public void Build_Jws_AutomaticClaims()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.ExpiresAfter(10)
.NotBefore(5)
.WithAutomaticId()
.WithAutomaticIssuedAt();
var descriptor = builder.Build();
Assert.IsType <JwsDescriptor>(descriptor);
var jws = (JwsDescriptor)descriptor;
Assert.NotNull(jws.ExpirationTime);
Assert.InRange((jws.ExpirationTime - now).Value.TotalSeconds - 10, -2, 2);
Assert.NotNull(jws.JwtId);
Assert.NotNull(jws.IssuedAt);
Assert.InRange((jws.IssuedAt - now).Value.TotalSeconds, -2, 2);
Assert.NotNull(jws.NotBefore);
Assert.InRange((jws.NotBefore - now).Value.TotalSeconds - 5, -2, 2);
Assert.Null(jws.Subject);
Assert.Null(jws.KeyId);
Assert.Null(jws.Audience);
Assert.Equal(SignatureAlgorithm.RsaSsaPssSha256, jws.Algorithm);
}
public void Build_Jws()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var descriptor = builder.Build();
Assert.IsType <JwsDescriptor>(descriptor);
var jws = (JwsDescriptor)descriptor;
Assert.Equal("https://issuer.example.com", jws.Issuer);
Assert.Equal(now, jws.ExpirationTime);
Assert.Null(jws.JwtId);
Assert.Null(jws.IssuedAt);
Assert.Null(jws.NotBefore);
Assert.Null(jws.Subject);
Assert.Null(jws.KeyId);
Assert.Null(jws.Audience);
Assert.Equal(SignatureAlgorithm.RsaSsaPssSha256, jws.Algorithm);
}
public void Build_Jws_MissingSigningKey()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var exception = Assert.Throws <InvalidOperationException>(() => builder.Build());
Assert.Contains("No signing key is defined.", exception.Message);
}
public void Build_Jws_NoneWithSigningKey()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now)
.SignWith(SymmetricJwk.GenerateKey(128), SignatureAlgorithm.None);
var exception = Assert.Throws <InvalidOperationException>(() => builder.Build());
Assert.Contains("The algorithm 'none' defined with a signing key.", exception.Message);
}
public void Build_Jws_MissingSigningAlgorithm()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now)
.SignWith(SymmetricJwk.GenerateKey(128));
var exception = Assert.Throws <InvalidOperationException>(() => builder.Build());
Assert.Contains("No algorithm is defined for the signature.", exception.Message);
}
public void Build_JweMissingKeyManagementAlgorithm()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.EncryptWith(SymmetricJwk.GenerateKey(128), EncryptionAlgorithm.Aes128CbcHmacSha256)
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var exception = Assert.Throws <InvalidOperationException>(() => builder.Build());
Assert.Contains("No algorithm is defined for the key management encryption.", exception.Message);
}
public void Build_TextJwt()
{
var builder = new JwtDescriptorBuilder();
builder
.PlaintextPayload("Live long and prosper.")
.EncryptWith(SymmetricJwk.GenerateKey(128), EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.Direct);
var descriptor = builder.Build();
Assert.IsType <PlaintextJweDescriptor>(descriptor);
var plaintext = (PlaintextJweDescriptor)descriptor;
Assert.Equal("Live long and prosper.", plaintext.Payload);
Assert.Equal(KeyManagementAlgorithm.Direct, plaintext.Algorithm);
Assert.Equal(EncryptionAlgorithm.Aes128CbcHmacSha256, plaintext.EncryptionAlgorithm);
}
public void Build_BinaryJwt()
{
var builder = new JwtDescriptorBuilder();
builder
.EncryptWith(SymmetricJwk.GenerateKey(128), EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.Direct)
.BinaryPayload(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 });
var descriptor = builder.Build();
Assert.IsType <BinaryJweDescriptor>(descriptor);
var binary = (BinaryJweDescriptor)descriptor;
Assert.Equal(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }, binary.Payload);
Assert.Equal(KeyManagementAlgorithm.Direct, binary.Algorithm);
Assert.Equal(EncryptionAlgorithm.Aes128CbcHmacSha256, binary.EncryptionAlgorithm);
}
public void Build_Jwt_Unsigned()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.IgnoreSignature()
.IssuedBy("https://issuer.example.com")
.ExpiresAt(DateTime.UtcNow);
var descriptor = builder.Build();
Assert.IsType <JwsDescriptor>(descriptor);
Assert.IsType <JwsDescriptor>(descriptor);
var jws = (JwsDescriptor)descriptor;
Assert.Equal("https://issuer.example.com", jws.Issuer);
Assert.Equal(now, jws.ExpirationTime);
Assert.Equal(SignatureAlgorithm.None, jws.Algorithm);
}
public void Build_Jwe()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.EncryptWith(SymmetricJwk.GenerateKey(128), EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.Direct)
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var descriptor = builder.Build();
Assert.IsType <JweDescriptor>(descriptor);
var jwe = (JweDescriptor)descriptor;
Assert.Equal("https://issuer.example.com", jwe.Payload.Issuer);
Assert.Equal(now, jwe.Payload.ExpirationTime);
Assert.Equal(SignatureAlgorithm.RsaSsaPssSha256, jwe.Payload.Algorithm);
Assert.Equal(KeyManagementAlgorithm.Direct, jwe.Algorithm);
Assert.Equal(EncryptionAlgorithm.Aes128CbcHmacSha256, jwe.EncryptionAlgorithm);
}
