public void Build_Jws_AutomaticClaims()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.ExpiresAfter(10)
.NotBefore(5)
.WithAutomaticId()
.WithAutomaticIssuedAt();
var descriptor = builder.Build();
Assert.IsType <JwsDescriptor>(descriptor);
var jws = (JwsDescriptor)descriptor;
Assert.NotNull(jws.ExpirationTime);
Assert.InRange((jws.ExpirationTime - now).Value.TotalSeconds - 10, -2, 2);
Assert.NotNull(jws.JwtId);
Assert.NotNull(jws.IssuedAt);
Assert.InRange((jws.IssuedAt - now).Value.TotalSeconds, -2, 2);
Assert.NotNull(jws.NotBefore);
Assert.InRange((jws.NotBefore - now).Value.TotalSeconds - 5, -2, 2);
Assert.Null(jws.Subject);
Assert.Null(jws.KeyId);
Assert.Null(jws.Audience);
Assert.Equal(SignatureAlgorithm.RsaSsaPssSha256, jws.Algorithm);
}
private static void GenerateKeys()
{
// The GenerateKey method creates a new crypto-random asymmetric key for elliptic curve algorithms
var ecKey = ECJwk.GenerateKey(EllipticalCurve.P521, withPrivateKey: true, SignatureAlgorithm.EcdsaSha512);
ecKey.Kid = "Generated-ES512";
Console.WriteLine("Asymmetric generated JWK for elliptic curve P-521, for ES512 signature algorithm:");
Console.WriteLine(ecKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random asymmetric key for RSA algorithms
var rsaKey = RsaJwk.GenerateKey(2048, withPrivateKey: true, SignatureAlgorithm.RsaSsaPssSha384);
rsaKey.Kid = "Generated-PS384";
Console.WriteLine("Asymmetric generated JWK of 2048 bits for RSA, for PS384 signature algorithm:");
Console.WriteLine(rsaKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random symmetric key for symmetric algorithms
var symmetricKey = SymmetricJwk.GenerateKey(128, SignatureAlgorithm.HmacSha256);
symmetricKey.Kid = "Generated-HS256";
Console.WriteLine("Symmetric generated JWK of 128 bits, for HS256 signature algorithm:");
Console.WriteLine(symmetricKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random aymmetric key for RSA algorithms
var symmetricKey2 = SymmetricJwk.GenerateKey(256);
Console.WriteLine("Symmetric generated JWK of 256 bits, without specified signature algorithm, without key identifier:");
Console.WriteLine(symmetricKey2);
Console.WriteLine();
}
public void Build_Jws()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var descriptor = builder.Build();
Assert.IsType <JwsDescriptor>(descriptor);
var jws = (JwsDescriptor)descriptor;
Assert.Equal("https://issuer.example.com", jws.Issuer);
Assert.Equal(now, jws.ExpirationTime);
Assert.Null(jws.JwtId);
Assert.Null(jws.IssuedAt);
Assert.Null(jws.NotBefore);
Assert.Null(jws.Subject);
Assert.Null(jws.KeyId);
Assert.Null(jws.Audience);
Assert.Equal(SignatureAlgorithm.RsaSsaPssSha256, jws.Algorithm);
}
public void WrapKey_Failure()
{
var keyEncryptionKey = RsaJwk.GenerateKey(2048, true);
var wrapper = new RsaKeyWrapper(keyEncryptionKey, EncryptionAlgorithm.Aes256CbcHmacSha512, KeyManagementAlgorithm.RsaOaep);
var destination = new byte[0];
var header = new JwtObject();
Assert.Throws <CryptographicException>(() => wrapper.WrapKey(null, header, destination));
wrapper.Dispose();
Assert.Throws <ObjectDisposedException>(() => wrapper.WrapKey(null, header, destination));
Assert.Equal(0, header.Count);
}
public void Setup()
{
var key = SymmetricJwk.GenerateKey(256);
var rsaKey = RsaJwk.GenerateKey(2048, true);
var ecKey = ECJwk.GenerateKey(EllipticalCurve.P256, true);
for (int i = 0; i < Count; i++)
{
key.TryGetSigner(SignatureAlgorithm.HmacSha256, out var signer);
id = i;
_dictionary.Add(id, signer);
_concurrentDictionary.TryAdd(id, signer);
_cryptoStore.TryAdd(id, signer);
_cryptoStore2.TryAdd(id, signer);
}
}
public void Build_JweMissingKeyManagementAlgorithm()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.EncryptWith(SymmetricJwk.GenerateKey(128), EncryptionAlgorithm.Aes128CbcHmacSha256)
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var exception = Assert.Throws <InvalidOperationException>(() => builder.Build());
Assert.Contains("No algorithm is defined for the key management encryption.", exception.Message);
}
public override void Canonicalize()
{
var jwk = RsaJwk.GenerateKey(2048, true);
var canonicalizedKey = (RsaJwk)CanonicalizeKey(jwk);
Assert.NotNull(canonicalizedKey.E);
Assert.NotEmpty(canonicalizedKey.E);
Assert.NotNull(canonicalizedKey.N);
Assert.NotEmpty(canonicalizedKey.N);
Assert.Null(canonicalizedKey.DP);
Assert.Null(canonicalizedKey.DQ);
Assert.Null(canonicalizedKey.D);
Assert.Null(canonicalizedKey.P);
Assert.Null(canonicalizedKey.Q);
Assert.Null(canonicalizedKey.QI);
}
public override void WriteTo()
{
var key = RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSha256.Utf8Name);
key.Kid = "kid-rsa";
key.KeyOps.Add("sign");
key.Use = JwkUseNames.Sig.ToArray();
key.X5t = Base64Url.Decode("dGhpcyBpcyBhIFNIQTEgdGVzdCE");
key.X5tS256 = Base64Url.Decode("dGhpcyBpcyBhIFNIQTI1NiB0ZXN0ISAgICAgICAgICAgIA");
key.X5u = "https://example.com";
key.X5c.Add(Convert.FromBase64String("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="));
using (var bufferWriter = new PooledByteBufferWriter())
{
key.Serialize(bufferWriter);
var json = Encoding.UTF8.GetString(bufferWriter.WrittenSpan.ToArray());
Assert.Contains("\"kid\":\"kid-rsa\"", json);
Assert.Contains("\"key_ops\":[\"sign\"]", json);
Assert.Contains("\"use\":\"sig\"", json);
Assert.Contains("\"x5t\":\"dGhpcyBpcyBhIFNIQTEgdGVzdCE\"", json);
Assert.Contains("\"x5t#S256\":\"dGhpcyBpcyBhIFNIQTI1NiB0ZXN0ISAgICAgICAgICAgIA\"", json);
#if NETCOREAPP
Assert.Contains("\"x5u\":\"" + JsonEncodedText.Encode("https://example.com", Constants.JsonEncoder) + "\"", json);
Assert.Contains("\"x5c\":[\"" + JsonEncodedText.Encode("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==", Constants.JsonEncoder) + "\"]", json);
#else
Assert.Contains("\"x5u\":\"" + JsonEncodedText.Encode("https://example.com") + "\"", json);
Assert.Contains("\"x5c\":[\"" + JsonEncodedText.Encode("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==") + "\"]", json);
#endif
Assert.Contains("\"e\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.E)) + "\"", json);
Assert.Contains("\"n\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.N)) + "\"", json);
Assert.Contains("\"d\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.D)) + "\"", json);
Assert.Contains("\"dp\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.DP)) + "\"", json);
Assert.Contains("\"dq\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.DQ)) + "\"", json);
Assert.Contains("\"p\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.P)) + "\"", json);
Assert.Contains("\"q\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.Q)) + "\"", json);
Assert.Contains("\"qi\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.QI)) + "\"", json);
}
}
public void Build_Jwe()
{
var builder = new JwtDescriptorBuilder();
var now = EpochTime.ToDateTime(EpochTime.UtcNow);
builder
.SignWith(RsaJwk.GenerateKey(2048, true, SignatureAlgorithm.RsaSsaPssSha256))
.EncryptWith(SymmetricJwk.GenerateKey(128), EncryptionAlgorithm.Aes128CbcHmacSha256, KeyManagementAlgorithm.Direct)
.IssuedBy("https://issuer.example.com")
.ExpiresAt(now);
var descriptor = builder.Build();
Assert.IsType <JweDescriptor>(descriptor);
var jwe = (JweDescriptor)descriptor;
Assert.Equal("https://issuer.example.com", jwe.Payload.Issuer);
Assert.Equal(now, jwe.Payload.ExpirationTime);
Assert.Equal(SignatureAlgorithm.RsaSsaPssSha256, jwe.Payload.Algorithm);
Assert.Equal(KeyManagementAlgorithm.Direct, jwe.Algorithm);
Assert.Equal(EncryptionAlgorithm.Aes128CbcHmacSha256, jwe.EncryptionAlgorithm);
}