예제 #1
0
        public void BadSignatureEmptyLength(string badSignature)
        {
            //Online HMAC tester: https://www.devglan.com/online-tools/hmac-sha256-online
            var input      = new TestModelInclusive();
            var calculator = new HMACSHA256SignatureCalculator();
            var sut        = new InstanceSignatureBuilder(calculator);

            sut.VerifyHex(input, badSignature, knownKey).Should().BeFalse();
        }
예제 #2
0
        public void PropertiesImplicitlyIncludedInCalculation()
        {
            //Online HMAC tester: https://www.devglan.com/online-tools/hmac-sha256-online
            const string signature  = "8feda6b02259091f6d58b53f5bf5645586fe38694c43d50c4e06f51265ed84a9";
            var          input      = new TestModelInclusive();
            var          calculator = new HMACSHA256SignatureCalculator();
            var          sut        = new InstanceSignatureBuilder(calculator);

            sut.VerifyHex(input, signature, knownKey).Should().BeTrue();
        }
예제 #3
0
        public void BuildSignatureAndVerifyExample_Hex()
        {
            // Any input. Even an anonymous type will do.
            var input = new
            {
                Id          = 1,
                Name        = "Hello World",
                CreatedDate = DateTime.MaxValue
            };

            // Secret key shared between the sender and receiver.
            var sharedSecretKey = "This is the key shared between the signature creator and signature verifier";

            // Sender computes signature.
            var signatureBuilder = new InstanceSignatureBuilder(new HMACSHA256SignatureCalculator());
            var signatureResult  = signatureBuilder.Compute(input, sharedSecretKey);

            _output.WriteLine($"ASCII Payload used to calculate signature: {signatureResult.PayloadAsASCIIString()}");
            _output.WriteLine($"Signature in Hex: {signatureResult.SignatureAsHexString()}");

            // receiver verifies signature, positive verification when sender and receiver key matches.
            var verificationStatus = signatureBuilder.VerifyHex(input, signatureResult.SignatureAsHexString(), sharedSecretKey)
                ? "verified"
                : "incorrect";

            _output.WriteLine($"Signature Validity: {verificationStatus}");

            // receiver verifies signature, negative verification.
            // This test should fail in the case where either the signature or the key is different from original provided values.
            // In the example below, a different key is used when comparing signatures.
            var verificationStatusForcedFailure = signatureBuilder.VerifyHex(input, signatureResult.SignatureAsHexString(), "Any different key will force an incorrect verification.")
                ? "verified"
                : "incorrect";

            _output.WriteLine($"Signature Validity: {verificationStatusForcedFailure}");
        }