public void SymmetricSignatureProvider_SupportedAlgorithms()
{
var errors = new List <string>();
foreach (var algorithm in
new string[] {
SecurityAlgorithms.HmacSha256Signature,
SecurityAlgorithms.HmacSha384Signature,
SecurityAlgorithms.HmacSha512Signature,
SecurityAlgorithms.HmacSha256,
SecurityAlgorithms.HmacSha384,
SecurityAlgorithms.HmacSha512
})
{
try
{
var provider = new SymmetricSignatureProvider(KeyingMaterial.DefaultSymmetricSecurityKey_256, algorithm);
}
catch (Exception ex)
{
errors.Add("Creation of AsymmetricSignatureProvider with algorithm: " + algorithm + ", threw: " + ex.Message);
}
TestUtilities.AssertFailIfErrors("AsymmetricSignatureProvider_SupportedAlgorithms", errors);
}
}
private void SymmetricSignatureProviderTests_Constructor(string testcase, SymmetricSecurityKey key, string algorithm, ExpectedException exceptionExpected = null)
{
Console.WriteLine(string.Format("Testcase: '{0}'", testcase));
SymmetricSignatureProvider provider = null;
try
{
if (testcase.StartsWith("Signing"))
{
provider = new SymmetricSignatureProvider(key, algorithm);
}
else
{
provider = new SymmetricSignatureProvider(key, algorithm);
}
if (exceptionExpected != null && exceptionExpected.Thrown != null)
{
Assert.Fail("Expected exception: '{0}'", exceptionExpected.Thrown);
}
}
catch (Exception ex)
{
ExpectedException.ProcessException(exceptionExpected, ex);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticatedEncryptionProvider"/> class used for encryption and decryption.
/// <param name="key">The <see cref="SecurityKey"/> that will be used for crypto operations.</param>
/// <param name="algorithm">The encryption algorithm to apply.</param>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or whitespace.</exception>
/// <exception cref="ArgumentOutOfRangeException">key size is not large enough.</exception>
/// <exception cref="ArgumentException">'algorithm' is not supported.</exception>
/// <exception cref="ArgumentException">a symmetricSignatureProvider is not created.</exception>
/// </summary>
public AuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
{
if (key == null)
{
throw LogHelper.LogArgumentNullException(nameof(key));
}
if (string.IsNullOrWhiteSpace(algorithm))
{
throw LogHelper.LogArgumentNullException(nameof(algorithm));
}
if (!IsSupportedAlgorithm(key, algorithm))
{
throw LogHelper.LogExceptionMessage(new ArgumentException(String.Format(CultureInfo.InvariantCulture, LogMessages.IDX10668, GetType(), algorithm, key)));
}
ValidateKeySize(key, algorithm);
_authenticatedkeys = GetAlgorithmParameters(key, algorithm);
_hashAlgorithm = GetHashAlgorithm(algorithm);
// TODO - should we defer and use CreateForSigning for encrypt, CreateForVerifying for decrypt?
_symmetricSignatureProvider = key.CryptoProviderFactory.CreateForSigning(_authenticatedkeys.HmacKey, _hashAlgorithm) as SymmetricSignatureProvider;
if (_symmetricSignatureProvider == null)
{
throw LogHelper.LogExceptionMessage(new ArgumentException(string.Format(CultureInfo.InvariantCulture, LogMessages.IDX10649, Algorithm)));
}
Key = key;
Algorithm = algorithm;
}
private void SymmetricSignatureProvider_ConstructorVariation(SecurityKey key, string algorithm, ExpectedException expectedException)
{
try
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm);
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private void SymmetricSignatureProvidersSignVariation(SecurityKey key, string algorithm, byte[] input, ExpectedException ee, List <string> errors)
{
try
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm);
byte[] signature = provider.Sign(input);
ee.ProcessNoException(errors);
}
catch (Exception ex)
{
ee.ProcessException(ex, errors);
}
}
public void SymmetricSignatureProvider_Publics()
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.DefaultSymmetricSecurityKey_256, KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2.Algorithm);
ExpectedException expectedException = ExpectedException.ArgumentOutOfRangeException("IDX10628:");
try
{
provider.MinimumSymmetricKeySizeInBits = SymmetricSignatureProvider.DefaultMinimumSymmetricKeySizeInBits - 10;
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private void SymmetricSignatureProviders_Verify_Variation(SecurityKey key, string algorithm, byte[] rawBytes, byte[] signature, ExpectedException ee, List <string> errors, bool shouldSignatureSucceed)
{
try
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm);
if (provider.Verify(rawBytes, signature) != shouldSignatureSucceed)
{
errors.Add("SignatureProvider.Verify did not return expected: " + shouldSignatureSucceed + " , algorithm: " + algorithm);
}
ee.ProcessNoException(errors);
}
catch (Exception ex)
{
ee.ProcessException(ex, errors);
}
}
public bool VerifyToken(string token)
{
//Parts of Token
var partsOfToken = token.Split('.');
string header = partsOfToken[0];
string payload = partsOfToken[1];
string signedSignature = partsOfToken[2];
byte[] byteSign = Base64UrlEncoder.DecodeBytes(signedSignature);
byte[] byteHeaderAndPayload = Encoding.UTF8.GetBytes(header + '.' + payload);
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, SecurityAlgorithms.HmacSha512);
return(provider.Verify(byteHeaderAndPayload, byteSign));
}
public void SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking()
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSigningCreds_256_Sha2.SigningKey as SymmetricSecurityKey, KeyingMaterial.SymmetricSigningCreds_256_Sha2.SignatureAlgorithm);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - null input", provider, null, null, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - 0 bytes", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524"));
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - 1 byte", provider, new byte[1], null, ExpectedException.Null);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - null input", provider, null, null, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - null signature", provider, new byte[0], null, ExpectedException.ArgNull);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 0 bytes input", provider, new byte[0], new byte[0], ExpectedException.ArgEx("Jwt10525"));
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 0 bytes signature", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526"));
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - 1 byte", provider, new byte[1], new byte[1], ExpectedException.Null);
provider.Dispose();
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Sign - dispose", provider, new byte[1], new byte[1], ExpectedException.ObjDisp);
SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking("Verify - dispose", provider, new byte[1], new byte[1], ExpectedException.ObjDisp);
}
public void SymmetricSignatureProvider_Publics()
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2.SigningKey as SymmetricSecurityKey, KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2.SignatureAlgorithm);
SignatureProvider_SignVariation(provider, null, null, ExpectedException.ArgumentNullException());
SignatureProvider_SignVariation(provider, new byte[0], null, ExpectedException.ArgumentException("IDX10624:"));
SignatureProvider_SignVariation(provider, new byte[1], null, ExpectedException.NoExceptionExpected);
SignatureProvider_VerifyVariation(provider, null, null, ExpectedException.ArgumentNullException());
SignatureProvider_VerifyVariation(provider, new byte[0], null, ExpectedException.ArgumentNullException());
SignatureProvider_VerifyVariation(provider, new byte[0], new byte[0], ExpectedException.ArgumentException("IDX10625:"));
SignatureProvider_VerifyVariation(provider, new byte[1], new byte[0], ExpectedException.ArgumentException("IDX10626:"));
SignatureProvider_VerifyVariation(provider, new byte[1], new byte[1], ExpectedException.NoExceptionExpected);
provider.Dispose();
SignatureProvider_SignVariation(provider, new byte[1], new byte[1], ExpectedException.ObjectDisposedException);
SignatureProvider_VerifyVariation(provider, new byte[1], new byte[1], ExpectedException.ObjectDisposedException);
}
public void SignatureProvider_Dispose()
{
AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509Key_Public_2048, SecurityAlgorithms.RsaSha256Signature);
asymmetricSignatureProvider.Dispose();
ExpectedException expectedException = ExpectedException.ObjectDisposedException;
SignatureProvider_DisposeVariation("Sign", asymmetricSignatureProvider, expectedException);
SignatureProvider_DisposeVariation("Verify", asymmetricSignatureProvider, expectedException);
SignatureProvider_DisposeVariation("Dispose", asymmetricSignatureProvider, ExpectedException.NoExceptionExpected);
SymmetricSignatureProvider symmetricProvider = new SymmetricSignatureProvider(KeyingMaterial.DefaultSymmetricSecurityKey_256, KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2.Algorithm);
symmetricProvider.Dispose();
SignatureProvider_DisposeVariation("Sign", symmetricProvider, expectedException);
SignatureProvider_DisposeVariation("Verify", symmetricProvider, expectedException);
SignatureProvider_DisposeVariation("Dispose", symmetricProvider, ExpectedException.NoExceptionExpected);
}
private void SymmetricSignatureProvider_ConstructorVariation(string testcase, SymmetricSecurityKey key, string algorithm, ExpectedException expectedException)
{
Console.WriteLine(string.Format("Testcase: '{0}'", testcase));
SymmetricSignatureProvider provider = null;
try
{
if (testcase.StartsWith("Signing"))
{
provider = new SymmetricSignatureProvider(key, algorithm);
}
else
{
provider = new SymmetricSignatureProvider(key, algorithm);
}
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private void SymmetricSignatureProviderTests_Sign_Verify_ParameterChecking(string testcase, SymmetricSignatureProvider provider, byte[] bytes, byte[] signature, ExpectedException exceptionExpected)
{
Console.WriteLine(string.Format("Testcase: '{0}'", testcase));
try
{
if (testcase.StartsWith("Sign"))
{
provider.Sign(bytes);
}
else
{
provider.Verify(bytes, signature);
}
Assert.IsFalse(exceptionExpected.Thrown != null, string.Format("Expected exception: '{0}'", exceptionExpected.Thrown));
}
catch (Exception ex)
{
ExpectedException.ProcessException(exceptionExpected, ex);
}
}
public void SignatureProviders_SignAndVerify()
{
// asymmetric
try
{
Random r = new Random();
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, SecurityAlgorithms.RsaSha256Signature);
byte[] bytesin = new byte[1024];
r.NextBytes(bytesin);
byte[] signature = provider.Sign(bytesin);
}
catch (Exception ex)
{
Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )");
}
// asymmetric
try
{
Random r = new Random();
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, SecurityAlgorithms.RsaSha256Signature, true);
byte[] bytesin = new byte[1024];
r.NextBytes(bytesin);
byte[] signature = provider.Sign(bytesin);
Assert.IsFalse(!provider.Verify(bytesin, signature), string.Format("AsymmetricSignatureProvider did not verify"));
}
catch (Exception)
{
Assert.Fail("Should have thrown, it is possible that crypto config mapped this.");
}
// unknown algorithm
try
{
Random r = new Random();
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature");
Assert.Fail(string.Format("Should have thrown, it is possible that crypto config mapped this."));
}
catch (Exception ex)
{
Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )");
}
// symmetric
try
{
Random r = new Random();
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature);
byte[] bytesin = new byte[1024];
r.NextBytes(bytesin);
byte[] signature = provider.Sign(bytesin);
Assert.IsFalse(!provider.Verify(bytesin, signature), string.Format("Signature did not verify"));
}
catch (Exception ex)
{
Assert.Fail(string.Format("Unexpected exception received: '{0}'", ex));
}
// unknown algorithm
try
{
Random r = new Random();
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSecurityKey_256, "SecurityAlgorithms.HmacSha256Signature");
Assert.Fail(string.Format("Should have thrown, it is possible that crypto config mapped this."));
}
catch (Exception ex)
{
Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )");
}
}
private byte[] GetSignatureFromSymmetricKey(SecurityKey key, string algorithm, byte[] rawBytes)
{
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm);
return(provider.Sign(rawBytes));
}
