public void TestDecodeUnknown()
{
EncryptMessage msg = new EncryptMessage();
msg.AddAttribute(HeaderKeys.Algorithm, AlgorithmValues.AES_GCM_128, Attributes.PROTECTED);
// msg.AddAttribute(HeaderKeys.IV, CBORObject.FromObject(rgbIV96), Attributes.PROTECTED);
msg.SetContent(rgbContent);
CBORObject obj = CBORObject.NewMap();
obj.Add("kty", "oct");
obj.Add("k", Encoding.UTF8.GetString(Base64.Encode(rgbKey128)));
JWK key = new JWK(obj);
Recipient recipient = new Recipient(key, "dir");
msg.AddRecipient(recipient);
string rgbMsg = msg.Encode();
JoseException e = Assert.ThrowsException <JoseException>(() =>
msg = (EncryptMessage)Message.DecodeFromString(rgbMsg));
Assert.AreEqual(e.Message, ("Message was not tagged and no default tagging option given"));
}
public void EncryptCompressed()
{
string msg = "Ths is some content";
EncryptMessage encryptMessage = new EncryptMessage();
encryptMessage.SetContent(msg);
JWK encryptionKey = JWK.GenerateKey("A128GCM");
// encryptMessage.AddAttribute(HeaderKeys.EncryptionAlgorithm, CBORObject.FromObject(EncryptionAlgorithm), Attributes.PROTECTED);
Recipient recipient = new Recipient(encryptionKey);
encryptMessage.AddRecipient(recipient);
// recipient.ClearUnprotected();
if (recipient.RecipientType == RecipientType.Direct && encryptionKey.ContainsName("alg"))
{
encryptMessage.AddAttribute("enc", encryptionKey.AsString("alg"), Attributes.PROTECTED);
}
else
{
encryptMessage.AddAttribute("enc", "A128GCM", Attributes.PROTECTED);
}
msg = encryptMessage.EncodeCompressed();
}
static Signer GetSigner(CBORObject control)
{
CBORObject alg = GetAttribute(control, "alg");
if (control.ContainsKey("alg"))
{
control.Remove(CBORObject.FromObject("alg"));
}
JWK key = GetKey(control["key"]);
Signer signer;
signer = new Signer(key, alg.AsString());
if (control.ContainsKey("protected"))
{
AddAttributes(signer, control["protected"], 0);
}
if (control.ContainsKey("unprotected"))
{
AddAttributes(signer, control["unprotected"], 1);
}
if (control.ContainsKey("unsent"))
{
AddAttributes(signer, control["unsent"], 2);
}
return(signer);
}
public void ImportFails()
{
JWK jwk = new JWK()
{
Key = JsonWebKeyTest.CreateRSA()
};
JWT.Encode("payload", jwk.Key, JwsAlgorithm.RS256);
var map = JWT.DefaultSettings
.JwkAlgorithmFromKey(jwk.Key)
.Serialize(jwk, true);
map.Remove("p");
map.Remove("q");
map.Remove("dp");
map.Remove("dq");
map.Remove("qi");
string json = JWT.DefaultSettings
.JsonMapper
.Serialize(map);
Console.WriteLine(json);
jwk = JWK.Parse(json);
// cannot import RSA private key with only n, e and d
JWT.Encode("payload", jwk.Key, JwsAlgorithm.RS256);
}
public void A1()
{
const string TOKEN = ""
+ "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
+ "."
+ "QR1Owv2ug2WyPBnbQrRARTeEk9kDO2w8qDcjiHnSJflSdv1iNqhWXaKH4MqAkQtM"
+ "oNfABIPJaZm0HaA415sv3aeuBWnD8J-Ui7Ah6cWafs3ZwwFKDFUUsWHSK-IPKxLG"
+ "TkND09XyjORj_CHAgOPJ-Sd8ONQRnJvWn_hXV1BNMHzUjPyYwEsRhDhzjAD26ima"
+ "sOTsgruobpYGoQcXUwFDn7moXPRfDE8-NoQX7N7ZYMmpUDkR-Cx9obNGwJQ3nM52"
+ "YCitxoQVPzjbl7WBuB7AohdBoZOdZ24WlN1lVIeh8v1K4krB8xgKvRU8kgFrEn_a"
+ "1rZgN5TiysnmzTROF869lQ"
+ "."
+ "AxY8DCtDaGlsbGljb3RoZQ"
+ "."
+ "MKOle7UQrG6nSxTLX6Mqwt0orbHvAKeWnDYvpIAeZ72deHxz3roJDXQyhxx0wKaM"
+ "HDjUEOKIwrtkHthpqEanSBNYHZgmNOV7sln1Eu9g3J8"
+ "."
+ "fiK51VwhsxJ-siBMR-YFiA";
const string PAYLOAD = ""
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
string json = Helpers.ReadResource(typeof(RFC7516_A_JWE_Examples), "RFC7516_A2.json");
Assert.NotNull(json);
var jwk = JWK.Parse(json);
Assert.NotNull(jwk);
var s = JWT.Decode(TOKEN, jwk.Key);
Assert.Equal(Encoding.UTF8.GetString(Base64Url.Decode(PAYLOAD)), s);
}
public void JWKWithRSA512SignatureCanBeSerialized()
{
var keyUse = PublicKeyUse.Signature;
var keyOperations = new HashSet <KeyOperation>(new[] { KeyOperation.ComputeDigitalSignature, KeyOperation.VerifyDigitalSignature });
var algorithm = Algorithm.RS512;
var jwk = new JWK(algorithm, keyUse, keyOperations);
string jwkString = jwk.Export(true);
var parsedJWK = JObject.Parse(jwkString);
parsedJWK.TryGetValue("kty", out var _).Should().BeTrue();
parsedJWK.TryGetValue("alg", out var _).Should().BeTrue();
parsedJWK.TryGetValue("use", out var _).Should().BeTrue();
parsedJWK.TryGetValue("kid", out var _).Should().BeTrue();
parsedJWK.TryGetValue("n", out var _).Should().BeTrue();
parsedJWK.TryGetValue("e", out var _).Should().BeTrue();
parsedJWK.TryGetValue("d", out var _).Should().BeTrue();
parsedJWK.TryGetValue("p", out var _).Should().BeTrue();
parsedJWK.TryGetValue("q", out var _).Should().BeTrue();
parsedJWK.TryGetValue("dq", out var _).Should().BeTrue();
parsedJWK.TryGetValue("dp", out var _).Should().BeTrue();
parsedJWK.TryGetValue("qi", out var _).Should().BeTrue();
parsedJWK.GetValue("kty").ToString().Should().Be("RSA");
parsedJWK.GetValue("alg").ToString().Should().Be(Algorithm.RS512.Name);
parsedJWK.GetValue("use").ToString().Should().Be(PublicKeyUse.Signature.KeyUse);
parsedJWK.GetValue("key_ops").Values <string>().Count().Should().Be(2);
parsedJWK.GetValue("key_ops").Values <string>().Should().BeEquivalentTo(new[] { KeyOperation.ComputeDigitalSignature.Operation, KeyOperation.VerifyDigitalSignature.Operation });
}
public void JWKWithECKeyRoundTrip()
{
KeyType keyType = KeyType.EllipticCurve;
PublicKeyUse keyUse = PublicKeyUse.Signature;
var keyOperations = new HashSet <KeyOperation>(new[] { KeyOperation.ComputeDigitalSignature, KeyOperation.VerifyDigitalSignature });
Algorithm algorithm = Algorithm.ES256;
var keyParameters = new Dictionary <KeyParameter, string>
{
{ ECKeyParameterCRV, "curveName" },
{ ECKeyParameterX, "publicKeyX" },
{ ECKeyParameterY, "publicKeyY" },
{ ECKeyParameterD, "privateKeyD" }
};
JWK jwk = new JWK(keyType, keyParameters, keyUse, keyOperations, algorithm, "test");
string jwkString = jwk.Export(true);
var parsedJWK = JObject.Parse(jwkString);
parsedJWK.GetValue("crv").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterCRV));
parsedJWK.GetValue("x").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterX));
parsedJWK.GetValue("y").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterY));
parsedJWK.GetValue("d").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterD));
parsedJWK.GetValue("kid").ToString().Should().Be("test");
jwk = new JWK(jwkString);
jwk.KeyType.Should().Be(keyType);
jwk.PublicKeyUse.Should().Be(keyUse);
jwk.KeyOperations.Should().BeEquivalentTo(keyOperations);
jwk.Algorithm.Should().Be(algorithm);
jwk.KeyParameters.Should().BeEquivalentTo(keyParameters);
}
public void A1()
{
const string TOKEN = ""
+ "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ"
+ "."
+ "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe"
+ "ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb"
+ "Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV"
+ "mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8"
+ "1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi"
+ "6UklfCpIMfIjf7iGdXKHzg"
+ "."
+ "48V1_ALb6US04U3b"
+ "."
+ "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji"
+ "SdiwkIr3ajwQzaBtQD_A"
+ "."
+ "XFBoMYUZodetZdvTiFvSkQ";
string json = this.GetResource("RFC7516_A1.json");
Assert.NotNull(json);
var jwk = JWK.Parse(json);
Assert.NotNull(jwk);
var s = JWT.Decode(TOKEN, jwk.Key);
Assert.Equal("The true sign of intelligence is not knowledge but imagination.", s);
}
public void A2()
{
const string TOKEN = ""
+ "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
+ "."
+ "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm"
+ "1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc"
+ "HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF"
+ "NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8"
+ "rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv"
+ "-B3oWh2TbqmScqXMR4gp_A"
+ "."
+ "AxY8DCtDaGlsbGljb3RoZQ"
+ "."
+ "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY"
+ "."
+ "9hH0vgRfYgPnAHOd8stkvw";
string json = this.GetResource("RFC7516_A2.json");
Assert.NotNull(json);
var jwk = JWK.Parse(json);
Assert.NotNull(jwk);
var s = JWT.Decode(TOKEN, jwk.Key);
Assert.Equal("Live long and prosper.", s);
}
public void JWKWithAESKeyParametersCanBeCreated()
{
KeyType keyType = KeyType.RSA;
PublicKeyUse keyUse = PublicKeyUse.Signature;
var keyOperations = new HashSet <KeyOperation>(new[] { KeyOperation.ComputeDigitalSignature, KeyOperation.VerifyDigitalSignature });
Algorithm algorithm = Algorithm.ES256;
var keyParameters = new Dictionary <KeyParameter, string>
{
{ RSAKeyParameterN, "modulus" },
{ RSAKeyParameterE, "exponent" },
{ RSAKeyParameterD, "privateExponent" },
{ RSAKeyParameterP, "firstPrimeFactor" },
{ RSAKeyParameterQ, "secondPrimeFactor" },
{ RSAKeyParameterDP, "firstFactorCRTExponent" },
{ RSAKeyParameterDQ, "secondFactorCRTExponent" },
{ RSAKeyParameterQI, "firstCRTCoefficient" }
};
JWK jwk = new JWK(keyType, keyParameters, keyUse, keyOperations, algorithm, "test");
string jwkString = jwk.Export(true);
var parsedJWK = JObject.Parse(jwkString);
parsedJWK.GetValue("n").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterN));
parsedJWK.GetValue("e").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterE));
parsedJWK.GetValue("d").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterD));
parsedJWK.GetValue("p").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterP));
parsedJWK.GetValue("q").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterQ));
parsedJWK.GetValue("dp").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterDP));
parsedJWK.GetValue("dq").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterDQ));
parsedJWK.GetValue("qi").ToString().Should().Be(keyParameters.GetValueOrDefault(RSAKeyParameterQI));
parsedJWK.GetValue("kid").ToString().Should().Be("test");
}
public void JWKCheckECPrivateKeyParametersExport()
{
PublicKeyUse keyUse = PublicKeyUse.Signature;
var keyOperations = new HashSet <KeyOperation>(new[] { KeyOperation.ComputeDigitalSignature, KeyOperation.VerifyDigitalSignature });
Algorithm algorithm = Algorithm.ES256;
JWK jwk = new JWK(algorithm, keyUse, keyOperations);
string jwkString = jwk.Export(false);
var parsedJWK = JObject.Parse(jwkString);
parsedJWK.TryGetValue("kty", out var _).Should().BeTrue();
parsedJWK.TryGetValue("alg", out var _).Should().BeTrue();
parsedJWK.TryGetValue("use", out var _).Should().BeTrue();
parsedJWK.TryGetValue("kid", out var _).Should().BeTrue();
parsedJWK.TryGetValue("crv", out var _).Should().BeTrue();
parsedJWK.TryGetValue("x", out var _).Should().BeTrue();
parsedJWK.TryGetValue("y", out var _).Should().BeTrue();
parsedJWK.TryGetValue("d", out var _).Should().BeFalse();
parsedJWK.GetValue("kty").ToString().Should().Be("EC");
parsedJWK.GetValue("alg").ToString().Should().Be(Algorithm.ES256.Name);
parsedJWK.GetValue("use").ToString().Should().Be(PublicKeyUse.Signature.KeyUse);
parsedJWK.GetValue("key_ops").Values <string>().Count().Should().Be(2);
parsedJWK.GetValue("key_ops").Values <string>().Should().BeEquivalentTo(new[] { KeyOperation.ComputeDigitalSignature.Operation, KeyOperation.VerifyDigitalSignature.Operation });
}
public object SerializeSignedObject()
{
object token = null;
if (Payload == null)
{
throw new ArgumentException("Payload must be set before the token can be created and signed.");
}
JWK jwk = null;
string kid = null;
if (string.IsNullOrEmpty(_kid))
{
//Create the JWK
jwk = new JWK()
{
e = Base64Tool.Encode(_rsaParameters.Exponent),
kty = "RSA",
n = Base64Tool.Encode(_rsaParameters.Modulus)
};
}
else
{
kid = _kid;
}
//Create the Protected Header
PROTECTED @protected = new PROTECTED()
{
alg = "RS256",
jwk = jwk,
kid = kid,
nonce = _nonce,
url = _directory
};
//Encode jwk and payload
string encodedProtected = Base64Tool.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(@protected, Formatting.None)));
string encodedPayload = Base64Tool.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(Payload, Formatting.None)));
//Sign Token
string sigBase = $"{encodedProtected}.{encodedPayload}";
byte[] sigBytes = Encoding.ASCII.GetBytes(sigBase);
byte[] signedBytes = _cryptoProvider.SignData(sigBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
string signature = Base64Tool.Encode(signedBytes);
token = new
{
@protected = encodedProtected,
payload = encodedPayload,
signature = signature
};
return(token);
}
static JWK GetKey(CBORObject control, bool fPublicKey = false)
{
JWK jwk = new JWK(control);
if (fPublicKey && (control["kty"].AsString() != "oct"))
{
return(jwk.PublicKey());
}
return(jwk);
}
public void A2()
{
const string TOKEN = ""
+ "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiY3R5IjoiSldU"
+ "In0"
+ "."
+ "g_hEwksO1Ax8Qn7HoN-BVeBoa8FXe0kpyk_XdcSmxvcM5_P296JXXtoHISr_DD_M"
+ "qewaQSH4dZOQHoUgKLeFly-9RI11TG-_Ge1bZFazBPwKC5lJ6OLANLMd0QSL4fYE"
+ "b9ERe-epKYE3xb2jfY1AltHqBO-PM6j23Guj2yDKnFv6WO72tteVzm_2n17SBFvh"
+ "DuR9a2nHTE67pe0XGBUS_TK7ecA-iVq5COeVdJR4U4VZGGlxRGPLRHvolVLEHx6D"
+ "YyLpw30Ay9R6d68YCLi9FYTq3hIXPK_-dmPlOUlKvPr1GgJzRoeC9G5qCvdcHWsq"
+ "JGTO_z3Wfo5zsqwkxruxwA"
+ "."
+ "UmVkbW9uZCBXQSA5ODA1Mg"
+ "."
+ "VwHERHPvCNcHHpTjkoigx3_ExK0Qc71RMEParpatm0X_qpg-w8kozSjfNIPPXiTB"
+ "BLXR65CIPkFqz4l1Ae9w_uowKiwyi9acgVztAi-pSL8GQSXnaamh9kX1mdh3M_TT"
+ "-FZGQFQsFhu0Z72gJKGdfGE-OE7hS1zuBD5oEUfk0Dmb0VzWEzpxxiSSBbBAzP10"
+ "l56pPfAtrjEYw-7ygeMkwBl6Z_mLS6w6xUgKlvW6ULmkV-uLC4FUiyKECK4e3WZY"
+ "Kw1bpgIqGYsw2v_grHjszJZ-_I5uM-9RA8ycX9KqPRp9gc6pXmoU_-27ATs9XCvr"
+ "ZXUtK2902AUzqpeEUJYjWWxSNsS-r1TJ1I-FMJ4XyAiGrfmo9hQPcNBYxPz3GQb2"
+ "8Y5CLSQfNgKSGt0A4isp1hBUXBHAndgtcslt7ZoQJaKe_nNJgNliWtWpJ_ebuOpE"
+ "l8jdhehdccnRMIwAmU1n7SPkmhIl1HlSOpvcvDfhUN5wuqU955vOBvfkBOh5A11U"
+ "zBuo2WlgZ6hYi9-e3w29bR0C2-pp3jbqxEDw3iWaf2dc5b-LnR0FEYXvI_tYk5rd"
+ "_J9N0mg0tQ6RbpxNEMNoA9QWk5lgdPvbh9BaO195abQ"
+ "."
+ "AVO9iT5AV4CzvDJCdhSFlQ";
const string PAYLOAD = ""
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
// decrypt with key from JWE A2
string json1 = Helpers.ReadResource(typeof(RFC7516_A_JWE_Examples), "RFC7516_A2.json");
Assert.NotNull(json1);
var jwk1 = JWK.Parse(json1);
Assert.NotNull(jwk1);
var s1 = JWT.Decode(TOKEN, jwk1.Key);
// verify signature with key from JWS A2
string json2 = Helpers.ReadResource(typeof(RFC7515_A_JWS_Examples), "RFC7515_A2.json");
Assert.NotNull(json2);
var jwk2 = JWK.Parse(json2);
Assert.NotNull(jwk2);
var s2 = JWT.Decode(s1, jwk2.Key);
Assert.Equal(Encoding.UTF8.GetString(Base64Url.Decode(PAYLOAD)), s2);
}
public void JWKCanBeDeserializedMinimalElements()
{
var jwk = new JWK("{\"kty\":\"RSA\",\"n\":\"4W_ciNjvogFBPf9BYd9jySsrsN6gdosZMAWDi79bZIpYXPHSynbNQUcDe2tSwGKgG9d1ak-jLtZ37SOcC0s1C6W5jAGBHuA-2Oscpa1DZPXrShrDW0wbO2wbBW17pY9rLlnFel-26eE48U0utDdDFCxBBOsWj382sDJzfqLj6DTKBn9r1wDvbRLbWecvZF5uTG392KoO5sNvwwnAhRzo1HX7hPTr5zDOBkfKQolIo99g5Gq9k-_yqDWmRC0mxO6SOfFdrxSMTgCUTyZA_jQXvn7OrSO28yvKdpnrHihGExHubA-m30a21LBQlomovYZiXJ7mlvUnzFxxa7XOsbA1sFU\",\"e\":\"AQAB\",\"d\":\"BAOo6qrqQXlCPydfc621qixhn8mnE9VQQoGmoQNsTjMEdcs8lKxe5U2tazIzDAf1j-lbRuRaJIhfJFLhAXZ6YFW4Ix0XvoQBun0dSnn2XELgyLYHSoXlaj53kLYtYHpYTz_7-zzfFfUTvYBBV6YwRJixI7RH95AtWh_b3KJr6oOdmGzul7XcHJ0rcPAKfRXhUrDpjS-iZ3TOAEImQHBwHCjsiQPSDlz3jlUlG-LnE9l3PH49rKFjwc6RIfhKt0jBuwnxE3cX87ux-cFBdo_lIyv2yH-watb9SO1WqxQA2rXBXrWWKitLMhaQLFdHIZEf1lHN7VA_UD9ty9p8CZC21NU\",\"p\":\"D0X1M5HmLBNMSvxA_uF-KQ2YnhDmt4ldHiKLjjpJnvJLwXf-TDbApIfHnkRnHxd9adLO4IaAlqL3_oVlS1ZuEijy6auzfwbrcgfsuEYR_k7fG4T8K9TDS2FWe24xFkJgVdRpuMiAt0wZZEexCv2oIFDM0idXrUl7Ikq6RL3kOwob\",\"q\":\"DsKeLZl2Du2RBszDDWKMYhORGR93-CPhSGZT91-Dic6iSWtumfIGAbkjEFiCeMs4tJwktgiYS76IsQ9qCZdrcBj2h-LgMUqrdqKmSq2-krsQPpJxfPadHewa8T2_e48wXzxmx8Dmmoqd4q1LPbOHFMJpY2HBwXopeIbtFa1vUdZP\",\"dp\":\"DDNG5nXyVlzoAbI1PSTlQWfx9LntgskAkDTqI6fd7VEBQL9YbIsEIamwxHVBpq196g2SYfovN6Vg0ni-bIrTDECXoh8dGChv5Tv9VUnrz6gzQmldgqnHgyxzB9AC-BP3njg6Z3gKkeEBG4DFJNFw_rdslacFu4_KA5-L4aOKb7rn\",\"dq\":\"Dmzw0Rohwvc1_VJT85n0H8qFzerugkr2255-w87KrP2RqHXh830Rl8-MUGZgpZPgSMwuKOZ_ic-eooWxGcyuSTFsiGQYvrP-ngTaxzPFhHxkpPLVDc-swNjHgCzcHvNT0FAlF2cVOcbuBeNeHOB_za8v9txM1D4Dl_MudTg7Ct2L\",\"qi\":\"Aw3In2d6QWQ95rRJwAVAXuWJKubLqSxXTPVu7ueyn1PGMyzK7-6nFNfa1WBpCE4LQ-Ep3eZ2GhSZzN888iixnkNNuaXToUzk0dBEyNM7WDg8tGuyvd5yaJd6wj8q6prYUJGxk7V0mDMhSsA6uttRYe9rbemye6eUNwQIvfmjkbQl\"}");
jwk.KeyType.Should().Be(KeyType.RSA);
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterN).Should().Be("4W_ciNjvogFBPf9BYd9jySsrsN6gdosZMAWDi79bZIpYXPHSynbNQUcDe2tSwGKgG9d1ak-jLtZ37SOcC0s1C6W5jAGBHuA-2Oscpa1DZPXrShrDW0wbO2wbBW17pY9rLlnFel-26eE48U0utDdDFCxBBOsWj382sDJzfqLj6DTKBn9r1wDvbRLbWecvZF5uTG392KoO5sNvwwnAhRzo1HX7hPTr5zDOBkfKQolIo99g5Gq9k-_yqDWmRC0mxO6SOfFdrxSMTgCUTyZA_jQXvn7OrSO28yvKdpnrHihGExHubA-m30a21LBQlomovYZiXJ7mlvUnzFxxa7XOsbA1sFU");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterE).Should().Be("AQAB");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterD).Should().Be("BAOo6qrqQXlCPydfc621qixhn8mnE9VQQoGmoQNsTjMEdcs8lKxe5U2tazIzDAf1j-lbRuRaJIhfJFLhAXZ6YFW4Ix0XvoQBun0dSnn2XELgyLYHSoXlaj53kLYtYHpYTz_7-zzfFfUTvYBBV6YwRJixI7RH95AtWh_b3KJr6oOdmGzul7XcHJ0rcPAKfRXhUrDpjS-iZ3TOAEImQHBwHCjsiQPSDlz3jlUlG-LnE9l3PH49rKFjwc6RIfhKt0jBuwnxE3cX87ux-cFBdo_lIyv2yH-watb9SO1WqxQA2rXBXrWWKitLMhaQLFdHIZEf1lHN7VA_UD9ty9p8CZC21NU");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterP).Should().Be("D0X1M5HmLBNMSvxA_uF-KQ2YnhDmt4ldHiKLjjpJnvJLwXf-TDbApIfHnkRnHxd9adLO4IaAlqL3_oVlS1ZuEijy6auzfwbrcgfsuEYR_k7fG4T8K9TDS2FWe24xFkJgVdRpuMiAt0wZZEexCv2oIFDM0idXrUl7Ikq6RL3kOwob");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterQ).Should().Be("DsKeLZl2Du2RBszDDWKMYhORGR93-CPhSGZT91-Dic6iSWtumfIGAbkjEFiCeMs4tJwktgiYS76IsQ9qCZdrcBj2h-LgMUqrdqKmSq2-krsQPpJxfPadHewa8T2_e48wXzxmx8Dmmoqd4q1LPbOHFMJpY2HBwXopeIbtFa1vUdZP");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterDP).Should().Be("DDNG5nXyVlzoAbI1PSTlQWfx9LntgskAkDTqI6fd7VEBQL9YbIsEIamwxHVBpq196g2SYfovN6Vg0ni-bIrTDECXoh8dGChv5Tv9VUnrz6gzQmldgqnHgyxzB9AC-BP3njg6Z3gKkeEBG4DFJNFw_rdslacFu4_KA5-L4aOKb7rn");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterDQ).Should().Be("Dmzw0Rohwvc1_VJT85n0H8qFzerugkr2255-w87KrP2RqHXh830Rl8-MUGZgpZPgSMwuKOZ_ic-eooWxGcyuSTFsiGQYvrP-ngTaxzPFhHxkpPLVDc-swNjHgCzcHvNT0FAlF2cVOcbuBeNeHOB_za8v9txM1D4Dl_MudTg7Ct2L");
jwk.KeyParameters.GetValueOrDefault(RSAKeyParameterQI).Should().Be("Aw3In2d6QWQ95rRJwAVAXuWJKubLqSxXTPVu7ueyn1PGMyzK7-6nFNfa1WBpCE4LQ-Ep3eZ2GhSZzN888iixnkNNuaXToUzk0dBEyNM7WDg8tGuyvd5yaJd6wj8q6prYUJGxk7V0mDMhSsA6uttRYe9rbemye6eUNwQIvfmjkbQl");
}
public void DuplicateKeyOperationsAreNotSerialized()
{
var keyOps = new List <KeyOperation>()
{
KeyOperation.ComputeDigitalSignature, KeyOperation.ComputeDigitalSignature
}; // Add duplicate key_op
var jwk = new JWK(Algorithm.RS256, PublicKeyUse.Signature, keyOps);
var jwkString = jwk.Export(true);
var parsedJWK = JObject.Parse(jwkString);
parsedJWK.TryGetValue("key_ops", out var token);
token.ToString().Should().Be($"[\n \"{KeyOperation.ComputeDigitalSignature.Operation}\"\n]");
}
static Recipient SetReceivingAttributes(Recipient recip, CBORObject control)
{
JWK key = null;
if (control.ContainsKey("unsent"))
{
AddAttributes(recip, control["unsent"], 2);
}
if (control["key"] != null)
{
key = GetKey(control["key"]);
}
recip.SetKey(key);
return(recip);
}
public void A3()
{
const string TOKEN = ""
+ "eyJhbGciOiJFUzI1NiJ9"
+ "."
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+ "."
+ "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSA"
+ "pmWQxfKTUJqPP3-Kg6NU1Q";
const string PAYLOAD = ""
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
string json = this.GetResource("RFC7515_A3.json");
JWK jwk = JWK.Parse(json);
string s = JWT.Decode(TOKEN, jwk.Key);
Assert.AreEqual(Encoding.UTF8.GetString(Base64Url.Decode(PAYLOAD)), s);
}
public void KeyParametersCanBeSerializedExportPrivate()
{
var keyParameters = new Dictionary <KeyParameter, string>
{
{ ECKeyParameterCRV, "curveName" },
{ ECKeyParameterX, "publicKeyX" },
{ ECKeyParameterY, "publicKeyY" },
{ ECKeyParameterD, "privateKeyD" }
};
var jwk = new JWK(KeyType.EllipticCurve, keyParameters);
var json = jwk.Export(true);
json.Should().Contain("\"d\":\"privateKeyD\"", "privateKeyD is private and should be exported if requested");
json.Should().Contain("\"y\":\"publicKeyY\"", "publicKeyY should be included by default");
json.Should().Contain("\"x\":\"publicKeyX\"", "publicKeyX should be included by default");
json.Should().Contain("\"crv\":\"curveName\"", "curveName should be included by default");
json.EndsWith(',').Should().BeFalse("Tailing ',' should be trimmed");
}
static void CheckMessage(Message msg, JWK key, CBORObject input)
{
if (msg.GetType() == typeof(EncryptMessage))
{
EncryptMessage enc = (EncryptMessage)msg;
Recipient recipient = enc.RecipientList[0];
recipient.SetKey(key);
try {
enc.Decrypt(recipient);
}
catch (Exception e) { Console.WriteLine("Failed to decrypt " + e.ToString()); return; }
if (enc.GetContentAsString() != input["plaintext"].AsString())
{
Console.WriteLine("Plain text does not match");
}
}
else if (msg.GetType() == typeof(SignMessage))
{
SignMessage sig = (SignMessage)msg;
try {
try {
sig.GetContentAsString();
}
catch (System.Exception) {
sig.SetContent(input["payload"].AsString());
}
sig.Validate(key);
if (sig.GetContentAsString() != input["payload"].AsString())
{
Console.WriteLine("Plain text does not match");
}
}
catch (Exception e) { Console.WriteLine("Failed to verify " + e.ToString()); return; }
}
}
public void A3()
{
const string TOKEN = ""
+ "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
+ "."
+ "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"
+ "."
+ "AxY8DCtDaGlsbGljb3RoZQ"
+ "."
+ "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY"
+ "."
+ "U0m_YmjN04DJvceFICbCVQ";
string json = this.GetResource("RFC7516_A3.json");
Assert.NotNull(json);
var jwk = JWK.Parse(json);
Assert.NotNull(jwk);
var s = JWT.Decode(TOKEN, jwk.Key);
Assert.Equal("Live long and prosper.", s);
}
public void JWKWithMinimalRequiredElementsCanBeCreated()
{
KeyType keyType = KeyType.EllipticCurve;
var keyParameters = new Dictionary <KeyParameter, string>
{
{ ECKeyParameterCRV, "curveName" },
{ ECKeyParameterX, "publicKeyX" },
{ ECKeyParameterY, "publicKeyY" },
{ ECKeyParameterD, "privateKeyD" }
};
JWK jwk = new JWK(keyType, keyParameters);
string jwkString = jwk.Export(true);
var parsedJWK = JObject.Parse(jwkString);
parsedJWK.GetValue("kty").ToString().Should().Be(KeyType.EllipticCurve.Type);
parsedJWK.GetValue("crv").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterCRV));
parsedJWK.GetValue("x").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterX));
parsedJWK.GetValue("y").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterY));
parsedJWK.GetValue("d").ToString().Should().Be(keyParameters.GetValueOrDefault(ECKeyParameterD));
}
public void A1()
{
const string TOKEN = ""
+ "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"
+ "."
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+ "."
+ "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
const string PAYLOAD = ""
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
string json = this.GetResource("RFC7515_A1.json");
Assert.IsNotNull(json);
JWK jwk = JWK.Parse(json);
Assert.IsNotNull(jwk);
string s = JWT.Decode(TOKEN, jwk.Key);
Assert.AreEqual(Encoding.UTF8.GetString(Base64Url.Decode(PAYLOAD)), s);
}
public void A2()
{
const string TOKEN = ""
+ "eyJhbGciOiJSUzI1NiJ9"
+ "."
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+ "."
+ "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7"
+ "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4"
+ "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K"
+ "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv"
+ "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB"
+ "p0igcN_IoypGlUPQGe77Rw";
const string PAYLOAD = ""
+ "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt"
+ "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ";
string json = this.GetResource("RFC7515_A2.json");
JWK jwk = JWK.Parse(json);
string s = JWT.Decode(TOKEN, jwk.Key);
Assert.AreEqual(Encoding.UTF8.GetString(Base64Url.Decode(PAYLOAD)), s);
}
static bool ValidateSigned(CBORObject cnControl)
{
CBORObject cnInput = cnControl["input"];
CBORObject cnMessage;
CBORObject cnSigners;
bool fFailBody = false;
fFailBody = HasFailMarker(cnControl);
try
{
cnMessage = cnInput["sign"];
cnSigners = cnMessage["signers"];
foreach (string format in Formats)
{
if (!cnControl["output"].ContainsKey(format))
{
continue;
}
string rgb;
if (format == "compact")
{
rgb = cnControl["output"][format].AsString();
}
else
{
rgb = cnControl["output"][format].ToJSONString();
}
int i = 0;
foreach (CBORObject cnSigner in cnSigners.Values)
{
SignMessage signMsg = null;
try {
Message msg = Message.DecodeFromString(rgb);
signMsg = (SignMessage)msg;
}
catch (Exception e) {
if (fFailBody)
{
return(true);
}
throw e;
}
// SetReceivingAttributes(signMsg, cnMessage);
JWK cnKey = GetKey(cnSigner["key"]);
Signer hSigner = signMsg.SignerList[i];
SetReceivingAttributes(hSigner, cnSigner);
hSigner.SetKey(cnKey);
bool fFailSigner = HasFailMarker(cnSigner);
try {
bool f = signMsg.Validate(hSigner);
if (!f && !(fFailBody || fFailSigner))
{
return(false);
}
}
catch (Exception) {
if (!fFailBody && !fFailSigner)
{
return(false);
}
}
i++;
}
}
}
catch (Exception)
{
return(false);
}
return(true);
}
internal ImageSignature(JWK header, string signature, string @protected)
{
Header = header;
Signature = signature;
Protected = @protected;
}
