public void ECDSAKeySizeDoesNotMatchThrowsError() { var options = new ECCertificateBuilderOptions { FullSubjectName = "CN=Test", ECCurve = ECNamedCurves.P521, HashingMethod = HashingMethods.Sha256, ECKeyName = "ECDSA_Test" }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); string headerJson; var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson); cert = ECCertificateBuilder.CreateNewSigningCertificate(new ECCertificateBuilderOptions { ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test" }); try { string payloadJson; JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson); } catch (SignatureVerificationException ex) { Assert.AreEqual("Key size does not match.", ex.Message); return; } Assert.Fail(); }
public void WrongCertificateThrowsError() { var options = new ECCertificateBuilderOptions { ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test" }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); string headerJson; var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson); options = new ECCertificateBuilderOptions { ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test" }; cert = ECCertificateBuilder.CreateNewSigningCertificate(options); try { string payloadJson; JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson); } catch (SignatureVerificationException ex) { Assert.AreEqual("Invalid signature.", ex.Message); return; } Assert.Fail(); }
public void ParseBackAndForthWorks() { var options = new ECCertificateBuilderOptions { ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test" }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); string headerJson; var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson); string headerJsonDecoded; string payloadJsonDecoded; dynamic result = JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJsonDecoded, out payloadJsonDecoded); Assert.AreEqual(1, (int)result.id); Assert.AreEqual(2, (int)result.org); Assert.IsFalse(string.IsNullOrWhiteSpace(headerJsonDecoded)); Assert.IsTrue(string.Equals(headerJson, headerJsonDecoded)); Assert.IsFalse(string.IsNullOrWhiteSpace(payloadJsonDecoded)); }
public void UnknownJWTAlgorithmThrowsError() { var options = new ECCertificateBuilderOptions { ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test" }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); string headerJson; var token = JsonWebToken.EncodeUsingECDSA(new { id = 1, org = 2 }, cert, out headerJson); var split = token.Split('.'); split[0] = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSU0EifQ"; // switch header token = string.Join(".", split); try { string payloadJson; JsonWebToken.DecodeUsingECDSA <object>(token, cert, out headerJson, out payloadJson); } catch (SignatureVerificationException ex) { Assert.AreEqual("Unsupported signing algorithm.", ex.Message); return; } Assert.Fail(); }
public void HeaderAndPayloadParsesCorrectly() { var options = new ECCertificateBuilderOptions { ECCurve = ECNamedCurves.P256, FullSubjectName = "CN=Test" }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); string headerJson; var token = JsonWebToken.EncodeUsingECDSA( new { id = 1, org = 1 }, cert, new Dictionary <string, object> { { "alg", "ES256" } }, new JsonSerializerSettings(), out headerJson); var bits = token.Split('.'); Assert.AreEqual(3, bits.Length); Assert.AreEqual("eyJhbGciOiJFUzI1NiJ9", bits[0]); // HEADER Assert.AreEqual("eyJpZCI6MSwib3JnIjoxfQ", bits[1]); // DATA }
public void CreateWithDefaultOptions() { var cert = ECCertificateBuilder.CreateNewSigningCertificate("Test"); Assert.AreEqual("CN=Test", cert.Subject); Assert.AreEqual("sha256ECDSA", cert.SignatureAlgorithm.FriendlyName); Assert.IsTrue(cert.HasPrivateKey); }
public void PublicKeyOnlyCorrectlyParses() { var cert = ECCertificateBuilder.CreateNewSigningCertificate("Test"); var data = cert.Export(X509ContentType.Cert); var publicCert = new X509Certificate2(data); var cng = ECDSACertificateParser.ParsePublicCertificate(publicCert); Assert.IsNotNull(cng); }
public void NoPublicKeyThrowsError() { Assert.Throws(typeof(InvalidOperationException), () => { var cert = ECCertificateBuilder.CreateNewSigningCertificate("Test"); var data = cert.Export(X509ContentType.Cert); var publicCert = new X509Certificate2(data); ECDSACertificateParser.ParsePrivateCertificate(publicCert); }); }
public void P384CertificateCorrectlyParses() { var options = new ECCertificateBuilderOptions { FullSubjectName = "CN=Test", ECCurve = ECNamedCurves.P384 }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); var cng = ECDSACertificateParser.ParsePublicCertificate(cert); Assert.IsNotNull(cng); }
public void CreateWithSha512Hash() { var options = new ECCertificateBuilderOptions { FullSubjectName = "CN=Test", HashingMethod = HashingMethods.Sha512 }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); Assert.AreEqual("CN=Test", cert.Subject); Assert.AreEqual("sha512ECDSA", cert.SignatureAlgorithm.FriendlyName); Assert.IsTrue(cert.HasPrivateKey); }
public void CreateWithP256Curve() { var options = new ECCertificateBuilderOptions { FullSubjectName = "CN=Test", ECCurve = ECNamedCurves.P256 }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); Assert.AreEqual("CN=Test", cert.Subject); Assert.AreEqual("sha256ECDSA", cert.SignatureAlgorithm.FriendlyName); Assert.IsTrue(cert.HasPrivateKey); }
public void SurvivesExportImport() { var options = new ECCertificateBuilderOptions { FullSubjectName = "CN=Test", ECKeyName = "KeyTestTemp", HashingMethod = HashingMethods.Sha512 }; var cert = ECCertificateBuilder.CreateNewSigningCertificate(options); var data = cert.Export(X509ContentType.Pkcs12, "password"); if (CngKey.Exists("KeyTestTemp")) { var objCngKey = CngKey.Open("KeyTestTemp"); objCngKey.Delete(); } var reloaded = new X509Certificate2(data, "password"); ECDSACertificateParser.ParsePrivateCertificate(reloaded); }