/// <summary>VerifyResult</summary> /// <param name="testLabel">string</param> /// <param name="jwt">string</param> /// <param name="key">object</param> /// <param name="alg">JweAlgorithm</param> /// <param name="enc">JweEncryption</param> private static void VerifyResult(string testLabel, string jwt, object key, JweAlgorithm alg, JweEncryption enc) { MyDebug.OutputDebugAndConsole(testLabel, "Original:" + jwt); MyDebug.InspectJwt(testLabel, jwt); MyDebug.OutputDebugAndConsole(testLabel, "Decoded:" + JWT.Decode(jwt, key, alg, enc)); }
/// <summary>VerifyResult</summary> /// <param name="testLabel">string</param> /// <param name="jwt">string</param> /// <param name="key">object</param> /// <param name="alg">JwsAlgorithm?</param> private static void VerifyResult(string testLabel, string jwt, object key, JwsAlgorithm?alg = null) { MyDebug.OutputDebugAndConsole(testLabel, "Original:" + jwt); MyDebug.InspectJwt(testLabel, jwt); if (alg.HasValue) { MyDebug.OutputDebugAndConsole(testLabel, "Decoded:" + JWT.Decode(jwt, key, alg.Value)); } else { MyDebug.OutputDebugAndConsole(testLabel, "Decoded:" + JWT.Decode(jwt, key)); } }
/// <summary>MyJwt</summary> private static void MyJwt() { #region Variables string temp = ""; bool ret = false; #region Env OperatingSystem os = Environment.OSVersion; // https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947 // *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。 // Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。 X509KeyStorageFlags x509KSF = 0; if (os.Platform == PlatformID.Win32NT) { x509KSF = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable; } else //if (os.Platform == PlatformID.Unix) { x509KSF = X509KeyStorageFlags.DefaultKeySet; } #endregion #region Token string token = ""; IDictionary <string, object> payload = null; payload = new Dictionary <string, object>() { { "sub", "*****@*****.**" }, { "exp", 1300819380 } }; string payloadString = JsonConvert.SerializeObject(payload); #endregion #region Keys string jwk = ""; #endregion #region JWS // RS256 JWS_RS256_X509 jWS_RS256_X509 = null; JWS_RS256_Param jWS_RS256_Param = null; // ES256 #if NETCORE || NET47 JWS_ES256_X509 jWS_ES256_X509 = null; JWS_ES256_Param jWS_ES256_Param = null; #endif #endregion #region JWE JWE jwe = null; #endregion #endregion #region Jws if (os.Platform == PlatformID.Win32NT) { #region RSA(RS256) // 署名(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); token = jWS_RS256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_RS256_X509.Create", token); // 鍵の相互変換 jwk = RsaPublicKeyConverter.ParamToJwk(((RSA)jWS_RS256_X509.DigitalSignX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("RSA JWK", jwk); // 検証(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PublicRsaX509Path, "", x509KSF); MyDebug.OutputDebugAndConsole("JWS_RS256_X509.Verify", jWS_RS256_X509.Verify(token).ToString()); // 検証(Param) jWS_RS256_Param = new JWS_RS256_Param(RsaPublicKeyConverter.JwkToParam(jwk)); MyDebug.OutputDebugAndConsole("JWS_RS256_Param.Verify", jWS_RS256_Param.Verify(token).ToString()); #endregion // DSA #if NETCORE || NET47 #region ECDsa(ES256) // 署名(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PrivateECDsaX509Path, Program.PfxPassword); token = jWS_ES256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_ES256_X509.Create", token); // 鍵の相互変換 jwk = EccPublicKeyConverter.ParamToJwk( ((ECDsa)jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("ECDSA JWK", jwk); // 検証(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PublicECDsaX509Path, ""); MyDebug.OutputDebugAndConsole("JWS_ES256_X509.Verify", jWS_ES256_X509.Verify(token).ToString()); #if NET47 || NETCOREAPP3_0 // 検証(Param) //// Core2.0-2.2 on WinでVerifyがエラーになる。 //// DigitalSignECDsaOpenSslを試してみるが生成できない、 //// Core on Win に OpenSSLベースのプロバイダは無いため) jWS_ES256_Param = new JWS_ES256_Param(EccPublicKeyConverter.JwkToParam(jwk), false); MyDebug.OutputDebugAndConsole("JWS_ES256_Param.Verify", jWS_ES256_Param.Verify(token).ToString()); #elif NETCOREAPP2_0 // Core2.0-2.2 on Winで ECDsaCngは動作しない。 #endif // ★ xLibTest Program.VerifyResult("JwsAlgorithm.xLibTest", token, jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm, JwsAlgorithm.ES256); #endregion #endif } else //if (os.Platform == PlatformID.Unix) { #if NETCORE #region RSA(RS256) // 署名(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); token = jWS_RS256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_RS256_X509.Create", token); // 鍵の相互変換 jwk = RsaPublicKeyConverter.ParamToJwk(((RSA)jWS_RS256_X509.DigitalSignX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("RSA JWK", jwk); // 検証(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PublicRsaX509Path, "", x509KSF); MyDebug.OutputDebugAndConsole("JWS_RS256_X509.Verify", jWS_RS256_X509.Verify(token).ToString()); // 検証(Param) jWS_RS256_Param = new JWS_RS256_Param(RsaPublicKeyConverter.JwkToParam(jwk)); MyDebug.OutputDebugAndConsole("JWS_RS256_Param.Verify", jWS_RS256_Param.Verify(token).ToString()); #endregion // DSA #region ECDsa(ES256) // 署名(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PrivateECDsaX509Path, Program.PfxPassword); token = jWS_ES256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_ES256_X509.Create", token); // 鍵の相互変換 jwk = EccPublicKeyConverter.ParamToJwk( ((ECDsa)jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("ECDSA JWK", jwk); // 検証(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PublicECDsaX509Path, ""); MyDebug.OutputDebugAndConsole("JWS_ES256_X509.Verify", jWS_ES256_X509.Verify(token).ToString()); // 検証(Param) jWS_ES256_Param = new JWS_ES256_Param(EccPublicKeyConverter.JwkToParam(jwk), false); MyDebug.OutputDebugAndConsole("JWS_ES256_Param.Verify", jWS_ES256_X509.Verify(token).ToString()); // ★ xLibTest Program.VerifyResult("JwsAlgorithm.xLibTest", token, jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm, JwsAlgorithm.ES256); #endregion #endif } #endregion #region Jwe #region RsaOaepAesGcm // 暗号化 jwe = new JWE_RsaOaepAesGcm_X509(Program.PublicRsaX509Path, "", x509KSF); token = jwe.Create(payloadString); // 復号化 jwe = new JWE_RsaOaepAesGcm_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); ret = jwe.Decrypt(token, out temp); MyDebug.OutputDebugAndConsole("JWE_RsaOaepAesGcm_X509.Decrypt", ret.ToString() + " : " + temp); // ★ xLibTest Program.VerifyResult("JweAlgorithm.xLibTest", token, jwe.ASymmetricCryptography.AsymmetricAlgorithm, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM); #endregion #region Rsa15A128CbcHS256 // 暗号化 jwe = new JWE_Rsa15A128CbcHS256_X509(Program.PublicRsaX509Path, "", x509KSF); token = jwe.Create(payloadString); // 復号化 jwe = new JWE_Rsa15A128CbcHS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); ret = jwe.Decrypt(token, out temp); MyDebug.OutputDebugAndConsole("JWE_Rsa15A128CbcHS256_X509.Decrypt", ret.ToString() + " : " + temp); // ★ xLibTest Program.VerifyResult("JweAlgorithm.xLibTest", token, jwe.ASymmetricCryptography.AsymmetricAlgorithm, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256); #endregion #endregion }