public void PublicKeyOnlyCorrectlyParses()
{
var cert = ECCertificateBuilder.CreateNewSigningCertificate("Test");
var data = cert.Export(X509ContentType.Cert);
var publicCert = new X509Certificate2(data);
var cng = ECDSACertificateParser.ParsePublicCertificate(publicCert);
Assert.IsNotNull(cng);
}
public void NoPublicKeyThrowsError()
{
Assert.Throws(typeof(InvalidOperationException), () =>
{
var cert = ECCertificateBuilder.CreateNewSigningCertificate("Test");
var data = cert.Export(X509ContentType.Cert);
var publicCert = new X509Certificate2(data);
ECDSACertificateParser.ParsePrivateCertificate(publicCert);
});
}
public void P384CertificateCorrectlyParses()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
ECCurve = ECNamedCurves.P384
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
var cng = ECDSACertificateParser.ParsePublicCertificate(cert);
Assert.IsNotNull(cng);
}
public void SurvivesExportImport()
{
var options = new ECCertificateBuilderOptions
{
FullSubjectName = "CN=Test",
ECKeyName = "KeyTestTemp",
HashingMethod = HashingMethods.Sha512
};
var cert = ECCertificateBuilder.CreateNewSigningCertificate(options);
var data = cert.Export(X509ContentType.Pkcs12, "password");
if (CngKey.Exists("KeyTestTemp"))
{
var objCngKey = CngKey.Open("KeyTestTemp");
objCngKey.Delete();
}
var reloaded = new X509Certificate2(data, "password");
ECDSACertificateParser.ParsePrivateCertificate(reloaded);
}
/// <summary>
/// Create a web token signed by an ECDSA X509Certificate
/// </summary>
/// <param name="claims">JSON serialisable data to be signed</param>
/// <param name="signingCertificate">Certificate to use for signing, must include a private key</param>
/// <param name="extraHeaderClaims">Extra header params</param>
/// <param name="payloadSerializerSettings"><see cref="JsonSerializerSettings"/> to be used for <paramref name="claims"/> serialization.</param>
/// <param name="headerJson">[Output] the header json</param>
/// <param name="payloadJson">[Output] the payload json</param>
/// <returns>JWT token</returns>
public static string EncodeUsingECDSA <T>(T claims, X509Certificate2 signingCertificate, IDictionary <string, object> extraHeaderClaims, JsonSerializerSettings payloadSerializerSettings, out string headerJson)
{
var signer = ECDSACertificateParser.ParsePrivateCertificate(signingCertificate);
return(EncodeUsingECDSA(claims, signer, extraHeaderClaims, payloadSerializerSettings, out headerJson));
}
/// <summary>
/// Verify and then parse the data in a JWT
/// </summary>
/// <param name="token">The JWT to parse and verify</param>
/// <param name="verificationCertificate">Public key certificate to verify the token with</param>
/// <param name="verify">Whether to actually verify the token or not</param>
/// <param name="headerJson">[Output] The header json</param>
/// <param name="payloadJson">[Output] The payload json</param>
/// <returns>Parsed object data</returns>
public static T DecodeUsingECDSA <T>(string token, X509Certificate2 verificationCertificate, bool verify, out string headerJson, out string payloadJson)
{
var verifier = ECDSACertificateParser.ParsePublicCertificate(verificationCertificate);
return(DecodeUsingECDSA <T>(token, verifier, verify, out headerJson, out payloadJson));
}
