public void ShouldGenerate(string algorithm, KeyType keyType)
{
_keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = JwsAlgorithm.Create(algorithm, keyType)
});
}
public void ShouldKeepPublicKeyAfterUpdateAExpiredJwk(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
_jsonWebKeyStore.Revoke(privateKey);
var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).First(w => w.Kid == privateKey.KeyId);
jsonWebKey.Kty.Should().NotBeNullOrEmpty();
jsonWebKey.HasPrivateKey.Should().BeFalse();
switch (jsonWebKey.Kty)
{
case JsonWebAlgorithmsKeyTypes.EllipticCurve:
jsonWebKey.X.Should().NotBeNullOrEmpty();
jsonWebKey.Y.Should().NotBeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.RSA:
jsonWebKey.N.Should().NotBeNullOrEmpty();
jsonWebKey.E.Should().NotBeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.Octet:
jsonWebKey.K.Should().NotBeNullOrEmpty();
break;
}
}
public void ShouldSaveCryptoAndRecover(string algorithm, KeyType keyType)
{
var options = new JwksOptions()
{
Jws = JwsAlgorithm.Create(algorithm, keyType)
};
var newKey = _keyService.GetCurrentSigningCredentials(options);
_keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).Count.Should().BePositive();
var currentKey = _keyService.GetCurrentSigningCredentials(options);
newKey.Kid.Should().Be(currentKey.Kid);
}
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
privateKey.Revoke();
_jsonWebKeyStore.Revoke(privateKey);
}
public void ShouldSaveDeterministicJwkRecoverAndSigning(string algorithm, KeyType keyType)
{
this.WarmupData.Clear();
var options = new JwksOptions()
{
Jws = JwsAlgorithm.Create(algorithm, keyType)
};
var handler = new JsonWebTokenHandler();
var now = DateTime.Now;
// Generate right now and in memory
var newKey = _keyService.GetCurrentSigningCredentials(options);
// recovered from database
var currentKey = _keyService.GetCurrentSigningCredentials(options);
newKey.Kid.Should().Be(currentKey.Kid);
var claims = new ClaimsIdentity(GenerateClaim().Generate(5));
var descriptor = new SecurityTokenDescriptor
{
Issuer = "me",
Audience = "you",
IssuedAt = now,
NotBefore = now,
Expires = now.AddMinutes(5),
Subject = claims,
SigningCredentials = newKey
};
var descriptorFromDb = new SecurityTokenDescriptor
{
Issuer = "me",
Audience = "you",
IssuedAt = now,
NotBefore = now,
Expires = now.AddMinutes(5),
Subject = claims,
SigningCredentials = currentKey
};
var jwt1 = handler.CreateToken(descriptor);
var jwt2 = handler.CreateToken(descriptorFromDb);
jwt1.Should().Be(jwt2);
}
public void ShouldNotBeSameJwtWhenProbabilisticToken(string algorithm, KeyType keyType)
{
var signingCredentials = _service.GenerateSigningCredentials(JwsAlgorithm.Create(algorithm, keyType));
var handler = new JsonWebTokenHandler();
var now = DateTime.Now;
var descriptor = new SecurityTokenDescriptor
{
Issuer = "me",
Audience = "you",
IssuedAt = now,
NotBefore = now,
Expires = now.AddMinutes(5),
Subject = new ClaimsIdentity(GenerateClaim().Generate(5)),
SigningCredentials = signingCredentials
};
var jwt1 = handler.CreateToken(descriptor);
var jwt2 = handler.CreateToken(descriptor);
jwt1.Should().NotBe(jwt2);
}
public void ShouldGenerateJwk(string algorithm, KeyType keyType)
{
var key = _service.Generate(JwsAlgorithm.Create(algorithm, keyType));
key.KeyId.Should().NotBeNull();
}