public void Validate_Should_Throw_Exception_When_Signature_Is_Invalid()
{
const string token = TestData.Token;
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign);
++signatureData[0]; // malformed signature
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
Action action =
() => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
action.Should()
.Throw <SignatureVerificationException>("because signature is invalid");
}
public void TryValidate_Should_Return_True_And_Exception_Null_When_Crypto_Matches_Signature()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign);
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
isValid.Should()
.BeTrue("because the token should have been validated");
ex.Should()
.BeNull("because a valid token verified should not raise any exception");
}
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Token_Is_Expired()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp));
var jwt = new JwtParts(TestData.TokenWithExp);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign);
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
isValid.Should()
.BeFalse("because token should be invalid");
ex.Should()
.NotBeNull("because invalid token should thrown exception");
ex.Should()
.BeOfType(typeof(TokenExpiredException), "because expired token should thrown TokenExpiredException");
}
public void TryValidate_Should_Return_True_And_Exception_Null_When_Token_Is_Not_Yet_Usable_But_Validator_Has_Time_Margin()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new StaticDateTimeProvider(DateTimeOffset.FromUnixTimeSeconds(TestData.TokenTimestamp - 1));
var jwt = new JwtParts(TestData.TokenWithNbf);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign);
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider, timeMargin: 1);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
isValid.Should()
.BeTrue("because token should be valid");
ex.Should()
.BeNull("because valid token should not throw exception");
}
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Crypto_Matches_Signature()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign);
signatureData[0]++; // malformed signature
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
Assert.False(isValid);
Assert.NotNull(ex);
}
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Signature_Is_Not_Valid()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes(TestData.Secret), bytesToSign);
++signatureData[0]; // malformed signature
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
isValid.Should()
.BeFalse("because token should be invalid");
ex.Should()
.NotBeNull("because invalid token should thrown exception");
}
public void Validate_Should_Not_Throw_Exception_When_Crypto_Matches_Signature()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign);
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
}
public string Decode(JwtParts jwt)
{
throw new NotImplementedException();
}
public T DecodeToObject <T>(JwtParts jwt, byte[][] keys, bool verify)
{
throw new NotImplementedException();
}
public T DecodeToObject <T>(JwtParts jwt)
{
throw new NotImplementedException();
}
public T DecodeHeader <T>(JwtParts jwt)
{
throw new NotImplementedException();
}
public string Decode(JwtParts jwt, byte[][] keys, bool verify)
{
throw new NotImplementedException();
}
public static void Run()
{
var payload = new Dictionary <string, object>
{
{ "claim1", 0 },
{ "claim2", "claim2-value" }
};
const string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
//Open the stream and read it back.
byte[] message = System.Text.Encoding.Default.GetBytes("Hello!");
var token = "";
using (FileStream fs = File.OpenRead("C:/Users/Administrator/Desktop/rsatest/flw_srv_prv.pfx"))
{
byte[] blob = new byte[fs.Length];
fs.Read(blob, 0, blob.Length);
X509Certificate2 certificate = new X509Certificate2(blob);
var algorithm = new RS256Algorithm(certificate);
//certificate.GetRSAPrivateKey().SignData(blob, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
token = encoder.Encode(payload, secret);
}
//token = token + "dvcasvs";
using (FileStream fs = File.OpenRead("C:/Users/Administrator/Desktop/rsatest/flw_srv_prv_no_prvkey.pfx"))
{
byte[] blob = new byte[fs.Length];
fs.Read(blob, 0, blob.Length);
X509Certificate2 certificate = new X509Certificate2(blob);
var publicKey = certificate.GetRSAPublicKey();
var privateKey = certificate.GetRSAPrivateKey();// null
var algorithm = new RS256Algorithm(publicKey);
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, new RSAlgorithmFactory(publicKey));
var json = decoder.Decode(token, secret, verify: false);
JwtParts jwt = new JwtParts(token);
var bytesToSign = Encoding.UTF8.GetBytes(string.Concat(jwt.Header, ".", jwt.Payload));
byte[] signature = (new JwtBase64UrlEncoder()).Decode(jwt.Signature);
var ttt = publicKey.VerifyData(bytesToSign, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Console.WriteLine(json);
}
catch (TokenExpiredException)
{
Console.WriteLine("Token has expired");
}
catch (SignatureVerificationException)
{
Console.WriteLine("Token has invalid signature");
}
}
}
