private JwsProtectedHeader ConstructProtectedHeader(JwsAlg alg) { return(new JwsProtectedHeader { Alg = Enum.GetName(typeof(JwsAlg), alg), Type = JwsType }); }
public async Task <string> SignAsync(JwsPayload jwsPayload, JwsAlg alg) { var jsonWebKey = await GetJsonWebKey( alg.ToAllAlg(), KeyOperations.Sign, Use.Sig); return(_jwsGenerator.Generate(jwsPayload, alg, jsonWebKey)); }
public string Generate( JwsPayload jwsPayload, JwsAlg jwsAlg, JsonWebKey jsonWebKey) { if (jwsPayload == null) { throw new ArgumentNullException("jwsPayload"); } if (jsonWebKey == null && jwsAlg != JwsAlg.none) { jwsAlg = JwsAlg.none; } var protectedHeader = ConstructProtectedHeader(jwsAlg); if (jwsAlg != JwsAlg.none) { protectedHeader.Kid = jsonWebKey.Kid; } var serializedProtectedHeader = protectedHeader.SerializeWithDataContract(); var base64EncodedSerializedProtectedHeader = serializedProtectedHeader.Base64Encode(); var serializedPayload = jwsPayload.SerializeWithJavascript(); var base64EncodedSerializedPayload = serializedPayload.Base64Encode(); var combinedProtectedHeaderAndPayLoad = string.Format( "{0}.{1}", base64EncodedSerializedProtectedHeader, base64EncodedSerializedPayload); var signedJws = string.Empty; if (jwsAlg != JwsAlg.none) { switch (jsonWebKey.Kty) { case KeyType.RSA: signedJws = _createJwsSignature.SignWithRsa(jwsAlg, jsonWebKey.SerializedKey, combinedProtectedHeaderAndPayLoad); break; #if NET46 || NET45 case KeyType.EC: signedJws = _createJwsSignature.SignWithEllipseCurve(jsonWebKey.SerializedKey, combinedProtectedHeaderAndPayLoad); break; #endif } } return(string.Format("{0}.{1}", combinedProtectedHeaderAndPayLoad, signedJws)); }
public void When_Sign_Payload_With_Rsa_Alogirthm_Then_Jws_Token_Is_Returned() { // ARRANGE InitializeFakeObjects(); const KeyType keyType = KeyType.RSA; const string kid = "kid"; const JwsAlg jwsAlg = JwsAlg.RS384; const string serializedKey = "serializedKey"; const string signature = "signature"; var jsonWebKey = new JsonWebKey { Kty = keyType, Kid = kid, SerializedKey = serializedKey }; var jwsPayload = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Kid = kid, Alg = Enum.GetName(typeof(JwsAlg), jwsAlg), Type = "JWT" }; _createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>())) .Returns(signature); var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract(); var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode(); var serializedJwsPayload = jwsPayload.SerializeWithJavascript(); var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode(); var combined = string.Format("{0}.{1}", base64SerializedJwsProtectedHeader, base64SerializedJwsPayload); var expectedResult = string.Format("{0}.{1}", combined, signature); // ACT var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, jsonWebKey); // ASSERT _createJwsSignatureFake.Verify(c => c.SignWithRsa(jwsAlg, serializedKey, combined)); Assert.True(expectedResult == result); }
public void When_Passing_No_JsonWebKey_And_Algorithm_Value_Other_Than_None_Then_Returns_Unsigned_Result() { // ARRANGE InitializeFakeObjects(); const JwsAlg jwsAlg = JwsAlg.none; const KeyType keyType = KeyType.RSA; const string kid = "kid"; const string serializedKey = "serializedKey"; const string signature = "signature"; var jsonWebKey = new JsonWebKey { Kty = keyType, Kid = kid, SerializedKey = serializedKey }; var jwsPayload = new JwsPayload(); var jwsProtectedHeader = new JwsProtectedHeader { Alg = Enum.GetName(typeof(JwsAlg), jwsAlg), Type = "JWT" }; _createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>())) .Returns(signature); var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract(); var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode(); var serializedJwsPayload = jwsPayload.SerializeWithJavascript(); var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode(); var combined = string.Format("{0}.{1}", base64SerializedJwsProtectedHeader, base64SerializedJwsPayload); var expectedResult = string.Format("{0}.{1}", combined, string.Empty); // ACT var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, null); // ASSERT _createJwsSignatureFake.Verify(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>()), Times.Never); Assert.True(expectedResult == result); }
public string SignWithRsa( JwsAlg algorithm, string serializedKeys, string combinedJwsNotSigned) { if (!_supportedAlgs.Contains(algorithm)) { return(null); } if (string.IsNullOrWhiteSpace(serializedKeys)) { throw new ArgumentNullException("serializedKeys"); } if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { using (var rsa = new RSACryptoServiceProvider()) { var hashMethod = _mappingWinJwsAlgorithmToRsaHashingAlgorithms[algorithm]; var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned); rsa.FromXmlStringNetCore(serializedKeys); var byteToBeConverted = rsa.SignData(bytesToBeSigned, hashMethod); return(byteToBeConverted.Base64EncodeBytes()); } } else { using (var rsa = new RSAOpenSsl()) { var hashMethod = _mappingLinuxJwsAlgorithmToRsaHashingAlgorithms[algorithm]; var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned); rsa.FromXmlStringNetCore(serializedKeys); var byteToBeConverted = rsa.SignData(bytesToBeSigned, 0, bytesToBeSigned.Length, hashMethod, RSASignaturePadding.Pkcs1); return(byteToBeConverted.Base64EncodeBytes()); } } }
public string SignWithRsa( JwsAlg algorithm, string serializedKeys, string combinedJwsNotSigned) { if (!_mappingJwsAlgorithmToRsaHashingAlgorithms.ContainsKey(algorithm)) { return(null); } if (string.IsNullOrWhiteSpace(serializedKeys)) { throw new ArgumentNullException("serializedKeys"); } var hashMethod = _mappingJwsAlgorithmToRsaHashingAlgorithms[algorithm]; #if UAP // TODO : Implement return(null); #elif NET46 || NET45 using (var rsa = new RSACryptoServiceProvider()) { var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned); rsa.FromXmlString(serializedKeys); var byteToBeConverted = rsa.SignData(bytesToBeSigned, hashMethod); return(byteToBeConverted.Base64EncodeBytes()); } #elif NETSTANDARD using (var rsa = new RSAOpenSsl()) { var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned); rsa.FromXmlString(serializedKeys); var byteToBeConverted = rsa.SignData(bytesToBeSigned, 0, bytesToBeSigned.Length, hashMethod, RSASignaturePadding.Pkcs1); return(byteToBeConverted.Base64EncodeBytes()); } #endif }
public bool VerifyWithRsa( JwsAlg algorithm, string serializedKeys, string input, byte[] signature) { if (!_supportedAlgs.Contains(algorithm)) { return(false); } if (string.IsNullOrWhiteSpace(serializedKeys)) { throw new ArgumentNullException("serializedKeys"); } var plainBytes = ASCIIEncoding.ASCII.GetBytes(input); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { using (var rsa = new RSACryptoServiceProvider()) { var hashMethod = _mappingWinJwsAlgorithmToRsaHashingAlgorithms[algorithm]; rsa.FromXmlStringNetCore(serializedKeys); return(rsa.VerifyData(plainBytes, hashMethod, signature)); } } else { using (var rsa = new RSAOpenSsl()) { var hashMethod = _mappingLinuxJwsAlgorithmToRsaHashingAlgorithms[algorithm]; rsa.FromXmlStringNetCore(serializedKeys); return(rsa.VerifyData(plainBytes, signature, hashMethod, RSASignaturePadding.Pkcs1)); } } }
public bool VerifyWithRsa( JwsAlg algorithm, string serializedKeys, string input, byte[] signature) { if (!_mappingJwsAlgorithmToRsaHashingAlgorithms.ContainsKey(algorithm)) { return(false); } if (string.IsNullOrWhiteSpace(serializedKeys)) { throw new ArgumentNullException("serializedKeys"); } var plainBytes = ASCIIEncoding.ASCII.GetBytes(input); var hashMethod = _mappingJwsAlgorithmToRsaHashingAlgorithms[algorithm]; #if UAP // TODO : Implement return(false); #elif NET46 || NET45 using (var rsa = new RSACryptoServiceProvider()) { rsa.FromXmlString(serializedKeys); return(rsa.VerifyData(plainBytes, hashMethod, signature)); } #elif NETSTANDARD using (var rsa = new RSAOpenSsl()) { rsa.FromXmlString(serializedKeys); return(rsa.VerifyData(plainBytes, signature, hashMethod, RSASignaturePadding.Pkcs1)); } #endif }
public static AllAlg ToAllAlg(this JwsAlg alg) { var name = Enum.GetName(typeof(JwsAlg), alg); return((AllAlg)Enum.Parse(typeof(AllAlg), name)); }