKNjpyyLJ5r3JqczzLmAXnmmzbLi7vmULejP+5bL
XH/YQZtOcgtTMmb8jm2Kegijyc1lAkANGt+e5v4+dIGMxVhuCzlb9hQhXdftHo2E
dodivzxYN32Jvu25c+mMu0QP6GVBy53Dvp8pW/36rgkc9LGa3wvBAkEA7dGAl95T
UeNFVfuzkYNtQppcSgrx1oTcpTHoNgcvk8AgBf4yDdJJyo0IUONmgJCVffc1aTWn
nf/8cW9YC+0icQ==
-----END PRIVATE KEY-----";
const string sCert = @"
MIICNDCCAZ2gAwIBAgIJAKl3qU1+NsuuMA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNV
BAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZHb29nbGUwHhcN
MTYwODEwMTQwOTQ2WhcNNDMxMjI3MTQwOTQ2WjAzMQswCQYDVQQGEwJHQjETMBEG
A1UECAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGR29vZ2xlMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC0KDCH1E/d1TL2+eFOXbCS1w9Q+s+KP1blZTVGn+cR9Nag
L/BIKcXun+X6ywf6dXjcg4zSGd0IrQ+mjfVX4eIn4OrcQbgSbSDH0g70SSEzWdko
yiURG35WbgZNByDSmEJNh/t0yM1GxP6TeArujInbOS/6FTp0ViHt2xAvjx0e2QID
AQABo1AwTjAdBgNVHQ4EFgQUMqzJi099PA8ML5CV1OSiHgiTGoUwHwYDVR0jBBgw
FoAUMqzJi099PA8ML5CV1OSiHgiTGoUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOBgQBQ9cMInb2rEcg8TTYq8MjDEegHWLUI9Dq/IvP/FHyKDczza4eX8m+G
3buutN74pX2/GHRgqvqEvvUUuAQUnZ36k6KjTNxfzNLiSXDPNeYmy6PWsUZy4Rye
/Van/ePiXdipTKMiUyl7V6dTjkE5p/e372wNVXUpcxOMmYdWmzSMvg==";
var x509Cert = new X509Certificate2(Convert.FromBase64String(sCert));
RSAParameters rsaParameters = Pkcs8.DecodeRsaParameters(sPrivateKey);
var privateKey = new System.Security.Cryptography.RSACryptoServiceProvider();
privateKey.ImportParameters(rsaParameters);
x509Cert.PrivateKey = privateKey;
#else
#error Unsupported target
#endif
Assert.True(x509Cert.HasPrivateKey);
var initializer = new ServiceAccountCredential.Initializer("some-id")
{
Clock = new MockClock {
UtcNow = new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc)
}
};
var cred = new ServiceAccountCredential(initializer.FromCertificate(x509Cert));
Assert.False(cred.Scopes?.Any()); // HasScopes must be false for the type of access token we want to test.
string accessToken = await cred.GetAccessTokenForRequestAsync("http://authurl/");
string expectedToken =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzb21lLWlkIiwic3ViIjoi" +
"c29tZS1pZCIsImF1ZCI6Imh0dHA6Ly9hdXRodXJsLyIsImV4cCI6MTQ1MTYxMDAwMCwia" +
"WF0IjoxNDUxNjA2NDAwfQ.GfpDHgrFi4ZlGC5LuJEarLU4_eTrT5PVa-S40YtkdB2E1f3" +
"4naYG2ItcfBEFg7Gbdkr1cIAyipuhEd2yLfPmWGwhOwVcBRNyK_J5w8RodS44mxNJwau0" +
"jKy4x1K20ybLqcnNgzE0wag6fi5GHwdNIB0URdHDTiC88CRYdl1CIdk";
Assert.Equal(expectedToken, accessToken);
}
