public IJwsTool JwsTool()
{
if (KeyType.StartsWith("ES"))
{
var tool = new ESJwsTool
{
HashSize = int.Parse(KeyType.Substring(2))
};
tool.Init();
tool.Import(KeyExport);
return(tool);
}
if (KeyType.StartsWith("RS"))
{
var tool = new RSJwsTool
{
KeySize = int.Parse(KeyType.Substring(2))
};
tool.Init();
tool.Import(KeyExport);
return(tool);
}
throw new Exception($"Unknown or unsupported KeyType [{KeyType}]");
}
public void SerDesEC()
{
var rng = RandomNumberGenerator.Create();
for (var i = 0; i < 1000; i++)
{
var original = new ESJwsTool(); // Default for ISigner
original.Init();
var rawX = new byte[8034];
rng.GetBytes(rawX);
var sigX = original.Sign(rawX);
var exported = original.Export();
var copy = new ESJwsTool();
copy.Init();
copy.Import(exported);
var verified = copy.Verify(rawX, sigX);
Assert.AreEqual(true, verified);
}
}
void ValidateAccount(DbAccount acct, JwsSignedPayload signedPayload)
{
var ph = ExtractProtectedHeader(signedPayload);
var jwk = JsonConvert.DeserializeObject <Dictionary <string, string> >(acct.Jwk);
if (string.IsNullOrEmpty(ph.Alg))
{
throw new Exception("invalid JWS header, missing 'alg'");
}
if (string.IsNullOrEmpty(ph.Url))
{
throw new Exception("invalid JWS header, missing 'url'");
}
if (string.IsNullOrEmpty(ph.Nonce))
{
throw new Exception("invalid JWS header, missing 'nonce'");
}
IJwsTool tool = null;
switch (ph.Alg)
{
case "RS256":
tool = new RSJwsTool {
HashSize = 256
};
((RSJwsTool)tool).ImportJwk(acct.Jwk);
break;
case "RS384":
tool = new RSJwsTool {
HashSize = 384
};
((RSJwsTool)tool).ImportJwk(acct.Jwk);
break;
case "RS512":
tool = new RSJwsTool {
HashSize = 512
};
((RSJwsTool)tool).ImportJwk(acct.Jwk);
break;
case "ES256":
tool = new ESJwsTool {
HashSize = 256
};
break;
case "ES384":
tool = new ESJwsTool {
HashSize = 384
};
break;
case "ES512":
tool = new ESJwsTool {
HashSize = 512
};
break;
default:
throw new Exception("unknown or unsupported signature algorithm");
}
var sig = CryptoHelper.Base64.UrlDecode(signedPayload.Signature);
var pld = CryptoHelper.Base64.UrlDecode(signedPayload.Payload);
var prt = CryptoHelper.Base64.UrlDecode(signedPayload.Protected);
var sigInput = $"{signedPayload.Protected}.{signedPayload.Payload}";
var sigInputBytes = Encoding.ASCII.GetBytes(sigInput);
if (!tool.Verify(sigInputBytes, sig))
{
throw new Exception("account signature failure");
}
}
