public void Decrypt_NoMatchingRecipient_Throws()
{
//given
byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
var recipients = new Recipient[]
{
recipientAes256KW1,
recipientAes256KW2,
};
var sharedProtectedHeaders = new Dictionary <string, object>
{
{ "cty", "application/octet-string" },
};
var jwe = JWE.Encrypt(
plaintext: payload,
recipients: recipients,
JweEncryption.A256GCM,
mode: SerializationMode.Json,
extraHeaders: sharedProtectedHeaders);
//when
var exception = Record.Exception(() => { JWE.Decrypt(jwe, aes256KWKey3); });
//then
Assert.IsType <IntegrityException>(exception);
Assert.Equal("AesKeyWrap integrity check failed.", exception.Message);
}
public void Encrypt_WithAdditionalAuthenticatedData_PopulatesAad()
{
//given
var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk));
var plaintext = Rfc7520_Figure72_ExamplePlaintext;
//when
var jwe = JWE.Encrypt(
UTF8Encoding.UTF8.GetBytes(Rfc7520_Figure72_ExamplePlaintext),
new Recipient[] { new Recipient(JweAlgorithm.A128KW, key) },
JweEncryption.A128CBC_HS256,
aad: Base64Url.Decode(Rfc7520_Figure176_ExampleBase64UrlEncodedAad),
mode: SerializationMode.Json);
//then
#if NETCOREAPP
JObject deserialized = JObject.Parse(jwe);
var base64UrlAad = (string)deserialized["aad"];
Assert.NotNull(base64UrlAad);
Assert.Equal(Rfc7520_Figure176_ExampleBase64UrlEncodedAad, base64UrlAad);
#else
throw new NotImplementedException("Test not currently implemented on net461");
#endif
}
public void EncryptDecrypt_ModeGeneralJsonRoundTripMultipleRecipients_ValidRecipientsCanDecrypt(object decryptKey)
{
//given
byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
var recipients = new Recipient[]
{
recipientAes256KW1,
recipientAes256KW2,
recipientRsa1,
};
var sharedProtectedHeaders = new Dictionary <string, object>
{
{ "cty", "application/octet-string" },
};
//when
var jwe = JWE.Encrypt(
plaintext: payload,
recipients: recipients,
JweEncryption.A256GCM,
mode: SerializationMode.Json,
extraHeaders: sharedProtectedHeaders);
var decrypted = JWE.Decrypt(jwe, decryptKey);
//then
Assert.Equal(payload, decrypted.Plaintext);
}
public void Decrypt_MultipleRecipients_MismatchEncOrAlgThrows(JweEncryption expectedJweEnc, JweAlgorithm expectedJweAlg, string expectedMessage)
{
//given
byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
var recipients = new Recipient[]
{
recipientAes256KW1,
recipientAes256KW2,
recipientRsa1,
};
var sharedProtectedHeaders = new Dictionary <string, object>
{
{ "cty", "application/octet-string" },
};
var jwe = JWE.Encrypt(
plaintext: payload,
recipients: recipients,
JweEncryption.A256GCM,
mode: SerializationMode.Json,
extraHeaders: sharedProtectedHeaders);
//when
var exception = Record.Exception(() => JWE.Decrypt(jwe, aes256KWKey2, expectedJweAlg, expectedJweEnc));
//then
Assert.IsType <InvalidAlgorithmException>(exception);
Assert.Equal(expectedMessage, exception.Message);
}
void Encrypt_WithNonUniqueHeaderParameterNamesInRecipientHeaders_Throws(string injectedHeaderName)
{
//given
byte[] plaintext = { };
//when
var exception = Record.Exception(() => JWE.Encrypt(
plaintext: plaintext,
recipients: new Recipient[]
{
new Recipient(
JweAlgorithm.A256KW,
aes256KWKey1,
new Dictionary <string, object>
{
{ "kid", "my_key_reference" },
{ "example.com:extra_recipient_header", "value1" },
{ injectedHeaderName, string.Empty },
})
},
JweEncryption.A128CBC_HS256,
mode: SerializationMode.Json,
extraHeaders: new Dictionary <string, object>
{
{ "cty", "text/plain" },
{ "example.com:extra_header", "another value" },
}));
//then
Assert.NotNull(exception);
Assert.IsType <ArgumentException>(exception);
Assert.StartsWith("An item with the same key has already been added.", exception.Message);
}
public void Encrypt_ModeJsonTwoRecipientsWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults()
{
//given
byte[] plaintext = { };
//when
var jwe = JWE.Encrypt(
plaintext: plaintext,
recipients: new Recipient[] { recipientAes128KW, recipientAes128KW },
JweEncryption.A128CBC_HS256,
mode: SerializationMode.Json);
//then
Console.Out.WriteLine("Empty bytes A128KW_A128CBC_HS256 (General Json Serialization) = {0}", jwe);
JObject deserialized = JObject.Parse(jwe);
Assert.Equal("{\"enc\":\"A128CBC-HS256\"}",
UTF8Encoding.UTF8.GetString(Base64Url.Decode((string)deserialized["protected"])));
Assert.True(deserialized["recipients"] is JArray);
Assert.Equal(2, ((JArray)deserialized["recipients"]).Count);
var recipient0 = ((JArray)deserialized["recipients"])[0];
Assert.True(recipient0["header"] is JObject);
Assert.Equal("{\"alg\":\"A128KW\"}", recipient0["header"].ToString(Newtonsoft.Json.Formatting.None));
Assert.Equal("A128KW", recipient0["header"]["alg"]);
Assert.Equal(54, ((string)recipient0["encrypted_key"]).Length); //CEK size
Assert.Equal(22, ((string)deserialized["iv"]).Length); //IV size
Assert.Equal(22, ((string)deserialized["ciphertext"]).Length); //cipher text size
Assert.Equal(22, ((string)deserialized["tag"]).Length); //auth tag size
Assert.Equal(new byte[0], JWE.Decrypt(jwe, aes128KWKey).Plaintext);
}
public void Encrypt_ModeJsonOneRecipientWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults()
{
//given
byte[] plaintext = { };
//when
var jwe = JWE.Encrypt(
plaintext: plaintext,
recipients: new Recipient[] { recipientAes128KW },
JweEncryption.A128CBC_HS256,
mode: SerializationMode.Json);
//then
Console.Out.WriteLine("Empty bytes A128KW_A128CBC_HS256 (Flattened Json Serialization) = {0}", jwe);
#if NETCOREAPP
JObject deserialized = JObject.Parse(jwe);
Assert.Equal("{\"enc\":\"A128CBC-HS256\"}",
UTF8Encoding.UTF8.GetString(Base64Url.Decode((string)deserialized["protected"])));
Assert.True(deserialized["header"] is JObject);
Assert.Equal("{\"alg\":\"A128KW\"}", deserialized["header"].ToString(Newtonsoft.Json.Formatting.None));
Assert.Equal("A128KW", deserialized["header"]["alg"]);
Assert.Equal(54, ((string)deserialized["encrypted_key"]).Length); //CEK size
Assert.Equal(22, ((string)deserialized["iv"]).Length); //IV size
Assert.Equal(22, ((string)deserialized["ciphertext"]).Length); //cipher text size
Assert.Equal(22, ((string)deserialized["tag"]).Length); //auth tag size
Assert.Equal(new byte[0], JWE.Decrypt(jwe, aes128KWKey).Plaintext);
#else
throw new NotImplementedException("Test not currently implemented on net461");
#endif
}
public void EncryptDecrypt_RoundTripOneRecipient_PlaintextSurvives(SerializationMode mode)
{
//given
byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
var recipients = new Recipient[]
{
recipientAes256KW1,
};
var sharedProtectedHeaders = new Dictionary <string, object>
{
{ "cty", "application/octet-string" },
};
//when
var jwe = JWE.Encrypt(
plaintext: payload,
recipients: recipients,
JweEncryption.A256GCM,
mode: mode,
extraHeaders: sharedProtectedHeaders);
var decrypted = JWE.Decrypt(jwe, aes256KWKey1);
//then
Assert.Equal(payload, decrypted.Plaintext);
}
public void Encrypt_ModeCompactWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults()
{
//given
byte[] plaintext = { };
//when
var jwe = JWE.Encrypt(
plaintext: plaintext,
recipients: new Recipient[] { recipientAes128KW },
JweEncryption.A128CBC_HS256);
//then
Console.Out.WriteLine("Empty bytes A128KW_A128CBC_HS256 = {0}", jwe);
string[] parts = jwe.Split('.');
Assert.Equal(5, parts.Length); //Make sure 5 parts
Assert.Equal("{\"alg\":\"A128KW\",\"enc\":\"A128CBC-HS256\"}",
UTF8Encoding.UTF8.GetString(Base64Url.Decode(parts[0])));
Assert.Equal("eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", parts[0]); //Header is non-encrypted and static text
Assert.Equal(54, parts[1].Length); //CEK size
Assert.Equal(22, parts[2].Length); //IV size
Assert.Equal(22, parts[3].Length); //cipher text size
Assert.Equal(22, parts[4].Length); //auth tag size
Assert.Equal(new byte[0], JWE.Decrypt(jwe, aes128KWKey).Plaintext);
}
public void Decrypt_WithAdditionalAuthenticatedDataTampered_Throws()
{
//given
var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk));
var tamperedJwe = Rfc7520_5_10_ExampleJwe.Replace("aad\": \"W", "aad\": \"V");
//when
var exception = Record.Exception(() => JWE.Decrypt(tamperedJwe, key));
//then
Assert.IsType <EncryptionException>(exception);
Assert.Equal("Unable to decrypt content or authentication tag do not match.", exception.Message);
}
public void EncryptDecrypt_WithAdditionalAuthenticatedData_RoundtripOk()
{
//given
var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk));
var plaintext = Rfc7520_Figure72_ExamplePlaintext;
//when
var jwe = JWE.Encrypt(
UTF8Encoding.UTF8.GetBytes(Rfc7520_Figure72_ExamplePlaintext),
new Recipient[] { new Recipient(JweAlgorithm.A128KW, key) },
JweEncryption.A128CBC_HS256,
mode: SerializationMode.Json);
//then
var decrypted = JWE.Decrypt(jwe, key);
Assert.Equal(plaintext, UTF8Encoding.UTF8.GetString(decrypted.Plaintext));
}
public void Decrypt_Rfc7516AppendixA23DecryptWithFirstRecipient_ExpectedResults()
{
//given
var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7516_A_2_3_ExampleJwk));
//when
var decrypted = JWE.Decrypt(Rfc7516_A_4_7_ExampleJwe, key);
//then
Assert.Equal("Live long and prosper.", UTF8Encoding.UTF8.GetString(decrypted.Plaintext));
Assert.Equal(4, decrypted.JoseHeaders.Count);
Assert.Equal("RSA1_5", decrypted.JoseHeaders["alg"]);
Assert.Equal("2011-04-29", decrypted.JoseHeaders["kid"]);
Assert.Equal("A128CBC-HS256", decrypted.JoseHeaders["enc"]);
Assert.Equal("https://server.example.com/keys.jwks", decrypted.JoseHeaders["jku"]);
}
public void UnsafeJoseHeaders_ModeCompactWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults()
{
//given
byte[] plaintext = { };
var jwe = JWE.Encrypt(
plaintext: plaintext,
recipients: new Recipient[] { recipientAes128KW },
JweEncryption.A128CBC_HS256,
mode: SerializationMode.Compact);
//when
var headers = JWE.UnsafeJoseHeaders(jwe);
//then
Assert.Single(headers);
Assert.Equal(2, headers.ElementAt(0).Count());
Assert.Equal("A128CBC-HS256", headers.ElementAt(0)["enc"]);
Assert.Equal("A128KW", headers.ElementAt(0)["alg"]);
}
public void Decrypt_WithAdditionalAuthenticatedDataOk_ReturnsExpectedResults()
{
//given
var jwk = new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk);
var key = GetLegacyKeyObjectFromJwk(jwk);
var kid = jwk.Kid;
//when
var decrypted = JWE.Decrypt(Rfc7520_5_10_ExampleJwe, key);
//then
Assert.Equal(Rfc7520_Figure72_ExamplePlaintext, UTF8Encoding.UTF8.GetString(decrypted.Plaintext));
Assert.Equal(3, decrypted.JoseHeaders.Count);
Assert.Equal(jwk.Alg, decrypted.JoseHeaders["alg"]);
Assert.Equal(jwk.Kid, decrypted.JoseHeaders["kid"]);
Assert.Equal("A128GCM", decrypted.JoseHeaders["enc"]);
Assert.Equal(Rfc7520_5_10_1_ExampleAadString, UTF8Encoding.UTF8.GetString(decrypted.Aad));
}
public void Encrypt_WithMoreThanOneRecipient_Throws(SerializationMode mode, string expectedMessage)
{
//given
byte[] plaintext = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
var recipients = new Recipient[]
{
recipientAes256KW1,
recipientAes256KW2,
};
//when
var exception = Record.Exception(() => JWE.Encrypt(
plaintext: plaintext,
recipients: recipients,
JweEncryption.A256GCM,
mode: mode));
//then
Assert.IsType <JoseException>(exception);
Assert.Equal(expectedMessage, exception.Message);
}
public void UnsafeJoseHeaders_Rfc7516AppendixA23_ExpectedResults()
{
//given
//when
var headers = JWE.UnsafeJoseHeaders(Rfc7516_A_4_7_ExampleJwe);
//then
Assert.Equal(2, headers.Count());
Assert.Equal(4, headers.ElementAt(0).Count());
Assert.Equal("A128CBC-HS256", headers.ElementAt(0)["enc"]);
Assert.Equal("https://server.example.com/keys.jwks", headers.ElementAt(0)["jku"]);
Assert.Equal("RSA1_5", headers.ElementAt(0)["alg"]);
Assert.Equal("2011-04-29", headers.ElementAt(0)["kid"]);
Assert.Equal(4, headers.ElementAt(1).Count());
Assert.Equal("A128CBC-HS256", headers.ElementAt(0)["enc"]);
Assert.Equal("https://server.example.com/keys.jwks", headers.ElementAt(1)["jku"]);
Assert.Equal("A128KW", headers.ElementAt(1)["alg"]);
Assert.Equal("7", headers.ElementAt(1)["kid"]);
}
public void Encrypt_MultipleRecipient_SpecialCasesHandled(Recipient[] recipients, string expectedError)
{
//given
byte[] plaintext = { };
//when
var exception = Record.Exception(() => JWE.Encrypt(
plaintext: plaintext,
recipients: recipients,
JweEncryption.A128CBC_HS256,
mode: SerializationMode.Json));
//then
if (expectedError == null)
{
Assert.Null(exception);
}
else
{
Assert.IsType <JoseException>(exception);
Assert.Equal(expectedError, exception.Message);
}
}
/// <summary>汎用認証サイトの発行したJWT形式のTokenを検証する。</summary>
/// <param name="jwtToken">JWT形式のToken</param>
/// <param name="jwtPayload">
/// JWS, JWS + JEWの場合があるのでペイロードを返す。
/// </param>
/// <returns>検証結果</returns>
public static bool Verify(string jwtToken, out string jwtPayload)
{
jwtPayload = "";
JWE jwe = null;
JWS jws = null;
// 復号化(JWEの場合)
bool isJWE_FAPI2 = false;
if (3 < jwtToken.Split('.').Length)
{
isJWE_FAPI2 = true;
// ヘッダ
JWE_Header jweHeader = JsonConvert.DeserializeObject <JWE_Header>(
CustomEncode.ByteToString(CustomEncode.FromBase64UrlString(jwtToken.Split('.')[0]), CustomEncode.UTF_8));
if (jweHeader.alg == JwtConst.RSA_OAEP)
{
jwe = new JWE_RsaOaepAesGcm_X509(
CmnClientParams.RsaPfxFilePath,
CmnClientParams.RsaPfxPassword);
}
else if (jweHeader.alg == JwtConst.RSA1_5)
{
jwe = new JWE_Rsa15A128CbcHS256_X509(
CmnClientParams.RsaPfxFilePath,
CmnClientParams.RsaPfxPassword);
}
else
{
throw new NotSupportedException(string.Format(
"This jwe alg of {0} is not supported.", jweHeader.alg));
}
jwe.Decrypt(jwtToken, out jwtToken);
}
else
{
isJWE_FAPI2 = false;
}
// 検証
// ヘッダ
JWS_Header jwsHeader = JsonConvert.DeserializeObject <JWS_Header>(
CustomEncode.ByteToString(CustomEncode.FromBase64UrlString(jwtToken.Split('.')[0]), CustomEncode.UTF_8));
if (jwsHeader.alg == JwtConst.ES256 && isJWE_FAPI2)
{
} // 正常
else if (jwsHeader.alg == JwtConst.RS256 && !isJWE_FAPI2)
{
} // 正常
else
{
throw new NotSupportedException("Unexpected combination of JWS and JWE.");
}
// 証明書を使用するか、Jwkを使用するか判定
if (string.IsNullOrEmpty(jwsHeader.jku) ||
string.IsNullOrEmpty(jwsHeader.kid))
{
// 旧バージョン(証明書を使用
if (isJWE_FAPI2)
{
#if NET45 || NET46
throw new NotSupportedException("FAPI2 is not supported in this dotnet version.");
#else
jws = new JWS_ES256_X509(CmnClientParams.EcdsaCerFilePath, "");
#endif
}
else
{
jws = new JWS_RS256_X509(CmnClientParams.RsaCerFilePath, "");
}
}
else
{
// 新バージョン(Jwkを使用
if (string.IsNullOrEmpty(OAuth2AndOIDCParams.JwkSetFilePath))
{
// jku(jwks_uri)使用のカバレッジ
// Client側
JObject jwkObject = JwkSetStore.GetInstance().GetJwkObject(jwsHeader.kid);
// チェック
if (jwkObject == null)
{
// 書込
jwkObject = JwkSetStore.GetInstance().SetJwkSetObject(jwsHeader.jku, jwsHeader.kid);
}
// チェック
if (jwkObject == null)
{
// 証明書を使用
if (isJWE_FAPI2)
{
#if NET45 || NET46
throw new NotSupportedException("FAPI2 is not supported in this dotnet version.");
#else
jws = new JWS_ES256_X509(CmnClientParams.EcdsaCerFilePath, "");
#endif
}
else
{
jws = new JWS_RS256_X509(CmnClientParams.RsaCerFilePath, "");
}
}
else
{
// Jwkを使用
if (isJWE_FAPI2)
{
#if NET45 || NET46
throw new NotSupportedException("FAPI2 is not supported in this dotnet version.");
#else
EccPublicKeyConverter epkc = new EccPublicKeyConverter();
jws = new JWS_ES256_Param(epkc.JwkToParam(jwkObject), false);
#endif
}
else
{
RsaPublicKeyConverter rpkc = new RsaPublicKeyConverter();
jws = new JWS_RS256_Param(rpkc.JwkToParam(jwkObject));
}
}
}
else
{
// JwkSet使用のカバレッジ
// AuthZ側でClient側テストを行うためのカバレージ
JObject jwkObject = null;
if (ResourceLoader.Exists(OAuth2AndOIDCParams.JwkSetFilePath, false))
{
JwkSet jwkSet = JwkSet.LoadJwkSet(OAuth2AndOIDCParams.JwkSetFilePath);
jwkObject = JwkSet.GetJwkObject(jwkSet, jwsHeader.kid);
}
if (jwkObject == null)
{
// 証明書を使用
if (isJWE_FAPI2)
{
#if NET45 || NET46
throw new NotSupportedException("FAPI2 is not supported in this dotnet version.");
#else
jws = new JWS_ES256_X509(CmnClientParams.EcdsaCerFilePath, "");
#endif
}
else
{
jws = new JWS_RS256_X509(CmnClientParams.RsaCerFilePath, "");
}
}
else
{
// Jwkを使用
if (isJWE_FAPI2)
{
#if NET45 || NET46
throw new NotSupportedException("FAPI2 is not supported in this dotnet version.");
#else
EccPublicKeyConverter epkc = new EccPublicKeyConverter();
jws = new JWS_ES256_Param(epkc.JwkToParam(jwkObject), false);
#endif
}
else
{
RsaPublicKeyConverter rpkc = new RsaPublicKeyConverter();
jws = new JWS_RS256_Param(rpkc.JwkToParam(jwkObject));
}
}
}
}
bool ret = jws.Verify(jwtToken);
if (ret)
{
jwtPayload = CustomEncode.ByteToString(
CustomEncode.FromBase64UrlString(jwtToken.Split('.')[1]), CustomEncode.us_ascii);
}
return(ret);
}
/// <summary>MyJwt</summary>
private static void MyJwt()
{
#region Variables
string temp = "";
bool ret = false;
#region Env
OperatingSystem os = Environment.OSVersion;
// https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947
// *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。
// Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。
X509KeyStorageFlags x509KSF = 0;
if (os.Platform == PlatformID.Win32NT)
{
x509KSF = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable;
}
else //if (os.Platform == PlatformID.Unix)
{
x509KSF = X509KeyStorageFlags.DefaultKeySet;
}
#endregion
#region Token
string token = "";
IDictionary <string, object> payload = null;
payload = new Dictionary <string, object>()
{
{ "sub", "*****@*****.**" },
{ "exp", 1300819380 }
};
string payloadString = JsonConvert.SerializeObject(payload);
#endregion
#region Keys
string jwk = "";
#endregion
#region JWS
// RS256
JWS_RS256_X509 jWS_RS256_X509 = null;
JWS_RS256_Param jWS_RS256_Param = null;
// ES256
#if NETCORE || NET47
JWS_ES256_X509 jWS_ES256_X509 = null;
JWS_ES256_Param jWS_ES256_Param = null;
#endif
#endregion
#region JWE
JWE jwe = null;
#endregion
#endregion
#region Jws
if (os.Platform == PlatformID.Win32NT)
{
#region RSA(RS256)
// 署名(X509)
jWS_RS256_X509 = new JWS_RS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
token = jWS_RS256_X509.Create(payloadString);
MyDebug.InspectJwt("JWS_RS256_X509.Create", token);
// 鍵の相互変換
jwk = RsaPublicKeyConverter.ParamToJwk(((RSA)jWS_RS256_X509.DigitalSignX509.AsymmetricAlgorithm).ExportParameters(false));
MyDebug.OutputDebugAndConsole("RSA JWK", jwk);
// 検証(X509)
jWS_RS256_X509 = new JWS_RS256_X509(Program.PublicRsaX509Path, "", x509KSF);
MyDebug.OutputDebugAndConsole("JWS_RS256_X509.Verify", jWS_RS256_X509.Verify(token).ToString());
// 検証(Param)
jWS_RS256_Param = new JWS_RS256_Param(RsaPublicKeyConverter.JwkToParam(jwk));
MyDebug.OutputDebugAndConsole("JWS_RS256_Param.Verify", jWS_RS256_Param.Verify(token).ToString());
#endregion
// DSA
#if NETCORE || NET47
#region ECDsa(ES256)
// 署名(X509)
jWS_ES256_X509 = new JWS_ES256_X509(Program.PrivateECDsaX509Path, Program.PfxPassword);
token = jWS_ES256_X509.Create(payloadString);
MyDebug.InspectJwt("JWS_ES256_X509.Create", token);
// 鍵の相互変換
jwk = EccPublicKeyConverter.ParamToJwk(
((ECDsa)jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm).ExportParameters(false));
MyDebug.OutputDebugAndConsole("ECDSA JWK", jwk);
// 検証(X509)
jWS_ES256_X509 = new JWS_ES256_X509(Program.PublicECDsaX509Path, "");
MyDebug.OutputDebugAndConsole("JWS_ES256_X509.Verify", jWS_ES256_X509.Verify(token).ToString());
#if NET47 || NETCOREAPP3_0
// 検証(Param)
//// Core2.0-2.2 on WinでVerifyがエラーになる。
//// DigitalSignECDsaOpenSslを試してみるが生成できない、
//// Core on Win に OpenSSLベースのプロバイダは無いため)
jWS_ES256_Param = new JWS_ES256_Param(EccPublicKeyConverter.JwkToParam(jwk), false);
MyDebug.OutputDebugAndConsole("JWS_ES256_Param.Verify", jWS_ES256_Param.Verify(token).ToString());
#elif NETCOREAPP2_0
// Core2.0-2.2 on Winで ECDsaCngは動作しない。
#endif
// ★ xLibTest
Program.VerifyResult("JwsAlgorithm.xLibTest", token, jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm, JwsAlgorithm.ES256);
#endregion
#endif
}
else //if (os.Platform == PlatformID.Unix)
{
#if NETCORE
#region RSA(RS256)
// 署名(X509)
jWS_RS256_X509 = new JWS_RS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
token = jWS_RS256_X509.Create(payloadString);
MyDebug.InspectJwt("JWS_RS256_X509.Create", token);
// 鍵の相互変換
jwk = RsaPublicKeyConverter.ParamToJwk(((RSA)jWS_RS256_X509.DigitalSignX509.AsymmetricAlgorithm).ExportParameters(false));
MyDebug.OutputDebugAndConsole("RSA JWK", jwk);
// 検証(X509)
jWS_RS256_X509 = new JWS_RS256_X509(Program.PublicRsaX509Path, "", x509KSF);
MyDebug.OutputDebugAndConsole("JWS_RS256_X509.Verify", jWS_RS256_X509.Verify(token).ToString());
// 検証(Param)
jWS_RS256_Param = new JWS_RS256_Param(RsaPublicKeyConverter.JwkToParam(jwk));
MyDebug.OutputDebugAndConsole("JWS_RS256_Param.Verify", jWS_RS256_Param.Verify(token).ToString());
#endregion
// DSA
#region ECDsa(ES256)
// 署名(X509)
jWS_ES256_X509 = new JWS_ES256_X509(Program.PrivateECDsaX509Path, Program.PfxPassword);
token = jWS_ES256_X509.Create(payloadString);
MyDebug.InspectJwt("JWS_ES256_X509.Create", token);
// 鍵の相互変換
jwk = EccPublicKeyConverter.ParamToJwk(
((ECDsa)jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm).ExportParameters(false));
MyDebug.OutputDebugAndConsole("ECDSA JWK", jwk);
// 検証(X509)
jWS_ES256_X509 = new JWS_ES256_X509(Program.PublicECDsaX509Path, "");
MyDebug.OutputDebugAndConsole("JWS_ES256_X509.Verify", jWS_ES256_X509.Verify(token).ToString());
// 検証(Param)
jWS_ES256_Param = new JWS_ES256_Param(EccPublicKeyConverter.JwkToParam(jwk), false);
MyDebug.OutputDebugAndConsole("JWS_ES256_Param.Verify", jWS_ES256_X509.Verify(token).ToString());
// ★ xLibTest
Program.VerifyResult("JwsAlgorithm.xLibTest", token, jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm, JwsAlgorithm.ES256);
#endregion
#endif
}
#endregion
#region Jwe
#region RsaOaepAesGcm
// 暗号化
jwe = new JWE_RsaOaepAesGcm_X509(Program.PublicRsaX509Path, "", x509KSF);
token = jwe.Create(payloadString);
// 復号化
jwe = new JWE_RsaOaepAesGcm_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
ret = jwe.Decrypt(token, out temp);
MyDebug.OutputDebugAndConsole("JWE_RsaOaepAesGcm_X509.Decrypt", ret.ToString() + " : " + temp);
// ★ xLibTest
Program.VerifyResult("JweAlgorithm.xLibTest", token,
jwe.ASymmetricCryptography.AsymmetricAlgorithm, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);
#endregion
#region Rsa15A128CbcHS256
// 暗号化
jwe = new JWE_Rsa15A128CbcHS256_X509(Program.PublicRsaX509Path, "", x509KSF);
token = jwe.Create(payloadString);
// 復号化
jwe = new JWE_Rsa15A128CbcHS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
ret = jwe.Decrypt(token, out temp);
MyDebug.OutputDebugAndConsole("JWE_Rsa15A128CbcHS256_X509.Decrypt", ret.ToString() + " : " + temp);
// ★ xLibTest
Program.VerifyResult("JweAlgorithm.xLibTest", token,
jwe.ASymmetricCryptography.AsymmetricAlgorithm, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256);
#endregion
#endregion
}
