private void AsymmetricConstructor_Test(string testcase, AsymmetricSecurityKey key, string algorithm, ExpectedException exceptionExpected = null)
{
Console.WriteLine(string.Format("Testcase: '{0}'", testcase));
AsymmetricSignatureProvider provider = null;
try
{
if (testcase.StartsWith("Signing"))
{
provider = new AsymmetricSignatureProvider(key, algorithm, true);
}
else
{
provider = new AsymmetricSignatureProvider(key, algorithm, false);
}
if (exceptionExpected != null && exceptionExpected.Thrown != null)
{
Assert.Fail("Expected exception: '{0}'", exceptionExpected.Thrown);
}
}
catch (Exception ex)
{
ExpectedException.ProcessException(exceptionExpected, ex);
}
}
private bool Verify(byte[] payload, byte[] signature, byte[] publicKey)
{
var key = new ECDsaSecurityKey(LoadPublicKey(publicKey));
var provider = new AsymmetricSignatureProvider(key, SecurityAlgorithms.EcdsaSha256Signature);
return(provider.Verify(payload, signature));
}
public void AsymmetricSignatureProvider_Dispose()
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_Public_2048, SecurityAlgorithms.RsaSha256Signature);
provider.Dispose();
try
{
provider.Sign(new byte[256]);
}
catch (Exception ex)
{
ExpectedException.ProcessException(ExpectedException.ObjDisp, ex);
}
try
{
provider.Verify(new byte[256], new byte[256]);
}
catch (Exception ex)
{
ExpectedException.ProcessException(ExpectedException.ObjDisp, ex);
}
try
{
provider.Dispose();
}
catch (Exception ex)
{
Assert.Fail(string.Format("AsymmetricSignatureProvider.Dispose called twice, caught exception: '{0}'", ex));
}
}
private byte[] Sign(byte[] payload, byte[] publicKey, byte[] privateKey)
{
var key = new ECDsaSecurityKey(LoadPrivateKey(privateKey));
var provider = new AsymmetricSignatureProvider(key, SecurityAlgorithms.EcdsaSha256Signature);
return(provider.Sign(payload));
}
public void AsymmetricSignatureProvider_Sign_Verify_ParameterChecking()
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm);
Provider_Sign_Verify_ParameterChecking("Sign - null 'input'", provider, null, null, ExpectedException.ArgNull);
Provider_Sign_Verify_ParameterChecking("Sign - zero bytes 'input'", provider, new byte[0], null, ExpectedException.ArgEx("Jwt10524"));
Provider_Sign_Verify_ParameterChecking("Sign - _formatter will be null since provider wasn't created with willBeUsedForSigning == true", provider, new byte[1], null, ExpectedException.InvalidOp("Jwt10520"));
Provider_Sign_Verify_ParameterChecking("Verify - null 'input'", provider, null, null, ExpectedException.ArgNull);
Provider_Sign_Verify_ParameterChecking("Verify - null 'signature'", provider, new byte[1], null, ExpectedException.ArgNull);
Provider_Sign_Verify_ParameterChecking("Verify - 'input' zero bytes", provider, new byte[0], new byte[1], ExpectedException.ArgEx("Jwt10525"));
Provider_Sign_Verify_ParameterChecking("Verify - 'signature' zero bytes", provider, new byte[1], new byte[0], ExpectedException.ArgEx("Jwt10526"));
}
private void AsymmetricSignatureProvidersSignVariation(SecurityKey key, string algorithm, byte[] input, ExpectedException ee, List <string> errors)
{
try
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(key, algorithm, true);
byte[] signature = provider.Sign(input);
ee.ProcessNoException(errors);
}
catch (Exception ex)
{
ee.ProcessException(ex, errors);
}
}
public void AsymmetricSignatureProvider_Publics()
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm);
SignatureProvider_SignVariation(provider, null, null, ExpectedException.ArgumentNullException());
SignatureProvider_SignVariation(provider, new byte[0], null, ExpectedException.ArgumentException("IDX10624:"));
SignatureProvider_SignVariation(provider, new byte[1], null, ExpectedException.InvalidOperationException("IDX10620:"));
SignatureProvider_VerifyVariation(provider, null, null, ExpectedException.ArgumentNullException());
SignatureProvider_VerifyVariation(provider, new byte[1], null, ExpectedException.ArgumentNullException());
SignatureProvider_VerifyVariation(provider, new byte[0], new byte[1], ExpectedException.ArgumentException("IDX10625:"));
SignatureProvider_VerifyVariation(provider, new byte[1], new byte[0], ExpectedException.ArgumentException("IDX10626:"));
}
public void SignVerify(SignatureProviderTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.SignVerify", theoryData);
var bytes = Guid.NewGuid().ToByteArray();
try
{
var providerForSigningDirect = new AsymmetricSignatureProvider(theoryData.SigningKey, theoryData.SigningAlgorithm, true);
providerForSigningDirect.ValidKeySize();
var providerForVerifyingDirect = new AsymmetricSignatureProvider(theoryData.VerifyKey, theoryData.VerifyAlgorithm, false);
providerForVerifyingDirect.ValidKeySize();
var providerForSigningFromFactory = theoryData.SigningKey.CryptoProviderFactory.CreateForSigning(theoryData.SigningKey, theoryData.SigningAlgorithm);
var providerForVerifyingFromFactory = theoryData.VerifyKey.CryptoProviderFactory.CreateForVerifying(theoryData.VerifyKey, theoryData.VerifyAlgorithm);
byte[] signatureDirect = providerForSigningDirect.Sign(bytes);
byte[] signatureFromFactory = providerForSigningFromFactory.Sign(bytes);
if (!providerForVerifyingDirect.Verify(bytes, signatureDirect))
{
context.AddDiff($"providerForVerifyingDirect.Verify (signatureDirect) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}");
}
if (!providerForVerifyingDirect.Verify(bytes, signatureFromFactory))
{
context.AddDiff($"providerForVerifyingDirect.Verify (signatureFromFactory) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}");
}
if (!providerForVerifyingFromFactory.Verify(bytes, signatureDirect))
{
context.AddDiff($"providerForVerifyingFromFactory.Verify (signatureDirect) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}");
}
if (!providerForVerifyingFromFactory.Verify(bytes, signatureFromFactory))
{
context.AddDiff($"providerForVerifyingFromFactory.Verify (signatureFromFactory) - FAILED. signingKey : signingAlgorithm '{theoryData.SigningKey}' : '{theoryData.SigningAlgorithm}. verifyKey : verifyAlgorithm '{theoryData.VerifyKey}' : '{theoryData.VerifyAlgorithm}");
}
theoryData.ExpectedException.ProcessNoException(context);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
private async Task ValidateSignatureAsync(AcmeRawPostRequest request, AcmeHeader header, CancellationToken cancellationToken)
{
if (request is null)
{
throw new ArgumentNullException(nameof(request));
}
if (header is null)
{
throw new ArgumentNullException(nameof(header));
}
_logger.LogDebug("Attempting to validate signature ...");
var jwk = header.Jwk;
if (jwk == null)
{
try
{
var accountId = header.GetAccountId();
var account = await _accountService.LoadAcountAsync(accountId, cancellationToken);
jwk = account?.Jwk;
}
catch (InvalidOperationException)
{
throw new MalformedRequestException("KID could not be found.");
}
}
if (jwk == null)
{
throw new MalformedRequestException("Could not load JWK.");
}
var securityKey = jwk.SecurityKey;
using var signatureProvider = new AsymmetricSignatureProvider(securityKey, header.Alg);
var plainText = System.Text.Encoding.UTF8.GetBytes($"{request.Header}.{request.Payload ?? ""}");
var signature = Base64UrlEncoder.DecodeBytes(request.Signature);
if (!signatureProvider.Verify(plainText, signature))
{
throw new MalformedRequestException("The signature could not be verified");
}
_logger.LogDebug("successfully validated signature.");
}
public void SignatureProviders_Sign()
{
List <string> errors = new List <string>();
byte[] rawBytes = new byte[8192];
(new Random()).NextBytes(rawBytes);
// Asymmetric
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, null, ExpectedException.ArgumentNullException(), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, new byte[0], ExpectedException.ArgumentException("IDX10624:"), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_1024, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.ArgumentOutOfRangeException("IDX10630:"), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors);
#if NETCOREAPP1_0
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors);
Assert.ThrowsAny <CryptographicException>(() =>
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature);
provider.Sign(rawBytes);
});
#endif
// since the actual exception thrown is private - WindowsCryptographicException, using this pattern to match the derived exception
Assert.ThrowsAny <CryptographicException>(() =>
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature);
provider.Sign(rawBytes);
});
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, "NOT_SUPPORTED", rawBytes, ExpectedException.ArgumentException("IDX10634:"), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.NoExceptionExpected, errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.ECDsa256Key_Public, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyEcdsa256, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.NoExceptionExpected, errors);
AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyEcdsa256Public, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors);
// Symmetric
SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, null, ExpectedException.ArgumentNullException(), errors);
SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[0], ExpectedException.ArgumentException("IDX10624:"), errors);
SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors);
SymmetricSignatureProvidersSignVariation(KeyingMaterial.SymmetricSecurityKey_56, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.ArgumentOutOfRangeException("IDX10603:"), errors);
SymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors);
TestUtilities.AssertFailIfErrors("SignatureProviders_Sign", errors);
}
private void AsymmetricSignatureProviders_Verify_Variation(SecurityKey key, string algorithm, byte[] rawBytes, byte[] signature, ExpectedException ee, List <string> errors, bool shouldSignatureSucceed)
{
try
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(key, algorithm);
if (provider.Verify(rawBytes, signature) != shouldSignatureSucceed)
{
errors.Add("SignatureProvider.Verify did not return expected: " + shouldSignatureSucceed + " , algorithm: " + algorithm);
}
ee.ProcessNoException(errors);
}
catch (Exception ex)
{
ee.ProcessException(ex, errors);
}
}
public void SignatureProvider_Dispose()
{
AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509Key_Public_2048, SecurityAlgorithms.RsaSha256Signature);
asymmetricSignatureProvider.Dispose();
ExpectedException expectedException = ExpectedException.ObjectDisposedException;
SignatureProvider_DisposeVariation("Sign", asymmetricSignatureProvider, expectedException);
SignatureProvider_DisposeVariation("Verify", asymmetricSignatureProvider, expectedException);
SignatureProvider_DisposeVariation("Dispose", asymmetricSignatureProvider, ExpectedException.NoExceptionExpected);
SymmetricSignatureProvider symmetricProvider = new SymmetricSignatureProvider(KeyingMaterial.DefaultSymmetricSecurityKey_256, KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2.Algorithm);
symmetricProvider.Dispose();
SignatureProvider_DisposeVariation("Sign", symmetricProvider, expectedException);
SignatureProvider_DisposeVariation("Verify", symmetricProvider, expectedException);
SignatureProvider_DisposeVariation("Dispose", symmetricProvider, ExpectedException.NoExceptionExpected);
}
public void AsymmetricSignatureProvider_SupportedAlgorithms()
{
var errors = new List <string>();
foreach (var algorithm in
new string[] {
SecurityAlgorithms.RsaSha256,
SecurityAlgorithms.RsaSha384,
SecurityAlgorithms.RsaSha512,
SecurityAlgorithms.RsaSha256Signature,
SecurityAlgorithms.RsaSha384Signature,
SecurityAlgorithms.RsaSha512Signature
})
{
try
{
var provider = new AsymmetricSignatureProvider(KeyingMaterial.DefaultX509Key_2048, algorithm);
}
catch (Exception ex)
{
errors.Add("Creation of AsymmetricSignatureProvider with algorithm: " + algorithm + ", threw: " + ex.Message);
}
}
foreach (var algorithm in
new string[] {
SecurityAlgorithms.EcdsaSha256,
SecurityAlgorithms.EcdsaSha384,
SecurityAlgorithms.EcdsaSha512
})
{
try
{
var provider = new AsymmetricSignatureProvider(KeyingMaterial.ECDsa256Key, algorithm);
}
catch (Exception ex)
{
errors.Add("Creation of AsymmetricSignatureProvider with algorithm: " + algorithm + ", threw: " + ex.Message);
}
}
TestUtilities.AssertFailIfErrors("AsymmetricSignatureProvider_SupportedAlgorithms", errors);
}
public void AsymmetricSignatureProvider_Defaults()
{
try
{
AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm, false);
}
catch (Exception)
{
Assert.Fail("AsymmetricSignatureProvider creation should not throw");
}
try
{
AsymmetricSignatureProvider asymmetricSignatureProvider = new AsymmetricSignatureProvider(KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SigningKey as AsymmetricSecurityKey, KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2.SignatureAlgorithm, true);
}
catch (Exception)
{
Assert.Fail("AsymmetricSignatureProvider creation should not throw");
}
}
private void AsymmetricConstructorVariation(string testcase, SecurityKey key, string algorithm, ExpectedException expectedException)
{
AsymmetricSignatureProvider provider = null;
try
{
if (testcase.StartsWith("Signing"))
{
provider = new AsymmetricSignatureProvider(key, algorithm, true);
}
else
{
provider = new AsymmetricSignatureProvider(key, algorithm, false);
}
expectedException.ProcessNoException();
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
/// <summary>
/// 生成Jwt令牌信息
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new AggregateException(nameof(data));
}
//生成jwt的id jti
//从配置文件中读取 jwt的issuer 发行者 audience 受众 expires 过期时间 key 加密证书
var expires = data.Properties.ExpiresUtc.GetValueOrDefault().DateTime;
//从配置文件中读取 jwt的issuer 发行者 audience 受众 expires 过期时间 key 加密证书
var issuer = "mecode";
var audience = "mywebapp";
var jti = audience + expires.Millisecond + "postman_code";
jti = MD5Util.GetMD5(jti);
JwtSecurityToken token;
string jwt;
//获取签名证书
//包含用于生成数字签名的加密密钥
var handler = new JwtSecurityTokenHandler();
var rsaparmeters = RSAUtil.GenerateAndSaveKey("E:\\");
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.ImportParameters(rsaparmeters);
var singingKey = new RsaSecurityKey(rsa);
var signingCredentials = new SigningCredentials(singingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.RsaSha256Signature);
var claimsIdentity = new ClaimsIdentity(data.Identity.Claims, "JWTTest");
claimsIdentity.AddClaim(new Claim("jti", jti));
claimsIdentity.AddClaim(new Claim("now", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")));
var asymmetric = new AsymmetricSignatureProvider(singingKey, SecurityAlgorithms.RsaSha256Signature, true);
token = handler.CreateToken(issuer, audience, claimsIdentity, null, expires, signingCredentials, asymmetric);
jwt = handler.WriteToken(token);
}
return(jwt);
}
public void SignatureProviders_SignAndVerify()
{
// asymmetric
try
{
Random r = new Random();
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, SecurityAlgorithms.RsaSha256Signature);
byte[] bytesin = new byte[1024];
r.NextBytes(bytesin);
byte[] signature = provider.Sign(bytesin);
}
catch (Exception ex)
{
Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )");
}
// asymmetric
try
{
Random r = new Random();
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, SecurityAlgorithms.RsaSha256Signature, true);
byte[] bytesin = new byte[1024];
r.NextBytes(bytesin);
byte[] signature = provider.Sign(bytesin);
Assert.IsFalse(!provider.Verify(bytesin, signature), string.Format("AsymmetricSignatureProvider did not verify"));
}
catch (Exception)
{
Assert.Fail("Should have thrown, it is possible that crypto config mapped this.");
}
// unknown algorithm
try
{
Random r = new Random();
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.AsymmetricKey_2048, "SecurityAlgorithms.RsaSha256Signature");
Assert.Fail(string.Format("Should have thrown, it is possible that crypto config mapped this."));
}
catch (Exception ex)
{
Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )");
}
// symmetric
try
{
Random r = new Random();
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature);
byte[] bytesin = new byte[1024];
r.NextBytes(bytesin);
byte[] signature = provider.Sign(bytesin);
Assert.IsFalse(!provider.Verify(bytesin, signature), string.Format("Signature did not verify"));
}
catch (Exception ex)
{
Assert.Fail(string.Format("Unexpected exception received: '{0}'", ex));
}
// unknown algorithm
try
{
Random r = new Random();
SymmetricSignatureProvider provider = new SymmetricSignatureProvider(KeyingMaterial.SymmetricSecurityKey_256, "SecurityAlgorithms.HmacSha256Signature");
Assert.Fail(string.Format("Should have thrown, it is possible that crypto config mapped this."));
}
catch (Exception ex)
{
Assert.IsFalse(ex.GetType() != typeof(InvalidOperationException), "ex.GetType() != typeof( InvalidOperationException )");
}
}
private byte[] GetSignature(SecurityKey key, string algorithm, byte[] rawBytes)
{
AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(key, algorithm, true);
return(provider.Sign(rawBytes));
}
public void RsaCngAdapterTest(RsaCngAdapterTheoryData theoryData)
{
var context = TestUtilities.WriteHeader($"{this}.RsaCngAdapterTest", theoryData);
var cert = KeyingMaterial.CertSelfSigned2048_SHA256;
var rsaCapiPrivateKey = new RsaSecurityKey(cert.PrivateKey as RSA);
var rsaCapiPublicKey = new RsaSecurityKey(cert.PublicKey.Key as RSA);
var clearBytes = Encoding.UTF8.GetBytes("blue star");
byte[] capiSignatureBytes = null;
AsymmetricSignatureProvider providerCapiPrivate = null;
AsymmetricSignatureProvider providerCapiPublic = null;
// create CAPI providers
try
{
providerCapiPrivate = new AsymmetricSignatureProvider(rsaCapiPrivateKey, theoryData.Algorithm, true);
capiSignatureBytes = providerCapiPrivate.Sign(clearBytes);
providerCapiPublic = new AsymmetricSignatureProvider(rsaCapiPublicKey, theoryData.Algorithm, false);
if (!providerCapiPublic.Verify(clearBytes, capiSignatureBytes))
{
context.AddDiff("providerCapiPublic.Verify(clearBytes, capiSignatureBytes)");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
var rsaCngPrivateKey = new RsaSecurityKey(cert.GetRSAPrivateKey());
var rsaCngPublicKey = new RsaSecurityKey(cert.GetRSAPublicKey());
byte[] cngSignatureBytes = null;
byte[] cngSignatureBytesByFactory = null;
// create private signing
AsymmetricSignatureProvider providerCngPrivate = null;
try
{
providerCngPrivate = new AsymmetricSignatureProvider(rsaCngPrivateKey, theoryData.Algorithm, true);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// create private signing with CryptoProviderFactory.Default
SignatureProvider providerCngPrivateByFactory = null;
try
{
providerCngPrivateByFactory = CryptoProviderFactory.Default.CreateForSigning(rsaCngPrivateKey, theoryData.Algorithm);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// create public verifying
AsymmetricSignatureProvider providerCngPublic = null;
try
{
providerCngPublic = new AsymmetricSignatureProvider(rsaCngPublicKey, theoryData.Algorithm, false);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// create public verifying with CryptoProviderFactory.Default
SignatureProvider providerCngPublicByFactory = null;
try
{
providerCngPublicByFactory = CryptoProviderFactory.Default.CreateForVerifying(rsaCngPublicKey, theoryData.Algorithm);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
try
{
cngSignatureBytes = providerCngPrivate.Sign(clearBytes);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// cngByFactory Sign
try
{
cngSignatureBytesByFactory = providerCngPrivateByFactory.Sign(clearBytes);
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// CngPublic -> CngPrivate validates
try
{
var cngVerify = providerCngPublic.Verify(clearBytes, cngSignatureBytes);
if (!cngVerify)
{
context.AddDiff($"cngVerify = providerCngPublic.Verify(clearBytes, cngSignatureBytes) == false.");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// CngPublicByFactory -> CngPrivate validates
try
{
var cngVerify = providerCngPublicByFactory.Verify(clearBytes, cngSignatureBytes);
if (!cngVerify)
{
context.AddDiff($"cngVerify = providerCngPublicByFactory.Verify(clearBytes, cngSignatureBytes) == false.");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// CngPublic -> CAPI validates
try
{
var cngVerify = providerCngPublic.Verify(clearBytes, capiSignatureBytes);
if (!cngVerify)
{
context.AddDiff($"cngVerify = providerCngPublic.Verify(clearBytes, capiSignatureBytes) == false.");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// CngPublicByFactory -> CAPI validates
try
{
var verify = providerCngPublicByFactory.Verify(clearBytes, capiSignatureBytes);
if (!verify)
{
context.AddDiff($"verify = providerCngPublicByFactory.Verify(clearBytes, capiSignatureBytes) == false.");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// CAPIPublic -> Cng validates
try
{
var verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytes);
if (!verify)
{
context.AddDiff($"verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytes) == false.");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
// CAPIPublic -> CngByFactory validates
try
{
var verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytesByFactory);
if (!verify)
{
context.AddDiff($"verify = providerCapiPublic.Verify(clearBytes, cngSignatureBytesByFactory) == false.");
}
}
catch (Exception ex)
{
theoryData.ExpectedException.ProcessException(ex, context);
}
TestUtilities.AssertFailIfErrors(context);
}
/// <summary>
/// Constructs BouncyCastleEdDsaWrapper.
/// </summary>
/// <param name="signatureProvider">A provider for signatures.</param>
/// <param name="curve">The type of curve.</param>
/// <param name="securityKey">The security key containing the key material.</param>
public BouncyCastleEdDsaWrapper(AsymmetricSignatureProvider signatureProvider, BouncyCastleEdDsaSecurityKey securityKey, string curve) : base(signatureProvider, CryptographyAlgorithmConstants.EdDsa.KeyType, curve)
{
SecurityKey = securityKey ?? throw new ArgumentNullException(nameof(securityKey));
}
/// <summary>
/// A default constructor for classes that provide the concrete implementation.
/// </summary>
/// <param name="signatureProvider">A provider for signatures.</param>
/// <param name="keyType">The type of key.</param>
/// <param name="curve">The type of curve.</param>
protected AsymmetricKeyWrapper(AsymmetricSignatureProvider signatureProvider, string keyType, string curve)
{
SignatureProvider = signatureProvider ?? throw new ArgumentNullException(nameof(signatureProvider));
KeyType = keyType ?? throw new ArgumentNullException(nameof(keyType));
Curve = curve ?? throw new ArgumentNullException(nameof(curve));
}
