public void CreateAndValidateToken_WhenV2PublicToken_ExpectCorrectClaims() { const string expectedClaimType = "name"; const string expectedClaimValue = "scott"; const string issuer = "me"; const string audience = "you"; var signingCredentials = new SigningCredentials( new EdDsaSecurityKey(new Ed25519PrivateKeyParameters( Convert.FromBase64String("TYXei5+8Qd2ZqKIlEuJJ3S50WYuocFTrqK+3/gHVH9B2hpLtAgscF2c9QuWCzV9fQxal3XBqTXivXJPpp79vgw=="), 0)), ExtendedSecurityAlgorithms.EdDsa); var verificationKeys = new EdDsaSecurityKey(new Ed25519PublicKeyParameters(Convert.FromBase64String("doaS7QILHBdnPULlgs1fX0MWpd1wak14r1yT6ae/b4M="), 0)); var handler = new PasetoTokenHandler(); var token = handler.CreateToken(new PasetoSecurityTokenDescriptor(PasetoConstants.Versions.V2, PasetoConstants.Purposes.Public) { Issuer = issuer, Audience = audience, Claims = new Dictionary <string, object> { { expectedClaimType, expectedClaimValue } }, SigningCredentials = signingCredentials }); var result = handler.ValidateToken(token, new TokenValidationParameters { ValidIssuer = issuer, ValidAudience = audience, IssuerSigningKey = verificationKeys }); result.IsValid.Should().BeTrue(); result.ClaimsIdentity.HasClaim(expectedClaimType, expectedClaimValue).Should().BeTrue(); }
public void Create_WhenAlgorithmIsNotEdDsaButHasEdDsaSecurityKey_ExpectNotSupportedException() { var keyPairGenerator = new Ed25519KeyPairGenerator(); keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom())); var keyPair = keyPairGenerator.GenerateKeyPair(); var securityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public); Assert.Throws <NotSupportedException>(() => sut.Create(SecurityAlgorithms.RsaSha256, securityKey)); }
public void ctor_ExpectPropertiesSet() { var keyPairGenerator = new Ed25519KeyPairGenerator(); keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom())); var keyPair = keyPairGenerator.GenerateKeyPair(); var expectedSecurityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public); var expectedAlgorithm = ExtendedSecurityAlgorithms.EdDsa; var provider = new EdDsaSignatureProvider(expectedSecurityKey, expectedAlgorithm); provider.Key.Should().Be(expectedSecurityKey); provider.Algorithm.Should().Be(expectedAlgorithm); }
public void ctor_WhenEd25519PublicKey_ExpectKeySetAndCorrectCurve() { var keyPair = GenerateEd25519KeyPair(); var securityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public); securityKey.CryptoProviderFactory.CustomCryptoProvider.Should().BeOfType <ExtendedCryptoProvider>(); securityKey.KeyParameters.Should().Be(keyPair.Public); securityKey.Curve.Should().Be(ExtendedSecurityAlgorithms.Curves.Ed25519); securityKey.PrivateKeyStatus.Should().Be(PrivateKeyStatus.DoesNotExist); #pragma warning disable 618 securityKey.HasPrivateKey.Should().BeFalse(); #pragma warning restore 618 }
public void Sign_WhenSigningWithEd25519Curve_ExpectCorrectSignature() { const string plaintext = "eyJraWQiOiIxMjMiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJhdWQiOiJ5b3UiLCJzdWIiOiJib2IiLCJpc3MiOiJtZSIsImV4cCI6MTU5MDg0MTg4N30"; const string expectedSignature = "OyBxBr344Ny-0vRCeEMLSnuEO1IecybvJBivrjum4d-dgN5WLnEAGAO43MlZeRGn1F3fRXO_xlYot68PtDuiAA"; const string privateKey = "FU1F1QTjYwfB-xkO6aknnBifE_Ywa94U04xpd-XJfBs"; var edDsaSecurityKey = new EdDsaSecurityKey(new Ed25519PrivateKeyParameters(Base64UrlEncoder.DecodeBytes(privateKey), 0)); var signatureProvider = new EdDsaSignatureProvider(edDsaSecurityKey, ExtendedSecurityAlgorithms.EdDsa); var signature = signatureProvider.Sign(System.Text.Encoding.UTF8.GetBytes(plaintext)); signature.Should().BeEquivalentTo(Base64UrlEncoder.DecodeBytes(expectedSignature)); }
public void Create_WhenAlgorithmIsEdDsaWithEdDsaSecurityKey_ExpectEdDsaSignatureProvider() { var keyPairGenerator = new Ed25519KeyPairGenerator(); keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom())); var keyPair = keyPairGenerator.GenerateKeyPair(); var securityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public); var signatureProvider = sut.Create(ExtendedSecurityAlgorithms.EdDsa, securityKey); var edDsaSignatureProvider = Assert.IsType <EdDsaSignatureProvider>(signatureProvider); edDsaSignatureProvider.Algorithm.Should().Be(ExtendedSecurityAlgorithms.EdDsa); edDsaSignatureProvider.Key.Should().Be(securityKey); }
public void Verify_WhenJwtSignedWithEd25519Curve_ExpectTrue() { const string plaintext = "eyJraWQiOiIxMjMiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJhdWQiOiJ5b3UiLCJzdWIiOiJib2IiLCJpc3MiOiJtZSIsImV4cCI6MTU5MDg0MTg4N30"; const string signature = "OyBxBr344Ny-0vRCeEMLSnuEO1IecybvJBivrjum4d-dgN5WLnEAGAO43MlZeRGn1F3fRXO_xlYot68PtDuiAA"; const string publicKey = "60mR98SQlHUSeLeIu7TeJBTLRG10qlcDLU4AJjQdqMQ"; var edDsaSecurityKey = new EdDsaSecurityKey(new Ed25519PublicKeyParameters(Base64UrlEncoder.DecodeBytes(publicKey), 0)); var signatureProvider = new EdDsaSignatureProvider(edDsaSecurityKey, ExtendedSecurityAlgorithms.EdDsa); var isValidSignature = signatureProvider.Verify( System.Text.Encoding.UTF8.GetBytes(plaintext), Base64UrlEncoder.DecodeBytes(signature)); isValidSignature.Should().BeTrue(); }