private static JwsDescriptorWrapper CreateDescriptor(SignatureAlgorithm algorithm)
{
var jwk = algorithm.Category switch
{
Cryptography.AlgorithmCategory.None => Jwk.None,
Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm),
Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
_ => throw new InvalidOperationException()
};
var descriptor = new JwsDescriptor(jwk, algorithm)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
};
return(new JwsDescriptorWrapper(descriptor));
}
}
public void Equal()
{
var key = RsaJwk.GeneratePrivateKey(4096);
Assert.True(key.Equals(key));
Assert.Equal(key, key);
var publicKey = key.AsPublicKey();
Assert.NotEqual(key, publicKey);
var copiedKey = Jwk.FromJson(key.ToString());
Assert.Equal(key, copiedKey);
// 'kid' is not a discriminant, excepted if the value is different.
copiedKey.Kid = default;
Assert.Equal(key, copiedKey);
Assert.Equal(copiedKey, key);
key.Kid = default;
Assert.Equal(key, copiedKey);
key.Kid = JsonEncodedText.Encode("X");
copiedKey.Kid = JsonEncodedText.Encode("Y");
Assert.NotEqual(key, copiedKey);
Assert.NotEqual(key, Jwk.None);
}
private static void GenerateKeys()
{
// The GenerateKey method creates a new crypto-random asymmetric key for elliptic curve algorithms
var ecKey = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES512);
Console.WriteLine("Asymmetric generated JWK for elliptic curve P-521, for ES512 signature algorithm:");
Console.WriteLine(ecKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random asymmetric key for RSA algorithms
// You may specify a bigger key size. The default is the minimum size (2048 bits for RSA)
var rsaKey = RsaJwk.GeneratePrivateKey(SignatureAlgorithm.PS384);
Console.WriteLine("Asymmetric generated JWK of 2048 bits for RSA, for PS384 signature algorithm:");
Console.WriteLine(rsaKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random symmetric key for symmetric algorithms
var symmetricKey = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256);
Console.WriteLine("Symmetric generated JWK of 128 bits, for HS256 signature algorithm:");
Console.WriteLine(symmetricKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random aymmetric key for RSA algorithms
var symmetricKey2 = SymmetricJwk.GenerateKey(256, computeThumbprint: false);
Console.WriteLine("Symmetric generated JWK of 256 bits, without specified signature algorithm, without key identifier (the thumbprint):");
Console.WriteLine(symmetricKey2);
Console.WriteLine();
}
private Jwk TryWrapKey_Success(SymmetricJwk keyToWrap, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
var keyEncryptionKey = RsaJwk.GeneratePrivateKey(alg.RequiredKeySizeInBits);
var wrapper = new RsaKeyWrapper(keyEncryptionKey, enc, alg);
var cek = WrapKey(wrapper, keyToWrap, out var header);
Assert.Equal(0, header.Count);
return(cek);
}
public void WrapKey_Failure()
{
var keyEncryptionKey = RsaJwk.GeneratePrivateKey(2048);
var wrapper = new RsaKeyWrapper(keyEncryptionKey, EncryptionAlgorithm.A256CbcHS512, KeyManagementAlgorithm.RsaOaep);
var destination = new byte[0];
var header = new JwtHeader();
Assert.Throws <CryptographicException>(() => wrapper.WrapKey(null, header, destination));
wrapper.Dispose();
Assert.Throws <ObjectDisposedException>(() => wrapper.WrapKey(null, header, destination));
Assert.Equal(0, header.Count);
}
public override void Canonicalize()
{
var jwk = RsaJwk.GeneratePrivateKey(2048, SignatureAlgorithm.RS256);
var canonicalizedKey = (RsaJwk)CanonicalizeKey(jwk);
Assert.False(canonicalizedKey.E.IsEmpty);
Assert.False(canonicalizedKey.N.IsEmpty);
Assert.True(canonicalizedKey.DP.IsEmpty);
Assert.True(canonicalizedKey.DQ.IsEmpty);
Assert.True(canonicalizedKey.D.IsEmpty);
Assert.True(canonicalizedKey.P.IsEmpty);
Assert.True(canonicalizedKey.Q.IsEmpty);
Assert.True(canonicalizedKey.QI.IsEmpty);
}
public void Setup()
{
var key = SymmetricJwk.GenerateKey(256);
var rsaKey = RsaJwk.GeneratePrivateKey(2048);
var ecKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256);
for (int i = 0; i < Count; i++)
{
key.TryGetSigner(SignatureAlgorithm.HS256, out var signer);
id = i;
_dictionary.Add(id, signer);
_concurrentDictionary.TryAdd(id, signer);
_cryptoStore.TryAdd(id, signer);
_cryptoStore2.TryAdd(id, signer);
}
}
private static JweWrapper CreateDescriptor(KeyManagementAlgorithm algorithm, EncryptionAlgorithm encryptionAlgorithm)
{
var jwk = algorithm.Category switch
{
Cryptography.AlgorithmCategory.None => Jwk.None,
Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256, algorithm),
Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Direct => SymmetricJwk.GenerateKey(encryptionAlgorithm),
Cryptography.AlgorithmCategory.Direct | Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256),
_ => throw new InvalidOperationException(algorithm.Category.ToString())
};
var descriptor = new JweDescriptor(jwk, algorithm, encryptionAlgorithm)
{
Payload = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
}
};
var policy = new TokenValidationPolicyBuilder()
.AcceptUnsecureToken("https://idp.example.com/")
.WithDecryptionKey(jwk)
.Build();
var writer = new JwtWriter();
return(new JweWrapper(writer.WriteToken(descriptor), algorithm, encryptionAlgorithm, policy));
}
}