public void Wrap_Rfc7518_Appendix_C() { var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.Aes128Gcm, KeyManagementAlgorithm.EcdhEs); var header = new JwtObject(); header.Add(new JwtProperty(HeaderParameters.ApuUtf8, Base64Url.Encode("Alice"))); header.Add(new JwtProperty(HeaderParameters.ApvUtf8, Base64Url.Encode("Bob"))); var cek = kwp.WrapKey(_aliceKey, header, null); var expected = new byte[] { 86, 170, 141, 234, 248, 35, 109, 32, 92, 34, 40, 205, 113, 167, 16, 26 }; Assert.Equal(expected, cek.AsSpan().ToArray()); }
/// <inheritsdoc /> public override Jwk WrapKey(Jwk?staticKey, JwtObject header, Span <byte> destination) { if (_disposed) { ThrowHelper.ThrowObjectDisposedException(GetType()); } var cek = CreateSymmetricKey(EncryptionAlgorithm, staticKey); Span <byte> nonce = stackalloc byte[IVSize]; Span <byte> tag = stackalloc byte[TagSize]; using (var aesGcm = new AesGcm(Key.AsSpan())) { aesGcm.Encrypt(nonce, cek.AsSpan(), destination, tag); header.Add(new JwtProperty(HeaderParameters.IVUtf8, Base64Url.Encode(nonce))); header.Add(new JwtProperty(HeaderParameters.TagUtf8, Base64Url.Encode(tag))); } return(cek); }
public void Unwrap2() { var kwp = new EcdhKeyWrapper(_bobKey, EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.EcdhEsAes128KW); byte[] wrappedKey = new byte[kwp.GetKeyWrapSize()]; var header = new JwtObject(); header.Add(new JwtProperty(HeaderParameters.ApuUtf8, Base64Url.Encode("Alice"))); header.Add(new JwtProperty(HeaderParameters.ApvUtf8, Base64Url.Encode("Bob"))); var cek = kwp.WrapKey(_aliceKey, header, wrappedKey); var kuwp = new EcdhKeyUnwrapper(_bobKey, EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.EcdhEsAes128KW); var apu = Encoding.UTF8.GetString(Base64Url.Encode("Alice"));; var apv = Encoding.UTF8.GetString(Base64Url.Encode("Bob")); var epk = ((JwtObject)header[HeaderParameters.EpkUtf8].Value).ToString(); var jwtHeader = JwtHeader.FromJson($"{{\"apu\":\"{apu}\",\"apv\":\"{apv}\",\"epk\":{epk}}}"); byte[] unwrappedKey = new byte[kuwp.GetKeyUnwrapSize(wrappedKey.Length)]; var unwrapped = kuwp.TryUnwrapKey(wrappedKey, unwrappedKey, jwtHeader, out int bytesWritten); Assert.True(unwrapped); }
public static JwtObject ToJwtObject(JObject json) { var jwtObject = new JwtObject(); foreach (var property in json.Properties()) { JwtProperty jwtProperty; switch (property.Value.Type) { case JTokenType.Object: jwtProperty = new JwtProperty(property.Name, ToJwtObject(property.Value.Value <JObject>())); break; case JTokenType.Array: jwtProperty = new JwtProperty(property.Name, ToJwtArray(property.Value.Value <JArray>())); break; case JTokenType.Integer: jwtProperty = new JwtProperty(property.Name, property.Value.Value <long>()); break; case JTokenType.Float: jwtProperty = new JwtProperty(property.Name, property.Value.Value <double>()); break; case JTokenType.String: jwtProperty = new JwtProperty(property.Name, property.Value.Value <string>()); break; case JTokenType.Boolean: jwtProperty = new JwtProperty(property.Name, property.Value.Value <bool>()); break; case JTokenType.Null: jwtProperty = new JwtProperty(property.Name); break; default: throw new NotSupportedException(); } jwtObject.Add(jwtProperty); } return(jwtObject); }
internal static JwtHeader ReadJwtHeaderSlow(ref Utf8JsonReader reader) { var current = new JwtObject(3); var header = new JwtHeader(current); while (reader.Read()) { if (!(reader.TokenType is JsonTokenType.PropertyName)) { break; } if (reader.ValueTextEquals(HeaderParameters.AlgUtf8) && reader.Read()) { if (!(reader.TokenType is JsonTokenType.String)) { break; } var alg = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan; if (SignatureAlgorithm.TryParse(alg, out var signatureAlgorithm)) { header.SignatureAlgorithm = signatureAlgorithm; } else if (KeyManagementAlgorithm.TryParse(alg, out var keyManagementAlgorithm)) { header.KeyManagementAlgorithm = keyManagementAlgorithm; } else if (SignatureAlgorithm.TryParseSlow(ref reader, out signatureAlgorithm)) { header.SignatureAlgorithm = signatureAlgorithm; } else if (KeyManagementAlgorithm.TryParseSlow(ref reader, out keyManagementAlgorithm)) { header.KeyManagementAlgorithm = keyManagementAlgorithm; } else { // TODO : Fix when the Utf8JsonReader will allow // to read an unescaped string without allocating a string current.Add(new JwtProperty(WellKnownProperty.Alg, Encoding.UTF8.GetBytes(reader.GetString()))); } } else if (reader.ValueTextEquals(HeaderParameters.EncUtf8) && reader.Read()) { if (!(reader.TokenType is JsonTokenType.String)) { break; } var enc = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan; if (EncryptionAlgorithm.TryParse(enc, out var encryptionAlgorithm)) { header.EncryptionAlgorithm = encryptionAlgorithm; } else if (EncryptionAlgorithm.TryParseSlow(ref reader, out encryptionAlgorithm)) { header.EncryptionAlgorithm = encryptionAlgorithm; } else { // TODO : Fix when the Utf8JsonReader will allow // to read an unescaped string without allocating a string current.Add(new JwtProperty(WellKnownProperty.Enc, Encoding.UTF8.GetBytes(reader.GetString()))); } } else if (reader.ValueTextEquals(HeaderParameters.CtyUtf8) && reader.Read()) { if (!(reader.TokenType is JsonTokenType.String)) { break; } current.Add(new JwtProperty(WellKnownProperty.Cty, Encoding.UTF8.GetBytes(reader.GetString()))); } else if (reader.ValueTextEquals(HeaderParameters.TypUtf8) && reader.Read()) { if (!(reader.TokenType is JsonTokenType.String)) { break; } current.Add(new JwtProperty(WellKnownProperty.Typ, Encoding.UTF8.GetBytes(reader.GetString()))); } else if (reader.ValueTextEquals(HeaderParameters.KidUtf8) && reader.Read()) { if (!(reader.TokenType is JsonTokenType.String)) { break; } current.Add(new JwtProperty(WellKnownProperty.Kid, reader.GetString())); } else if (reader.ValueTextEquals(HeaderParameters.ZipUtf8) && reader.Read()) { if (!(reader.TokenType is JsonTokenType.String)) { break; } var zip = reader.HasValueSequence ? reader.ValueSequence.ToArray() : reader.ValueSpan; if (CompressionAlgorithm.TryParse(zip, out var compressionAlgorithm)) { current.Add(new JwtProperty(compressionAlgorithm)); } else if (CompressionAlgorithm.TryParseSlow(ref reader, out compressionAlgorithm)) { current.Add(new JwtProperty(compressionAlgorithm)); } else { // TODO : Fix when the Utf8JsonReader will allow // to read an unescaped string without allocating a string current.Add(new JwtProperty(WellKnownProperty.Zip, Encoding.UTF8.GetBytes(reader.GetString()))); } } else { var name = reader.GetString(); reader.Read(); switch (reader.TokenType) { case JsonTokenType.StartObject: current.Add(name, JsonParser.ReadJsonObject(ref reader)); break; case JsonTokenType.StartArray: current.Add(name, JsonParser.ReadJsonArray(ref reader)); break; case JsonTokenType.String: current.Add(name, reader.GetString()); break; case JsonTokenType.True: current.Add(name, true); break; case JsonTokenType.False: current.Add(name, false); break; case JsonTokenType.Null: current.Add(name); break; case JsonTokenType.Number: if (reader.TryGetInt64(out long longValue)) { current.Add(name, longValue); } else { if (reader.TryGetDouble(out double doubleValue)) { current.Add(name, doubleValue); } else { throw new FormatException($"NotSupportedNumberValue {Encoding.UTF8.GetBytes(name)}"); } } break; default: throw new FormatException("MalformedJson"); } } } if (!(reader.TokenType is JsonTokenType.EndObject)) { throw new FormatException("MalformedJson"); } return(header); }