public void Validate_Should_Throw_Exception_When_Signature_Is_Invalid() { const string token = TestData.Token; var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); Action action = () => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); action.Should() .Throw <SignatureVerificationException>("because signature is invalid"); }
public void TryValidate_Should_Return_True_And_Exception_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because the token should have been validated"); ex.Should() .BeNull("because a valid token verified should not raise any exception"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Token_Is_Expired() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp)); var jwt = new JwtParts(TestData.TokenWithExp); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because token should be invalid"); ex.Should() .NotBeNull("because invalid token should thrown exception"); ex.Should() .BeOfType(typeof(TokenExpiredException), "because expired token should thrown TokenExpiredException"); }
public void TryValidate_Should_Return_True_And_Exception_Null_When_Token_Is_Not_Yet_Usable_But_Validator_Has_Time_Margin() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp - 1)); var jwt = new JwtParts(TestData.TokenWithNbf); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider, timeMargin: 1); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because token should be valid"); ex.Should() .BeNull("because valid token should not throw exception"); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); signatureData[0]++; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); Assert.False(isValid); Assert.NotNull(ex); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Signature_Is_Not_Valid() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeFalse("because token should be invalid"); ex.Should() .NotBeNull("because invalid token should thrown exception"); }
public void Validate_Should_Not_Throw_Exception_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); }
public string Decode(JwtParts jwt) { throw new NotImplementedException(); }
public T DecodeToObject <T>(JwtParts jwt, byte[][] keys, bool verify) { throw new NotImplementedException(); }
public T DecodeToObject <T>(JwtParts jwt) { throw new NotImplementedException(); }
public T DecodeHeader <T>(JwtParts jwt) { throw new NotImplementedException(); }
public string Decode(JwtParts jwt, byte[][] keys, bool verify) { throw new NotImplementedException(); }
public static void Run() { var payload = new Dictionary <string, object> { { "claim1", 0 }, { "claim2", "claim2-value" } }; const string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; //Open the stream and read it back. byte[] message = System.Text.Encoding.Default.GetBytes("Hello!"); var token = ""; using (FileStream fs = File.OpenRead("C:/Users/Administrator/Desktop/rsatest/flw_srv_prv.pfx")) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); X509Certificate2 certificate = new X509Certificate2(blob); var algorithm = new RS256Algorithm(certificate); //certificate.GetRSAPrivateKey().SignData(blob, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); token = encoder.Encode(payload, secret); } //token = token + "dvcasvs"; using (FileStream fs = File.OpenRead("C:/Users/Administrator/Desktop/rsatest/flw_srv_prv_no_prvkey.pfx")) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); X509Certificate2 certificate = new X509Certificate2(blob); var publicKey = certificate.GetRSAPublicKey(); var privateKey = certificate.GetRSAPrivateKey();// null var algorithm = new RS256Algorithm(publicKey); try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, new RSAlgorithmFactory(publicKey)); var json = decoder.Decode(token, secret, verify: false); JwtParts jwt = new JwtParts(token); var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload)); byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature); var ttt = publicKey.VerifyData(bytesToSign, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Console.WriteLine(json); } catch (TokenExpiredException) { Console.WriteLine("Token has expired"); } catch (SignatureVerificationException) { Console.WriteLine("Token has invalid signature"); } } }