public void CreateAndValidateToken_WhenV2PublicToken_ExpectCorrectClaims()
{
const string expectedClaimType = "name";
const string expectedClaimValue = "scott";
const string issuer = "me";
const string audience = "you";
var signingCredentials = new SigningCredentials(
new EdDsaSecurityKey(new Ed25519PrivateKeyParameters(
Convert.FromBase64String("TYXei5+8Qd2ZqKIlEuJJ3S50WYuocFTrqK+3/gHVH9B2hpLtAgscF2c9QuWCzV9fQxal3XBqTXivXJPpp79vgw=="), 0)), ExtendedSecurityAlgorithms.EdDsa);
var verificationKeys =
new EdDsaSecurityKey(new Ed25519PublicKeyParameters(Convert.FromBase64String("doaS7QILHBdnPULlgs1fX0MWpd1wak14r1yT6ae/b4M="), 0));
var handler = new PasetoTokenHandler();
var token = handler.CreateToken(new PasetoSecurityTokenDescriptor(PasetoConstants.Versions.V2, PasetoConstants.Purposes.Public)
{
Issuer = issuer,
Audience = audience,
Claims = new Dictionary <string, object> {
{ expectedClaimType, expectedClaimValue }
},
SigningCredentials = signingCredentials
});
var result = handler.ValidateToken(token, new TokenValidationParameters
{
ValidIssuer = issuer,
ValidAudience = audience,
IssuerSigningKey = verificationKeys
});
result.IsValid.Should().BeTrue();
result.ClaimsIdentity.HasClaim(expectedClaimType, expectedClaimValue).Should().BeTrue();
}
public void Create_WhenAlgorithmIsNotEdDsaButHasEdDsaSecurityKey_ExpectNotSupportedException()
{
var keyPairGenerator = new Ed25519KeyPairGenerator();
keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom()));
var keyPair = keyPairGenerator.GenerateKeyPair();
var securityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public);
Assert.Throws <NotSupportedException>(() => sut.Create(SecurityAlgorithms.RsaSha256, securityKey));
}
public void ctor_ExpectPropertiesSet()
{
var keyPairGenerator = new Ed25519KeyPairGenerator();
keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom()));
var keyPair = keyPairGenerator.GenerateKeyPair();
var expectedSecurityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public);
var expectedAlgorithm = ExtendedSecurityAlgorithms.EdDsa;
var provider = new EdDsaSignatureProvider(expectedSecurityKey, expectedAlgorithm);
provider.Key.Should().Be(expectedSecurityKey);
provider.Algorithm.Should().Be(expectedAlgorithm);
}
public void ctor_WhenEd25519PublicKey_ExpectKeySetAndCorrectCurve()
{
var keyPair = GenerateEd25519KeyPair();
var securityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public);
securityKey.CryptoProviderFactory.CustomCryptoProvider.Should().BeOfType <ExtendedCryptoProvider>();
securityKey.KeyParameters.Should().Be(keyPair.Public);
securityKey.Curve.Should().Be(ExtendedSecurityAlgorithms.Curves.Ed25519);
securityKey.PrivateKeyStatus.Should().Be(PrivateKeyStatus.DoesNotExist);
#pragma warning disable 618
securityKey.HasPrivateKey.Should().BeFalse();
#pragma warning restore 618
}
public void Sign_WhenSigningWithEd25519Curve_ExpectCorrectSignature()
{
const string plaintext =
"eyJraWQiOiIxMjMiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJhdWQiOiJ5b3UiLCJzdWIiOiJib2IiLCJpc3MiOiJtZSIsImV4cCI6MTU5MDg0MTg4N30";
const string expectedSignature =
"OyBxBr344Ny-0vRCeEMLSnuEO1IecybvJBivrjum4d-dgN5WLnEAGAO43MlZeRGn1F3fRXO_xlYot68PtDuiAA";
const string privateKey = "FU1F1QTjYwfB-xkO6aknnBifE_Ywa94U04xpd-XJfBs";
var edDsaSecurityKey = new EdDsaSecurityKey(new Ed25519PrivateKeyParameters(Base64UrlEncoder.DecodeBytes(privateKey), 0));
var signatureProvider = new EdDsaSignatureProvider(edDsaSecurityKey, ExtendedSecurityAlgorithms.EdDsa);
var signature = signatureProvider.Sign(System.Text.Encoding.UTF8.GetBytes(plaintext));
signature.Should().BeEquivalentTo(Base64UrlEncoder.DecodeBytes(expectedSignature));
}
public void Create_WhenAlgorithmIsEdDsaWithEdDsaSecurityKey_ExpectEdDsaSignatureProvider()
{
var keyPairGenerator = new Ed25519KeyPairGenerator();
keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom()));
var keyPair = keyPairGenerator.GenerateKeyPair();
var securityKey = new EdDsaSecurityKey((Ed25519PublicKeyParameters)keyPair.Public);
var signatureProvider = sut.Create(ExtendedSecurityAlgorithms.EdDsa, securityKey);
var edDsaSignatureProvider = Assert.IsType <EdDsaSignatureProvider>(signatureProvider);
edDsaSignatureProvider.Algorithm.Should().Be(ExtendedSecurityAlgorithms.EdDsa);
edDsaSignatureProvider.Key.Should().Be(securityKey);
}
public void Verify_WhenJwtSignedWithEd25519Curve_ExpectTrue()
{
const string plaintext =
"eyJraWQiOiIxMjMiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJhdWQiOiJ5b3UiLCJzdWIiOiJib2IiLCJpc3MiOiJtZSIsImV4cCI6MTU5MDg0MTg4N30";
const string signature =
"OyBxBr344Ny-0vRCeEMLSnuEO1IecybvJBivrjum4d-dgN5WLnEAGAO43MlZeRGn1F3fRXO_xlYot68PtDuiAA";
const string publicKey = "60mR98SQlHUSeLeIu7TeJBTLRG10qlcDLU4AJjQdqMQ";
var edDsaSecurityKey = new EdDsaSecurityKey(new Ed25519PublicKeyParameters(Base64UrlEncoder.DecodeBytes(publicKey), 0));
var signatureProvider = new EdDsaSignatureProvider(edDsaSecurityKey, ExtendedSecurityAlgorithms.EdDsa);
var isValidSignature = signatureProvider.Verify(
System.Text.Encoding.UTF8.GetBytes(plaintext),
Base64UrlEncoder.DecodeBytes(signature));
isValidSignature.Should().BeTrue();
}
