private JwsProtectedHeader ConstructProtectedHeader(JwsAlg alg)
{
return(new JwsProtectedHeader
{
Alg = Enum.GetName(typeof(JwsAlg), alg),
Type = JwsType
});
}
public async Task <string> SignAsync(JwsPayload jwsPayload, JwsAlg alg)
{
var jsonWebKey = await GetJsonWebKey(
alg.ToAllAlg(),
KeyOperations.Sign,
Use.Sig);
return(_jwsGenerator.Generate(jwsPayload, alg, jsonWebKey));
}
public string Generate(
JwsPayload jwsPayload,
JwsAlg jwsAlg,
JsonWebKey jsonWebKey)
{
if (jwsPayload == null)
{
throw new ArgumentNullException("jwsPayload");
}
if (jsonWebKey == null &&
jwsAlg != JwsAlg.none)
{
jwsAlg = JwsAlg.none;
}
var protectedHeader = ConstructProtectedHeader(jwsAlg);
if (jwsAlg != JwsAlg.none)
{
protectedHeader.Kid = jsonWebKey.Kid;
}
var serializedProtectedHeader = protectedHeader.SerializeWithDataContract();
var base64EncodedSerializedProtectedHeader = serializedProtectedHeader.Base64Encode();
var serializedPayload = jwsPayload.SerializeWithJavascript();
var base64EncodedSerializedPayload = serializedPayload.Base64Encode();
var combinedProtectedHeaderAndPayLoad = string.Format(
"{0}.{1}",
base64EncodedSerializedProtectedHeader,
base64EncodedSerializedPayload);
var signedJws = string.Empty;
if (jwsAlg != JwsAlg.none)
{
switch (jsonWebKey.Kty)
{
case KeyType.RSA:
signedJws = _createJwsSignature.SignWithRsa(jwsAlg, jsonWebKey.SerializedKey, combinedProtectedHeaderAndPayLoad);
break;
#if NET46 || NET45
case KeyType.EC:
signedJws = _createJwsSignature.SignWithEllipseCurve(jsonWebKey.SerializedKey, combinedProtectedHeaderAndPayLoad);
break;
#endif
}
}
return(string.Format("{0}.{1}", combinedProtectedHeaderAndPayLoad, signedJws));
}
public void When_Sign_Payload_With_Rsa_Alogirthm_Then_Jws_Token_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const KeyType keyType = KeyType.RSA;
const string kid = "kid";
const JwsAlg jwsAlg = JwsAlg.RS384;
const string serializedKey = "serializedKey";
const string signature = "signature";
var jsonWebKey = new JsonWebKey
{
Kty = keyType,
Kid = kid,
SerializedKey = serializedKey
};
var jwsPayload = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Kid = kid,
Alg = Enum.GetName(typeof(JwsAlg), jwsAlg),
Type = "JWT"
};
_createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(),
It.IsAny <string>(),
It.IsAny <string>()))
.Returns(signature);
var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract();
var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode();
var serializedJwsPayload = jwsPayload.SerializeWithJavascript();
var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode();
var combined = string.Format("{0}.{1}",
base64SerializedJwsProtectedHeader,
base64SerializedJwsPayload);
var expectedResult = string.Format("{0}.{1}",
combined,
signature);
// ACT
var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, jsonWebKey);
// ASSERT
_createJwsSignatureFake.Verify(c => c.SignWithRsa(jwsAlg, serializedKey, combined));
Assert.True(expectedResult == result);
}
public void When_Passing_No_JsonWebKey_And_Algorithm_Value_Other_Than_None_Then_Returns_Unsigned_Result()
{
// ARRANGE
InitializeFakeObjects();
const JwsAlg jwsAlg = JwsAlg.none;
const KeyType keyType = KeyType.RSA;
const string kid = "kid";
const string serializedKey = "serializedKey";
const string signature = "signature";
var jsonWebKey = new JsonWebKey
{
Kty = keyType,
Kid = kid,
SerializedKey = serializedKey
};
var jwsPayload = new JwsPayload();
var jwsProtectedHeader = new JwsProtectedHeader
{
Alg = Enum.GetName(typeof(JwsAlg), jwsAlg),
Type = "JWT"
};
_createJwsSignatureFake.Setup(c => c.SignWithRsa(It.IsAny <JwsAlg>(),
It.IsAny <string>(),
It.IsAny <string>()))
.Returns(signature);
var serializedJwsProtectedHeader = jwsProtectedHeader.SerializeWithDataContract();
var base64SerializedJwsProtectedHeader = serializedJwsProtectedHeader.Base64Encode();
var serializedJwsPayload = jwsPayload.SerializeWithJavascript();
var base64SerializedJwsPayload = serializedJwsPayload.Base64Encode();
var combined = string.Format("{0}.{1}",
base64SerializedJwsProtectedHeader,
base64SerializedJwsPayload);
var expectedResult = string.Format("{0}.{1}",
combined,
string.Empty);
// ACT
var result = _jwsGenerator.Generate(jwsPayload, jwsAlg, null);
// ASSERT
_createJwsSignatureFake.Verify(c => c.SignWithRsa(It.IsAny <JwsAlg>(), It.IsAny <string>(), It.IsAny <string>()), Times.Never);
Assert.True(expectedResult == result);
}
public string SignWithRsa(
JwsAlg algorithm,
string serializedKeys,
string combinedJwsNotSigned)
{
if (!_supportedAlgs.Contains(algorithm))
{
return(null);
}
if (string.IsNullOrWhiteSpace(serializedKeys))
{
throw new ArgumentNullException("serializedKeys");
}
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var rsa = new RSACryptoServiceProvider())
{
var hashMethod = _mappingWinJwsAlgorithmToRsaHashingAlgorithms[algorithm];
var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned);
rsa.FromXmlStringNetCore(serializedKeys);
var byteToBeConverted = rsa.SignData(bytesToBeSigned, hashMethod);
return(byteToBeConverted.Base64EncodeBytes());
}
}
else
{
using (var rsa = new RSAOpenSsl())
{
var hashMethod = _mappingLinuxJwsAlgorithmToRsaHashingAlgorithms[algorithm];
var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned);
rsa.FromXmlStringNetCore(serializedKeys);
var byteToBeConverted = rsa.SignData(bytesToBeSigned, 0, bytesToBeSigned.Length, hashMethod, RSASignaturePadding.Pkcs1);
return(byteToBeConverted.Base64EncodeBytes());
}
}
}
public string SignWithRsa(
JwsAlg algorithm,
string serializedKeys,
string combinedJwsNotSigned)
{
if (!_mappingJwsAlgorithmToRsaHashingAlgorithms.ContainsKey(algorithm))
{
return(null);
}
if (string.IsNullOrWhiteSpace(serializedKeys))
{
throw new ArgumentNullException("serializedKeys");
}
var hashMethod = _mappingJwsAlgorithmToRsaHashingAlgorithms[algorithm];
#if UAP
// TODO : Implement
return(null);
#elif NET46 || NET45
using (var rsa = new RSACryptoServiceProvider())
{
var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned);
rsa.FromXmlString(serializedKeys);
var byteToBeConverted = rsa.SignData(bytesToBeSigned, hashMethod);
return(byteToBeConverted.Base64EncodeBytes());
}
#elif NETSTANDARD
using (var rsa = new RSAOpenSsl())
{
var bytesToBeSigned = ASCIIEncoding.ASCII.GetBytes(combinedJwsNotSigned);
rsa.FromXmlString(serializedKeys);
var byteToBeConverted = rsa.SignData(bytesToBeSigned, 0, bytesToBeSigned.Length, hashMethod, RSASignaturePadding.Pkcs1);
return(byteToBeConverted.Base64EncodeBytes());
}
#endif
}
public bool VerifyWithRsa(
JwsAlg algorithm,
string serializedKeys,
string input,
byte[] signature)
{
if (!_supportedAlgs.Contains(algorithm))
{
return(false);
}
if (string.IsNullOrWhiteSpace(serializedKeys))
{
throw new ArgumentNullException("serializedKeys");
}
var plainBytes = ASCIIEncoding.ASCII.GetBytes(input);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (var rsa = new RSACryptoServiceProvider())
{
var hashMethod = _mappingWinJwsAlgorithmToRsaHashingAlgorithms[algorithm];
rsa.FromXmlStringNetCore(serializedKeys);
return(rsa.VerifyData(plainBytes, hashMethod, signature));
}
}
else
{
using (var rsa = new RSAOpenSsl())
{
var hashMethod = _mappingLinuxJwsAlgorithmToRsaHashingAlgorithms[algorithm];
rsa.FromXmlStringNetCore(serializedKeys);
return(rsa.VerifyData(plainBytes, signature, hashMethod, RSASignaturePadding.Pkcs1));
}
}
}
public bool VerifyWithRsa(
JwsAlg algorithm,
string serializedKeys,
string input,
byte[] signature)
{
if (!_mappingJwsAlgorithmToRsaHashingAlgorithms.ContainsKey(algorithm))
{
return(false);
}
if (string.IsNullOrWhiteSpace(serializedKeys))
{
throw new ArgumentNullException("serializedKeys");
}
var plainBytes = ASCIIEncoding.ASCII.GetBytes(input);
var hashMethod = _mappingJwsAlgorithmToRsaHashingAlgorithms[algorithm];
#if UAP
// TODO : Implement
return(false);
#elif NET46 || NET45
using (var rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(serializedKeys);
return(rsa.VerifyData(plainBytes, hashMethod, signature));
}
#elif NETSTANDARD
using (var rsa = new RSAOpenSsl())
{
rsa.FromXmlString(serializedKeys);
return(rsa.VerifyData(plainBytes, signature, hashMethod, RSASignaturePadding.Pkcs1));
}
#endif
}
public static AllAlg ToAllAlg(this JwsAlg alg)
{
var name = Enum.GetName(typeof(JwsAlg), alg);
return((AllAlg)Enum.Parse(typeof(AllAlg), name));
}
