public void ECDSAKeySizeDoesNotMatchThrowsError()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
ECCurve = ECNamedCurves.P521,
HashingMethod = HashingMethods.Sha256,
ECKeyName = "ECDSA_Test"
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
string headerJson;
var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);
cert = ECCertificateBuilder.CreateNewSigningCertificate(new ECCertificateBuilderOptions {
ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test"
});
try
{
string payloadJson;
JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson);
}
catch (SignatureVerificationException ex)
{
Assert.AreEqual("Key size does not match.", ex.Message);
return;
}
Assert.Fail();
}
public void WrongCertificateThrowsError()
{
var options = new ECCertificateBuilderOptions
{
ECCurve = ECNamedCurves.P256,
FullSubjectName = "CN=Test"
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
string headerJson;
var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);
options = new ECCertificateBuilderOptions
{
ECCurve = ECNamedCurves.P256,
FullSubjectName = "CN=Test"
};
cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
try
{
string payloadJson;
JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson);
}
catch (SignatureVerificationException ex)
{
Assert.AreEqual("Invalid signature.", ex.Message);
return;
}
Assert.Fail();
}
public void ParseBackAndForthWorks()
{
var options = new ECCertificateBuilderOptions
{
ECCurve = ECNamedCurves.P256,
FullSubjectName = "CN=Test"
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
string headerJson;
var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);
string headerJsonDecoded;
string payloadJsonDecoded;
dynamic result = JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJsonDecoded,
out payloadJsonDecoded);
Assert.AreEqual(1, (int)result.id);
Assert.AreEqual(2, (int)result.org);
Assert.IsFalse(string.IsNullOrWhiteSpace(headerJsonDecoded));
Assert.IsTrue(string.Equals(headerJson, headerJsonDecoded));
Assert.IsFalse(string.IsNullOrWhiteSpace(payloadJsonDecoded));
}
public void UnknownJWTAlgorithmThrowsError()
{
var options = new ECCertificateBuilderOptions
{
ECCurve = ECNamedCurves.P256,
FullSubjectName = "CN=Test"
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
string headerJson;
var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson);
var split = token.Split('.');
split[0] = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSU0EifQ"; // switch header
token = string.Join(".", split);
try
{
string payloadJson;
JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson);
}
catch (SignatureVerificationException ex)
{
Assert.AreEqual("Unsupported signing algorithm.", ex.Message);
return;
}
Assert.Fail();
}
public void HeaderAndPayloadParsesCorrectly()
{
var options = new ECCertificateBuilderOptions
{
ECCurve = ECNamedCurves.P256,
FullSubjectName = "CN=Test"
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
string headerJson;
var token = JsonWebToken.EncodeUsingECDSA(
new { id = 1, org = 1 },
cert,
new Dictionary <string, object> {
{ "alg", "ES256" }
},
new JsonSerializerSettings(),
out headerJson);
var bits = token.Split('.');
Assert.AreEqual(3, bits.Length);
Assert.AreEqual("eyJhbGciOiJFUzI1NiJ9", bits[0]); // HEADER
Assert.AreEqual("eyJpZCI6MSwib3JnIjoxfQ", bits[1]); // DATA
}
public void P384CertificateCorrectlyParses()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
ECCurve = ECNamedCurves.P384
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
var cng = ECDSACertificateParser.ParsePublicCertificate(cert);
Assert.IsNotNull(cng);
}
public void CreateWithSha512Hash()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
HashingMethod = HashingMethods.Sha512
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
Assert.AreEqual("CN=Test", cert.Subject);
Assert.AreEqual("sha512ECDSA", cert.SignatureAlgorithm.FriendlyName);
Assert.IsTrue(cert.HasPrivateKey);
}
public void CreateWithP256Curve()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
ECCurve = ECNamedCurves.P256
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
Assert.AreEqual("CN=Test", cert.Subject);
Assert.AreEqual("sha256ECDSA", cert.SignatureAlgorithm.FriendlyName);
Assert.IsTrue(cert.HasPrivateKey);
}
public void SurvivesExportImport()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
ECKeyName = "KeyTestTemp",
HashingMethod = HashingMethods.Sha512
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
var data = cert.Export(X509ContentType.Pkcs12, "password");
if (CngKey.Exists("KeyTestTemp"))
{
var objCngKey = CngKey.Open("KeyTestTemp");
objCngKey.Delete();
}
var reloaded = new X509Certificate2(data, "password");
ECDSACertificateParser.ParsePrivateCertificate(reloaded);
}
