Esempio n. 1
0
        public void ECDSAKeySizeDoesNotMatchThrowsError()
        {
            var options = new ECCertificateBuilderOptions
            {
                FullSubjectName = "CN=Test",
                ECCurve         = ECNamedCurves.P521,
                HashingMethod   = HashingMethods.Sha256,
                ECKeyName       = "ECDSA_Test"
            };
            var    cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
            string headerJson;
            var    token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);

            cert = ECCertificateBuilder.CreateNewSigningCertificate(new ECCertificateBuilderOptions {
                ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test"
            });

            try
            {
                string payloadJson;
                JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson);
            }
            catch (SignatureVerificationException ex)
            {
                Assert.AreEqual("Key size does not match.", ex.Message);
                return;
            }

            Assert.Fail();
        }
Esempio n. 2
0
        public void WrongCertificateThrowsError()
        {
            var options = new ECCertificateBuilderOptions
            {
                ECCurve         = ECNamedCurves.P256,
                FullSubjectName = "CN=Test"
            };
            var    cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
            string headerJson;
            var    token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);

            options = new ECCertificateBuilderOptions
            {
                ECCurve         = ECNamedCurves.P256,
                FullSubjectName = "CN=Test"
            };
            cert = ECCertificateBuilder.CreateNewSigningCertificate(options);

            try
            {
                string payloadJson;
                JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson);
            }
            catch (SignatureVerificationException ex)
            {
                Assert.AreEqual("Invalid signature.", ex.Message);
                return;
            }

            Assert.Fail();
        }
Esempio n. 3
0
        public void ParseBackAndForthWorks()
        {
            var options = new ECCertificateBuilderOptions
            {
                ECCurve         = ECNamedCurves.P256,
                FullSubjectName = "CN=Test"
            };
            var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);

            string headerJson;
            var    token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);

            string headerJsonDecoded;
            string payloadJsonDecoded;

            dynamic result = JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJsonDecoded,
                                                                    out payloadJsonDecoded);

            Assert.AreEqual(1, (int)result.id);
            Assert.AreEqual(2, (int)result.org);

            Assert.IsFalse(string.IsNullOrWhiteSpace(headerJsonDecoded));
            Assert.IsTrue(string.Equals(headerJson, headerJsonDecoded));
            Assert.IsFalse(string.IsNullOrWhiteSpace(payloadJsonDecoded));
        }
Esempio n. 4
0
        public void UnknownJWTAlgorithmThrowsError()
        {
            var options = new ECCertificateBuilderOptions
            {
                ECCurve = ECNamedCurves.P256,

                FullSubjectName = "CN=Test"
            };
            var    cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
            string headerJson;
            var    token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);
            var    split = token.Split('.');

            split[0] = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSU0EifQ";  // switch header
            token    = string.Join(".", split);

            try
            {
                string payloadJson;
                JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson);
            }
            catch (SignatureVerificationException ex)
            {
                Assert.AreEqual("Unsupported signing algorithm.", ex.Message);
                return;
            }

            Assert.Fail();
        }
Esempio n. 5
0
        public void HeaderAndPayloadParsesCorrectly()
        {
            var options = new ECCertificateBuilderOptions
            {
                ECCurve         = ECNamedCurves.P256,
                FullSubjectName = "CN=Test"
            };
            var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);

            string headerJson;
            var    token = JsonWebToken.EncodeUsingECDSA(
                new { id = 1, org = 1 },
                cert,
                new Dictionary <string, object> {
                { "alg", "ES256" }
            },
                new JsonSerializerSettings(),
                out headerJson);

            var bits = token.Split('.');

            Assert.AreEqual(3, bits.Length);
            Assert.AreEqual("eyJhbGciOiJFUzI1NiJ9", bits[0]);   // HEADER
            Assert.AreEqual("eyJpZCI6MSwib3JnIjoxfQ", bits[1]); // DATA
        }
        public void CreateWithDefaultOptions()
        {
            var cert = ECCertificateBuilder.CreateNewSigningCertificate("Test");

            Assert.AreEqual("CN=Test", cert.Subject);
            Assert.AreEqual("sha256ECDSA", cert.SignatureAlgorithm.FriendlyName);
            Assert.IsTrue(cert.HasPrivateKey);
        }
            public void PublicKeyOnlyCorrectlyParses()
            {
                var cert       = ECCertificateBuilder.CreateNewSigningCertificate("Test");
                var data       = cert.Export(X509ContentType.Cert);
                var publicCert = new X509Certificate2(data);

                var cng = ECDSACertificateParser.ParsePublicCertificate(publicCert);

                Assert.IsNotNull(cng);
            }
            public void NoPublicKeyThrowsError()
            {
                Assert.Throws(typeof(InvalidOperationException), () =>
                {
                    var cert       = ECCertificateBuilder.CreateNewSigningCertificate("Test");
                    var data       = cert.Export(X509ContentType.Cert);
                    var publicCert = new X509Certificate2(data);

                    ECDSACertificateParser.ParsePrivateCertificate(publicCert);
                });
            }
            public void P384CertificateCorrectlyParses()
            {
                var options = new ECCertificateBuilderOptions
                {
                    FullSubjectName = "CN=Test",
                    ECCurve         = ECNamedCurves.P384
                };

                var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);

                var cng = ECDSACertificateParser.ParsePublicCertificate(cert);

                Assert.IsNotNull(cng);
            }
        public void CreateWithSha512Hash()
        {
            var options = new ECCertificateBuilderOptions
            {
                FullSubjectName = "CN=Test",
                HashingMethod   = HashingMethods.Sha512
            };

            var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);

            Assert.AreEqual("CN=Test", cert.Subject);
            Assert.AreEqual("sha512ECDSA", cert.SignatureAlgorithm.FriendlyName);
            Assert.IsTrue(cert.HasPrivateKey);
        }
        public void CreateWithP256Curve()
        {
            var options = new ECCertificateBuilderOptions
            {
                FullSubjectName = "CN=Test",
                ECCurve         = ECNamedCurves.P256
            };

            var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);

            Assert.AreEqual("CN=Test", cert.Subject);
            Assert.AreEqual("sha256ECDSA", cert.SignatureAlgorithm.FriendlyName);
            Assert.IsTrue(cert.HasPrivateKey);
        }
        public void SurvivesExportImport()
        {
            var options = new ECCertificateBuilderOptions
            {
                FullSubjectName = "CN=Test",
                ECKeyName       = "KeyTestTemp",
                HashingMethod   = HashingMethods.Sha512
            };

            var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
            var data = cert.Export(X509ContentType.Pkcs12, "password");

            if (CngKey.Exists("KeyTestTemp"))
            {
                var objCngKey = CngKey.Open("KeyTestTemp");
                objCngKey.Delete();
            }

            var reloaded = new X509Certificate2(data, "password");

            ECDSACertificateParser.ParsePrivateCertificate(reloaded);
        }