public void Encode_and_Decode_With_Certificate() { using var rsa = RSA.Create(); rsa.FromXmlString(TestData.ServerRsaPrivateKey); using var certPub = new X509Certificate2(Encoding.ASCII.GetBytes(TestData.ServerRsaPublicKey2)); using var certPubPriv = new X509Certificate2(certPub.CopyWithPrivateKey(rsa).Export(X509ContentType.Pfx)); var builder = new JwtBuilder(); var algorithm = new RS256Algorithm(certPubPriv); const string iss = "test"; var exp = new DateTimeOffset(2038, 1, 19, 3, 14, 8, 0, TimeSpan.Zero).ToUnixTimeSeconds(); var token = builder.WithAlgorithm(algorithm) .AddHeader(HeaderName.KeyId, certPub.Thumbprint) .AddHeader(HeaderName.X5c, new[] { Convert.ToBase64String(certPub.Export(X509ContentType.Cert)) }) .AddClaim("iss", iss) .AddClaim("exp", exp) .AddClaim(nameof(Customer.FirstName), TestData.Customer.FirstName) .AddClaim(nameof(Customer.Age), TestData.Customer.Age) .Encode(); token.Should() .NotBeNullOrEmpty("because the token should contains some data"); token.Split('.') .Should() .HaveCount(3, "because the token should consist of three parts"); var header = builder.DecodeHeader <JwtHeader>(token); header.Type .Should() .Be("JWT"); header.Algorithm .Should() .Be("RS256"); header.KeyId .Should() .Be(TestData.ServerRsaPublicThumbprint1); var jwt = builder.WithAlgorithm(algorithm) .MustVerifySignature() .Decode <Dictionary <string, object> >(token); jwt["iss"].Should().Be(iss); jwt["exp"].Should().Be(exp); jwt[nameof(Customer.FirstName)].Should().Be(TestData.Customer.FirstName); jwt[nameof(Customer.Age)].Should().Be(TestData.Customer.Age); }
public void DecodeHeader_To_JwtHeader_Should_Return_Header() { var builder = new JwtBuilder(); var header = builder.DecodeHeader <JwtHeader>(TestData.TokenByAsymmetricAlgorithm); header.Should() .NotBeNull("because decoding header should be possible without validator or algorithm"); header.Type .Should() .Be("JWT"); header.Algorithm .Should() .Be("RS256"); header.KeyId .Should() .Be(TestData.ServerRsaPublicThumbprint1); }