public override void WriteTo()
{
var key = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES256);
key.Kid = JsonEncodedText.Encode("kid-ec");
key.KeyOps.Add(JwkKeyOpsValues.Sign);
key.Use = JwkUseValues.Sig;
key.X5t = Base64Url.Decode("dGhpcyBpcyBhIFNIQTEgdGVzdCE");
key.X5tS256 = Base64Url.Decode("dGhpcyBpcyBhIFNIQTI1NiB0ZXN0ISAgICAgICAgICAgIA");
key.X5u = "https://example.com";
key.X5c.Add(Convert.FromBase64String("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA=="));
using var bufferWriter = new PooledByteBufferWriter();
key.Serialize(bufferWriter);
var json = Encoding.UTF8.GetString(bufferWriter.WrittenSpan.ToArray());
Assert.Contains("\"kid\":\"kid-ec\"", json);
Assert.Contains("\"key_ops\":[\"sign\"]", json);
Assert.Contains("\"use\":\"sig\"", json);
Assert.Contains("\"x5t\":\"dGhpcyBpcyBhIFNIQTEgdGVzdCE\"", json);
Assert.Contains("\"x5t#S256\":\"dGhpcyBpcyBhIFNIQTI1NiB0ZXN0ISAgICAgICAgICAgIA\"", json);
#if NETSTANDARD2_0
Assert.Contains("\"x5u\":\"" + JsonEncodedText.Encode("https://example.com") + "\"", json);
Assert.Contains("\"x5c\":[\"MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K\u002bIiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel\u002bW1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW\u002boyVVkaZdklLQp2Btgt9qr21m42f4wTw\u002bXrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL\u002b9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo\u002bOwb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk\u002bfbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C\u002b2qok\u002b2\u002bqDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR\u002bN5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==\"]", json);
#else
Assert.Contains("\"x5u\":\"" + JsonEncodedText.Encode("https://example.com", JsonSerializationBehavior.JsonEncoder) + "\"", json);
Assert.Contains("\"x5c\":[\"" + JsonEncodedText.Encode("MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==", JsonSerializationBehavior.JsonEncoder) + "\"]", json);
#endif
Assert.Contains("\"crv\":\"P-256\"", json);
Assert.Contains("\"x\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.X)) + "\"", json);
Assert.Contains("\"y\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.Y)) + "\"", json);
Assert.Contains("\"d\":\"" + Encoding.UTF8.GetString(Base64Url.Encode(key.D)) + "\"", json);
}
private static JwsDescriptorWrapper CreateDescriptor(SignatureAlgorithm algorithm)
{
var jwk = algorithm.Category switch
{
Cryptography.AlgorithmCategory.None => Jwk.None,
Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(algorithm),
Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
_ => throw new InvalidOperationException()
};
var descriptor = new JwsDescriptor(jwk, algorithm)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
};
return(new JwsDescriptorWrapper(descriptor));
}
}
public void Equal(EllipticalCurve crv)
{
var key = ECJwk.GeneratePrivateKey(crv);
Assert.True(key.Equals(key));
Assert.Equal(key, key);
var publicKey = key.AsPublicKey();
Assert.NotEqual(key, publicKey);
var copiedKey = ECJwk.FromJson(key.ToString());
Assert.Equal(key, copiedKey);
// 'kid' is not a discriminant, excepted if the value is different.
copiedKey.Kid = default;
Assert.Equal(key, copiedKey);
Assert.Equal(copiedKey, key);
key.Kid = default;
Assert.Equal(key, copiedKey);
key.Kid = JsonEncodedText.Encode("X");
copiedKey.Kid = JsonEncodedText.Encode("Y");
Assert.NotEqual(key, copiedKey);
Assert.NotEqual(key, Jwk.None);
}
private static void GenerateKeys()
{
// The GenerateKey method creates a new crypto-random asymmetric key for elliptic curve algorithms
var ecKey = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES512);
Console.WriteLine("Asymmetric generated JWK for elliptic curve P-521, for ES512 signature algorithm:");
Console.WriteLine(ecKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random asymmetric key for RSA algorithms
// You may specify a bigger key size. The default is the minimum size (2048 bits for RSA)
var rsaKey = RsaJwk.GeneratePrivateKey(SignatureAlgorithm.PS384);
Console.WriteLine("Asymmetric generated JWK of 2048 bits for RSA, for PS384 signature algorithm:");
Console.WriteLine(rsaKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random symmetric key for symmetric algorithms
var symmetricKey = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256);
Console.WriteLine("Symmetric generated JWK of 128 bits, for HS256 signature algorithm:");
Console.WriteLine(symmetricKey);
Console.WriteLine();
// The GenerateKey method creates a new crypto-random aymmetric key for RSA algorithms
var symmetricKey2 = SymmetricJwk.GenerateKey(256, computeThumbprint: false);
Console.WriteLine("Symmetric generated JWK of 256 bits, without specified signature algorithm, without key identifier (the thumbprint):");
Console.WriteLine(symmetricKey2);
Console.WriteLine();
}
public void TryWrapKey_WithStaticKey_Success(EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
var contentEncryptionKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256);
Jwk cek = TryWrapKey_Success(contentEncryptionKey, enc, alg);
Assert.NotNull(cek);
Assert.IsType <SymmetricJwk>(cek);
}
public void GenerateKey(EllipticalCurve crv)
{
var key = ECJwk.GeneratePrivateKey(crv);
Assert.NotNull(key);
var key2 = ECJwk.GeneratePrivateKey(crv.SupportedSignatureAlgorithm);
Assert.NotNull(key2);
}
public override void Canonicalize()
{
var jwk = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES256);
var canonicalizedKey = (ECJwk)CanonicalizeKey(jwk);
Assert.True(canonicalizedKey.D.IsEmpty);
Assert.Equal(EllipticalCurve.P256.Id, canonicalizedKey.Crv.Id);
Assert.False(canonicalizedKey.X.IsEmpty);
Assert.False(canonicalizedKey.Y.IsEmpty);
}
private Jwk TryWrapKey_Success(ECJwk keyToWrap, EncryptionAlgorithm enc, KeyManagementAlgorithm alg)
{
var keyEncryptionKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256);
var wrapper = new EcdhKeyWrapper(keyEncryptionKey, enc, alg);
var cek = WrapKey(wrapper, keyToWrap, out var header);
Assert.Equal(1, header.Count);
Assert.True(header.ContainsKey("epk"));
return(cek);
}
public void Setup()
{
var key = SymmetricJwk.GenerateKey(256);
var rsaKey = RsaJwk.GeneratePrivateKey(2048);
var ecKey = ECJwk.GeneratePrivateKey(EllipticalCurve.P256);
for (int i = 0; i < Count; i++)
{
key.TryGetSigner(SignatureAlgorithm.HS256, out var signer);
id = i;
_dictionary.Add(id, signer);
_concurrentDictionary.TryAdd(id, signer);
_cryptoStore.TryAdd(id, signer);
_cryptoStore2.TryAdd(id, signer);
}
}
private static JweWrapper CreateDescriptor(KeyManagementAlgorithm algorithm, EncryptionAlgorithm encryptionAlgorithm)
{
var jwk = algorithm.Category switch
{
Cryptography.AlgorithmCategory.None => Jwk.None,
Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256, algorithm),
Cryptography.AlgorithmCategory.Rsa => RsaJwk.GeneratePrivateKey(4096, algorithm),
Cryptography.AlgorithmCategory.Aes => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.AesGcm => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Hmac => SymmetricJwk.GenerateKey(algorithm),
Cryptography.AlgorithmCategory.Direct => SymmetricJwk.GenerateKey(encryptionAlgorithm),
Cryptography.AlgorithmCategory.Direct | Cryptography.AlgorithmCategory.EllipticCurve => ECJwk.GeneratePrivateKey(EllipticalCurve.P256),
_ => throw new InvalidOperationException(algorithm.Category.ToString())
};
var descriptor = new JweDescriptor(jwk, algorithm, encryptionAlgorithm)
{
Payload = new JwsDescriptor(Jwk.None, SignatureAlgorithm.None)
{
Payload = new JwtPayload
{
{ JwtClaimNames.Iat, EpochTime.UtcNow },
{ JwtClaimNames.Exp, EpochTime.UtcNow + EpochTime.OneHour },
{ JwtClaimNames.Iss, "https://idp.example.com/" },
{ JwtClaimNames.Aud, "636C69656E745F6964" }
}
}
};
var policy = new TokenValidationPolicyBuilder()
.AcceptUnsecureToken("https://idp.example.com/")
.WithDecryptionKey(jwk)
.Build();
var writer = new JwtWriter();
return(new JweWrapper(writer.WriteToken(descriptor), algorithm, encryptionAlgorithm, policy));
}
}
public void GenerateKey(EllipticalCurve crv)
{
var key = ECJwk.GeneratePrivateKey(crv);
Assert.NotNull(key);
}
