public void SignReturnsNullOnUnsupported()
{
JsonWebKey jwk = KeyModelFactory.JsonWebKey(KeyType.Ec, curveName: "invalid", keyOps: new[] { KeyOperation.Sign });
EcCryptographyProvider client = new EcCryptographyProvider(new KeyVaultKey {
Key = jwk
});
SignResult result = client.Sign(default, new byte[] { 0xff }, default);
public void SupportsOperationUnauthorizedOperation()
{
JsonWebKey jwk = KeyModelFactory.JsonWebKey(KeyType.Ec, curveName: "invalid", keyOps: new[] { KeyOperation.Verify });
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
Assert.IsFalse(client.SupportsOperation(KeyOperation.Sign));
}
public void SignThrowsOnInvalidKey(JsonWebKey jwk, SignatureAlgorithm algorithm)
{
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
byte[] digest = new byte[1] {
0xff
};
Assert.Throws <ArgumentException>(() => client.Sign(algorithm, digest, default), "Expected exception with wrong key length");
}
public void SupportsOperationUnsupportedCurve()
{
JsonWebKey jwk = KeyModelFactory.JsonWebKey(KeyType.Ec, curveName: "invalid", keyOps: new[] { KeyOperation.Sign, KeyOperation.Verify });
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
// The provider caches the original allow key operations to facilitate tracing. Operation will still be sent to the service.
Assert.IsTrue(client.SupportsOperation(KeyOperation.Sign));
}
public void SupportsOperation(string operationValue, bool supported)
{
JsonWebKey jwk = KeyModelFactory.JsonWebKey(KeyType.Ec, curveName: KeyCurveName.P256, keyOps: new[] { KeyOperation.Sign, KeyOperation.Verify });
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
KeyOperation operation = new KeyOperation(operationValue);
Assert.AreEqual(supported, client.SupportsOperation(operation));
}
public void SignThrowsOnNullDigest()
{
using ECDsa ecdsa = ECDsa.Create();
JsonWebKey jwk = new JsonWebKey(ecdsa);
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
SignatureAlgorithm algorithm = GetSignatureAlgorithm(jwk);
Assert.Throws <ArgumentNullException>(() => client.Sign(algorithm, null, default));
}
public void SignReturnsNullOnUnsupported()
{
JsonWebKey jwk = new JsonWebKey
{
CurveName = "invalid",
KeyOps = new[] { KeyOperation.Sign },
};
EcCryptographyProvider client = new EcCryptographyProvider(jwk);
SignResult result = client.Sign(default, new byte[] { 0xff }, default);
public void SupportsOperationUnsupportedCurve()
{
JsonWebKey jwk = KeyModelFactory.JsonWebKey(KeyType.Ec, curveName: "invalid", keyOps: new[] { KeyOperation.Sign, KeyOperation.Verify });
EcCryptographyProvider client = new EcCryptographyProvider(new KeyVaultKey {
Key = jwk
});
Assert.IsFalse(client.SupportsOperation(KeyOperation.Sign));
}
public void SupportsOperationUnauthorizedOperation()
{
JsonWebKey jwk = new JsonWebKey
{
CurveName = "invalid",
KeyOps = new[] { KeyOperation.Verify },
};
EcCryptographyProvider client = new EcCryptographyProvider(jwk);
Assert.IsFalse(client.SupportsOperation(KeyOperation.Sign));
}
public void SupportsOperation(string operationValue, bool supported)
{
JsonWebKey jwk = new JsonWebKey
{
CurveName = KeyCurveName.P256,
KeyOps = new[] { KeyOperation.Sign, KeyOperation.Verify },
};
EcCryptographyProvider client = new EcCryptographyProvider(jwk);
KeyOperation operation = new KeyOperation(operationValue);
Assert.AreEqual(supported, client.SupportsOperation(operation));
}
public void SupportsOperationUnsupportedCurve()
{
JsonWebKey jwk = new JsonWebKey
{
CurveName = "invalid",
KeyOps = new[] { KeyOperation.Sign, KeyOperation.Verify },
};
EcCryptographyProvider client = new EcCryptographyProvider(new Key {
KeyMaterial = jwk
});
Assert.IsFalse(client.SupportsOperation(KeyOperation.Sign));
}
public void SignReturnsNullWithoutPrivateKey()
{
using ECDsa ecdsa = ECDsa.Create();
ECParameters ecParameters = ecdsa.ExportParameters(false);
ecdsa.ImportParameters(ecParameters);
JsonWebKey jwk = new JsonWebKey(ecdsa)
{
Id = "test",
};
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
SignatureAlgorithm algorithm = GetSignatureAlgorithm(jwk);
Assert.IsNull(client.Sign(algorithm, new byte[] { 0xff }, default));
}
public async Task Sign()
{
using ECDsa ecdsa = ECDsa.Create();
ecdsa.GenerateKey(ECCurve.NamedCurves.nistP256);
JsonWebKey jwk = new JsonWebKey(ecdsa, true)
{
Id = "test"
};
EcCryptographyProvider client = new EcCryptographyProvider(jwk, null);
SignatureAlgorithm algorithm = GetSignatureAlgorithm(jwk);
byte[] digest = new byte[] { 0x9f, 0x86, 0xd0, 0x81, 0x88, 0x4c, 0x7d, 0x65, 0x9a, 0x2f, 0xea, 0xa0, 0xc5, 0x5a, 0xd0, 0x15, 0xa3, 0xbf, 0x4f, 0x1b, 0x2b, 0x0b, 0x82, 0x2c, 0xd1, 0x5d, 0x6c, 0x15, 0xb0, 0xf0, 0x0a, 0x08 };
SignResult result = await client.SignAsync(algorithm, digest, default);
Assert.AreEqual(algorithm, result.Algorithm);
Assert.AreEqual("test", result.KeyId);
Assert.AreEqual(64, result.Signature.Length);
}
