public void Decrypt_NoMatchingRecipient_Throws() { //given byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 }; var recipients = new Recipient[] { recipientAes256KW1, recipientAes256KW2, }; var sharedProtectedHeaders = new Dictionary <string, object> { { "cty", "application/octet-string" }, }; var jwe = JWE.Encrypt( plaintext: payload, recipients: recipients, JweEncryption.A256GCM, mode: SerializationMode.Json, extraHeaders: sharedProtectedHeaders); //when var exception = Record.Exception(() => { JWE.Decrypt(jwe, aes256KWKey3); }); //then Assert.IsType <IntegrityException>(exception); Assert.Equal("AesKeyWrap integrity check failed.", exception.Message); }
public void Encrypt_WithAdditionalAuthenticatedData_PopulatesAad() { //given var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk)); var plaintext = Rfc7520_Figure72_ExamplePlaintext; //when var jwe = JWE.Encrypt( UTF8Encoding.UTF8.GetBytes(Rfc7520_Figure72_ExamplePlaintext), new Recipient[] { new Recipient(JweAlgorithm.A128KW, key) }, JweEncryption.A128CBC_HS256, aad: Base64Url.Decode(Rfc7520_Figure176_ExampleBase64UrlEncodedAad), mode: SerializationMode.Json); //then #if NETCOREAPP JObject deserialized = JObject.Parse(jwe); var base64UrlAad = (string)deserialized["aad"]; Assert.NotNull(base64UrlAad); Assert.Equal(Rfc7520_Figure176_ExampleBase64UrlEncodedAad, base64UrlAad); #else throw new NotImplementedException("Test not currently implemented on net461"); #endif }
public void EncryptDecrypt_ModeGeneralJsonRoundTripMultipleRecipients_ValidRecipientsCanDecrypt(object decryptKey) { //given byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 }; var recipients = new Recipient[] { recipientAes256KW1, recipientAes256KW2, recipientRsa1, }; var sharedProtectedHeaders = new Dictionary <string, object> { { "cty", "application/octet-string" }, }; //when var jwe = JWE.Encrypt( plaintext: payload, recipients: recipients, JweEncryption.A256GCM, mode: SerializationMode.Json, extraHeaders: sharedProtectedHeaders); var decrypted = JWE.Decrypt(jwe, decryptKey); //then Assert.Equal(payload, decrypted.Plaintext); }
public void Decrypt_MultipleRecipients_MismatchEncOrAlgThrows(JweEncryption expectedJweEnc, JweAlgorithm expectedJweAlg, string expectedMessage) { //given byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 }; var recipients = new Recipient[] { recipientAes256KW1, recipientAes256KW2, recipientRsa1, }; var sharedProtectedHeaders = new Dictionary <string, object> { { "cty", "application/octet-string" }, }; var jwe = JWE.Encrypt( plaintext: payload, recipients: recipients, JweEncryption.A256GCM, mode: SerializationMode.Json, extraHeaders: sharedProtectedHeaders); //when var exception = Record.Exception(() => JWE.Decrypt(jwe, aes256KWKey2, expectedJweAlg, expectedJweEnc)); //then Assert.IsType <InvalidAlgorithmException>(exception); Assert.Equal(expectedMessage, exception.Message); }
void Encrypt_WithNonUniqueHeaderParameterNamesInRecipientHeaders_Throws(string injectedHeaderName) { //given byte[] plaintext = { }; //when var exception = Record.Exception(() => JWE.Encrypt( plaintext: plaintext, recipients: new Recipient[] { new Recipient( JweAlgorithm.A256KW, aes256KWKey1, new Dictionary <string, object> { { "kid", "my_key_reference" }, { "example.com:extra_recipient_header", "value1" }, { injectedHeaderName, string.Empty }, }) }, JweEncryption.A128CBC_HS256, mode: SerializationMode.Json, extraHeaders: new Dictionary <string, object> { { "cty", "text/plain" }, { "example.com:extra_header", "another value" }, })); //then Assert.NotNull(exception); Assert.IsType <ArgumentException>(exception); Assert.StartsWith("An item with the same key has already been added.", exception.Message); }
public void Encrypt_ModeJsonTwoRecipientsWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults() { //given byte[] plaintext = { }; //when var jwe = JWE.Encrypt( plaintext: plaintext, recipients: new Recipient[] { recipientAes128KW, recipientAes128KW }, JweEncryption.A128CBC_HS256, mode: SerializationMode.Json); //then Console.Out.WriteLine("Empty bytes A128KW_A128CBC_HS256 (General Json Serialization) = {0}", jwe); JObject deserialized = JObject.Parse(jwe); Assert.Equal("{\"enc\":\"A128CBC-HS256\"}", UTF8Encoding.UTF8.GetString(Base64Url.Decode((string)deserialized["protected"]))); Assert.True(deserialized["recipients"] is JArray); Assert.Equal(2, ((JArray)deserialized["recipients"]).Count); var recipient0 = ((JArray)deserialized["recipients"])[0]; Assert.True(recipient0["header"] is JObject); Assert.Equal("{\"alg\":\"A128KW\"}", recipient0["header"].ToString(Newtonsoft.Json.Formatting.None)); Assert.Equal("A128KW", recipient0["header"]["alg"]); Assert.Equal(54, ((string)recipient0["encrypted_key"]).Length); //CEK size Assert.Equal(22, ((string)deserialized["iv"]).Length); //IV size Assert.Equal(22, ((string)deserialized["ciphertext"]).Length); //cipher text size Assert.Equal(22, ((string)deserialized["tag"]).Length); //auth tag size Assert.Equal(new byte[0], JWE.Decrypt(jwe, aes128KWKey).Plaintext); }
public void Encrypt_ModeJsonOneRecipientWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults() { //given byte[] plaintext = { }; //when var jwe = JWE.Encrypt( plaintext: plaintext, recipients: new Recipient[] { recipientAes128KW }, JweEncryption.A128CBC_HS256, mode: SerializationMode.Json); //then Console.Out.WriteLine("Empty bytes A128KW_A128CBC_HS256 (Flattened Json Serialization) = {0}", jwe); #if NETCOREAPP JObject deserialized = JObject.Parse(jwe); Assert.Equal("{\"enc\":\"A128CBC-HS256\"}", UTF8Encoding.UTF8.GetString(Base64Url.Decode((string)deserialized["protected"]))); Assert.True(deserialized["header"] is JObject); Assert.Equal("{\"alg\":\"A128KW\"}", deserialized["header"].ToString(Newtonsoft.Json.Formatting.None)); Assert.Equal("A128KW", deserialized["header"]["alg"]); Assert.Equal(54, ((string)deserialized["encrypted_key"]).Length); //CEK size Assert.Equal(22, ((string)deserialized["iv"]).Length); //IV size Assert.Equal(22, ((string)deserialized["ciphertext"]).Length); //cipher text size Assert.Equal(22, ((string)deserialized["tag"]).Length); //auth tag size Assert.Equal(new byte[0], JWE.Decrypt(jwe, aes128KWKey).Plaintext); #else throw new NotImplementedException("Test not currently implemented on net461"); #endif }
public void EncryptDecrypt_RoundTripOneRecipient_PlaintextSurvives(SerializationMode mode) { //given byte[] payload = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 }; var recipients = new Recipient[] { recipientAes256KW1, }; var sharedProtectedHeaders = new Dictionary <string, object> { { "cty", "application/octet-string" }, }; //when var jwe = JWE.Encrypt( plaintext: payload, recipients: recipients, JweEncryption.A256GCM, mode: mode, extraHeaders: sharedProtectedHeaders); var decrypted = JWE.Decrypt(jwe, aes256KWKey1); //then Assert.Equal(payload, decrypted.Plaintext); }
public void Encrypt_ModeCompactWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults() { //given byte[] plaintext = { }; //when var jwe = JWE.Encrypt( plaintext: plaintext, recipients: new Recipient[] { recipientAes128KW }, JweEncryption.A128CBC_HS256); //then Console.Out.WriteLine("Empty bytes A128KW_A128CBC_HS256 = {0}", jwe); string[] parts = jwe.Split('.'); Assert.Equal(5, parts.Length); //Make sure 5 parts Assert.Equal("{\"alg\":\"A128KW\",\"enc\":\"A128CBC-HS256\"}", UTF8Encoding.UTF8.GetString(Base64Url.Decode(parts[0]))); Assert.Equal("eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", parts[0]); //Header is non-encrypted and static text Assert.Equal(54, parts[1].Length); //CEK size Assert.Equal(22, parts[2].Length); //IV size Assert.Equal(22, parts[3].Length); //cipher text size Assert.Equal(22, parts[4].Length); //auth tag size Assert.Equal(new byte[0], JWE.Decrypt(jwe, aes128KWKey).Plaintext); }
public void Decrypt_WithAdditionalAuthenticatedDataTampered_Throws() { //given var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk)); var tamperedJwe = Rfc7520_5_10_ExampleJwe.Replace("aad\": \"W", "aad\": \"V"); //when var exception = Record.Exception(() => JWE.Decrypt(tamperedJwe, key)); //then Assert.IsType <EncryptionException>(exception); Assert.Equal("Unable to decrypt content or authentication tag do not match.", exception.Message); }
public void EncryptDecrypt_WithAdditionalAuthenticatedData_RoundtripOk() { //given var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk)); var plaintext = Rfc7520_Figure72_ExamplePlaintext; //when var jwe = JWE.Encrypt( UTF8Encoding.UTF8.GetBytes(Rfc7520_Figure72_ExamplePlaintext), new Recipient[] { new Recipient(JweAlgorithm.A128KW, key) }, JweEncryption.A128CBC_HS256, mode: SerializationMode.Json); //then var decrypted = JWE.Decrypt(jwe, key); Assert.Equal(plaintext, UTF8Encoding.UTF8.GetString(decrypted.Plaintext)); }
public void Decrypt_Rfc7516AppendixA23DecryptWithFirstRecipient_ExpectedResults() { //given var key = GetLegacyKeyObjectFromJwk(new JsonWebKey(Rfc7516_A_2_3_ExampleJwk)); //when var decrypted = JWE.Decrypt(Rfc7516_A_4_7_ExampleJwe, key); //then Assert.Equal("Live long and prosper.", UTF8Encoding.UTF8.GetString(decrypted.Plaintext)); Assert.Equal(4, decrypted.JoseHeaders.Count); Assert.Equal("RSA1_5", decrypted.JoseHeaders["alg"]); Assert.Equal("2011-04-29", decrypted.JoseHeaders["kid"]); Assert.Equal("A128CBC-HS256", decrypted.JoseHeaders["enc"]); Assert.Equal("https://server.example.com/keys.jwks", decrypted.JoseHeaders["jku"]); }
public void UnsafeJoseHeaders_ModeCompactWithEmptyBytesA128KW_A128CBC_HS256_ExpectedResults() { //given byte[] plaintext = { }; var jwe = JWE.Encrypt( plaintext: plaintext, recipients: new Recipient[] { recipientAes128KW }, JweEncryption.A128CBC_HS256, mode: SerializationMode.Compact); //when var headers = JWE.UnsafeJoseHeaders(jwe); //then Assert.Single(headers); Assert.Equal(2, headers.ElementAt(0).Count()); Assert.Equal("A128CBC-HS256", headers.ElementAt(0)["enc"]); Assert.Equal("A128KW", headers.ElementAt(0)["alg"]); }
public void Decrypt_WithAdditionalAuthenticatedDataOk_ReturnsExpectedResults() { //given var jwk = new JsonWebKey(Rfc7520_5_8_1_Figure151_ExampleJwk); var key = GetLegacyKeyObjectFromJwk(jwk); var kid = jwk.Kid; //when var decrypted = JWE.Decrypt(Rfc7520_5_10_ExampleJwe, key); //then Assert.Equal(Rfc7520_Figure72_ExamplePlaintext, UTF8Encoding.UTF8.GetString(decrypted.Plaintext)); Assert.Equal(3, decrypted.JoseHeaders.Count); Assert.Equal(jwk.Alg, decrypted.JoseHeaders["alg"]); Assert.Equal(jwk.Kid, decrypted.JoseHeaders["kid"]); Assert.Equal("A128GCM", decrypted.JoseHeaders["enc"]); Assert.Equal(Rfc7520_5_10_1_ExampleAadString, UTF8Encoding.UTF8.GetString(decrypted.Aad)); }
public void Encrypt_WithMoreThanOneRecipient_Throws(SerializationMode mode, string expectedMessage) { //given byte[] plaintext = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 }; var recipients = new Recipient[] { recipientAes256KW1, recipientAes256KW2, }; //when var exception = Record.Exception(() => JWE.Encrypt( plaintext: plaintext, recipients: recipients, JweEncryption.A256GCM, mode: mode)); //then Assert.IsType <JoseException>(exception); Assert.Equal(expectedMessage, exception.Message); }
public void UnsafeJoseHeaders_Rfc7516AppendixA23_ExpectedResults() { //given //when var headers = JWE.UnsafeJoseHeaders(Rfc7516_A_4_7_ExampleJwe); //then Assert.Equal(2, headers.Count()); Assert.Equal(4, headers.ElementAt(0).Count()); Assert.Equal("A128CBC-HS256", headers.ElementAt(0)["enc"]); Assert.Equal("https://server.example.com/keys.jwks", headers.ElementAt(0)["jku"]); Assert.Equal("RSA1_5", headers.ElementAt(0)["alg"]); Assert.Equal("2011-04-29", headers.ElementAt(0)["kid"]); Assert.Equal(4, headers.ElementAt(1).Count()); Assert.Equal("A128CBC-HS256", headers.ElementAt(0)["enc"]); Assert.Equal("https://server.example.com/keys.jwks", headers.ElementAt(1)["jku"]); Assert.Equal("A128KW", headers.ElementAt(1)["alg"]); Assert.Equal("7", headers.ElementAt(1)["kid"]); }
public void Encrypt_MultipleRecipient_SpecialCasesHandled(Recipient[] recipients, string expectedError) { //given byte[] plaintext = { }; //when var exception = Record.Exception(() => JWE.Encrypt( plaintext: plaintext, recipients: recipients, JweEncryption.A128CBC_HS256, mode: SerializationMode.Json)); //then if (expectedError == null) { Assert.Null(exception); } else { Assert.IsType <JoseException>(exception); Assert.Equal(expectedError, exception.Message); } }
/// <summary>汎用認証サイトの発行したJWT形式のTokenを検証する。</summary> /// <param name="jwtToken">JWT形式のToken</param> /// <param name="jwtPayload"> /// JWS, JWS + JEWの場合があるのでペイロードを返す。 /// </param> /// <returns>検証結果</returns> public static bool Verify(string jwtToken, out string jwtPayload) { jwtPayload = ""; JWE jwe = null; JWS jws = null; // 復号化(JWEの場合) bool isJWE_FAPI2 = false; if (3 < jwtToken.Split('.').Length) { isJWE_FAPI2 = true; // ヘッダ JWE_Header jweHeader = JsonConvert.DeserializeObject <JWE_Header>( CustomEncode.ByteToString(CustomEncode.FromBase64UrlString(jwtToken.Split('.')[0]), CustomEncode.UTF_8)); if (jweHeader.alg == JwtConst.RSA_OAEP) { jwe = new JWE_RsaOaepAesGcm_X509( CmnClientParams.RsaPfxFilePath, CmnClientParams.RsaPfxPassword); } else if (jweHeader.alg == JwtConst.RSA1_5) { jwe = new JWE_Rsa15A128CbcHS256_X509( CmnClientParams.RsaPfxFilePath, CmnClientParams.RsaPfxPassword); } else { throw new NotSupportedException(string.Format( "This jwe alg of {0} is not supported.", jweHeader.alg)); } jwe.Decrypt(jwtToken, out jwtToken); } else { isJWE_FAPI2 = false; } // 検証 // ヘッダ JWS_Header jwsHeader = JsonConvert.DeserializeObject <JWS_Header>( CustomEncode.ByteToString(CustomEncode.FromBase64UrlString(jwtToken.Split('.')[0]), CustomEncode.UTF_8)); if (jwsHeader.alg == JwtConst.ES256 && isJWE_FAPI2) { } // 正常 else if (jwsHeader.alg == JwtConst.RS256 && !isJWE_FAPI2) { } // 正常 else { throw new NotSupportedException("Unexpected combination of JWS and JWE."); } // 証明書を使用するか、Jwkを使用するか判定 if (string.IsNullOrEmpty(jwsHeader.jku) || string.IsNullOrEmpty(jwsHeader.kid)) { // 旧バージョン(証明書を使用 if (isJWE_FAPI2) { #if NET45 || NET46 throw new NotSupportedException("FAPI2 is not supported in this dotnet version."); #else jws = new JWS_ES256_X509(CmnClientParams.EcdsaCerFilePath, ""); #endif } else { jws = new JWS_RS256_X509(CmnClientParams.RsaCerFilePath, ""); } } else { // 新バージョン(Jwkを使用 if (string.IsNullOrEmpty(OAuth2AndOIDCParams.JwkSetFilePath)) { // jku(jwks_uri)使用のカバレッジ // Client側 JObject jwkObject = JwkSetStore.GetInstance().GetJwkObject(jwsHeader.kid); // チェック if (jwkObject == null) { // 書込 jwkObject = JwkSetStore.GetInstance().SetJwkSetObject(jwsHeader.jku, jwsHeader.kid); } // チェック if (jwkObject == null) { // 証明書を使用 if (isJWE_FAPI2) { #if NET45 || NET46 throw new NotSupportedException("FAPI2 is not supported in this dotnet version."); #else jws = new JWS_ES256_X509(CmnClientParams.EcdsaCerFilePath, ""); #endif } else { jws = new JWS_RS256_X509(CmnClientParams.RsaCerFilePath, ""); } } else { // Jwkを使用 if (isJWE_FAPI2) { #if NET45 || NET46 throw new NotSupportedException("FAPI2 is not supported in this dotnet version."); #else EccPublicKeyConverter epkc = new EccPublicKeyConverter(); jws = new JWS_ES256_Param(epkc.JwkToParam(jwkObject), false); #endif } else { RsaPublicKeyConverter rpkc = new RsaPublicKeyConverter(); jws = new JWS_RS256_Param(rpkc.JwkToParam(jwkObject)); } } } else { // JwkSet使用のカバレッジ // AuthZ側でClient側テストを行うためのカバレージ JObject jwkObject = null; if (ResourceLoader.Exists(OAuth2AndOIDCParams.JwkSetFilePath, false)) { JwkSet jwkSet = JwkSet.LoadJwkSet(OAuth2AndOIDCParams.JwkSetFilePath); jwkObject = JwkSet.GetJwkObject(jwkSet, jwsHeader.kid); } if (jwkObject == null) { // 証明書を使用 if (isJWE_FAPI2) { #if NET45 || NET46 throw new NotSupportedException("FAPI2 is not supported in this dotnet version."); #else jws = new JWS_ES256_X509(CmnClientParams.EcdsaCerFilePath, ""); #endif } else { jws = new JWS_RS256_X509(CmnClientParams.RsaCerFilePath, ""); } } else { // Jwkを使用 if (isJWE_FAPI2) { #if NET45 || NET46 throw new NotSupportedException("FAPI2 is not supported in this dotnet version."); #else EccPublicKeyConverter epkc = new EccPublicKeyConverter(); jws = new JWS_ES256_Param(epkc.JwkToParam(jwkObject), false); #endif } else { RsaPublicKeyConverter rpkc = new RsaPublicKeyConverter(); jws = new JWS_RS256_Param(rpkc.JwkToParam(jwkObject)); } } } } bool ret = jws.Verify(jwtToken); if (ret) { jwtPayload = CustomEncode.ByteToString( CustomEncode.FromBase64UrlString(jwtToken.Split('.')[1]), CustomEncode.us_ascii); } return(ret); }
/// <summary>MyJwt</summary> private static void MyJwt() { #region Variables string temp = ""; bool ret = false; #region Env OperatingSystem os = Environment.OSVersion; // https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947 // *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。 // Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。 X509KeyStorageFlags x509KSF = 0; if (os.Platform == PlatformID.Win32NT) { x509KSF = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable; } else //if (os.Platform == PlatformID.Unix) { x509KSF = X509KeyStorageFlags.DefaultKeySet; } #endregion #region Token string token = ""; IDictionary <string, object> payload = null; payload = new Dictionary <string, object>() { { "sub", "*****@*****.**" }, { "exp", 1300819380 } }; string payloadString = JsonConvert.SerializeObject(payload); #endregion #region Keys string jwk = ""; #endregion #region JWS // RS256 JWS_RS256_X509 jWS_RS256_X509 = null; JWS_RS256_Param jWS_RS256_Param = null; // ES256 #if NETCORE || NET47 JWS_ES256_X509 jWS_ES256_X509 = null; JWS_ES256_Param jWS_ES256_Param = null; #endif #endregion #region JWE JWE jwe = null; #endregion #endregion #region Jws if (os.Platform == PlatformID.Win32NT) { #region RSA(RS256) // 署名(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); token = jWS_RS256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_RS256_X509.Create", token); // 鍵の相互変換 jwk = RsaPublicKeyConverter.ParamToJwk(((RSA)jWS_RS256_X509.DigitalSignX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("RSA JWK", jwk); // 検証(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PublicRsaX509Path, "", x509KSF); MyDebug.OutputDebugAndConsole("JWS_RS256_X509.Verify", jWS_RS256_X509.Verify(token).ToString()); // 検証(Param) jWS_RS256_Param = new JWS_RS256_Param(RsaPublicKeyConverter.JwkToParam(jwk)); MyDebug.OutputDebugAndConsole("JWS_RS256_Param.Verify", jWS_RS256_Param.Verify(token).ToString()); #endregion // DSA #if NETCORE || NET47 #region ECDsa(ES256) // 署名(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PrivateECDsaX509Path, Program.PfxPassword); token = jWS_ES256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_ES256_X509.Create", token); // 鍵の相互変換 jwk = EccPublicKeyConverter.ParamToJwk( ((ECDsa)jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("ECDSA JWK", jwk); // 検証(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PublicECDsaX509Path, ""); MyDebug.OutputDebugAndConsole("JWS_ES256_X509.Verify", jWS_ES256_X509.Verify(token).ToString()); #if NET47 || NETCOREAPP3_0 // 検証(Param) //// Core2.0-2.2 on WinでVerifyがエラーになる。 //// DigitalSignECDsaOpenSslを試してみるが生成できない、 //// Core on Win に OpenSSLベースのプロバイダは無いため) jWS_ES256_Param = new JWS_ES256_Param(EccPublicKeyConverter.JwkToParam(jwk), false); MyDebug.OutputDebugAndConsole("JWS_ES256_Param.Verify", jWS_ES256_Param.Verify(token).ToString()); #elif NETCOREAPP2_0 // Core2.0-2.2 on Winで ECDsaCngは動作しない。 #endif // ★ xLibTest Program.VerifyResult("JwsAlgorithm.xLibTest", token, jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm, JwsAlgorithm.ES256); #endregion #endif } else //if (os.Platform == PlatformID.Unix) { #if NETCORE #region RSA(RS256) // 署名(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); token = jWS_RS256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_RS256_X509.Create", token); // 鍵の相互変換 jwk = RsaPublicKeyConverter.ParamToJwk(((RSA)jWS_RS256_X509.DigitalSignX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("RSA JWK", jwk); // 検証(X509) jWS_RS256_X509 = new JWS_RS256_X509(Program.PublicRsaX509Path, "", x509KSF); MyDebug.OutputDebugAndConsole("JWS_RS256_X509.Verify", jWS_RS256_X509.Verify(token).ToString()); // 検証(Param) jWS_RS256_Param = new JWS_RS256_Param(RsaPublicKeyConverter.JwkToParam(jwk)); MyDebug.OutputDebugAndConsole("JWS_RS256_Param.Verify", jWS_RS256_Param.Verify(token).ToString()); #endregion // DSA #region ECDsa(ES256) // 署名(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PrivateECDsaX509Path, Program.PfxPassword); token = jWS_ES256_X509.Create(payloadString); MyDebug.InspectJwt("JWS_ES256_X509.Create", token); // 鍵の相互変換 jwk = EccPublicKeyConverter.ParamToJwk( ((ECDsa)jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm).ExportParameters(false)); MyDebug.OutputDebugAndConsole("ECDSA JWK", jwk); // 検証(X509) jWS_ES256_X509 = new JWS_ES256_X509(Program.PublicECDsaX509Path, ""); MyDebug.OutputDebugAndConsole("JWS_ES256_X509.Verify", jWS_ES256_X509.Verify(token).ToString()); // 検証(Param) jWS_ES256_Param = new JWS_ES256_Param(EccPublicKeyConverter.JwkToParam(jwk), false); MyDebug.OutputDebugAndConsole("JWS_ES256_Param.Verify", jWS_ES256_X509.Verify(token).ToString()); // ★ xLibTest Program.VerifyResult("JwsAlgorithm.xLibTest", token, jWS_ES256_X509.DigitalSignECDsaX509.AsymmetricAlgorithm, JwsAlgorithm.ES256); #endregion #endif } #endregion #region Jwe #region RsaOaepAesGcm // 暗号化 jwe = new JWE_RsaOaepAesGcm_X509(Program.PublicRsaX509Path, "", x509KSF); token = jwe.Create(payloadString); // 復号化 jwe = new JWE_RsaOaepAesGcm_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); ret = jwe.Decrypt(token, out temp); MyDebug.OutputDebugAndConsole("JWE_RsaOaepAesGcm_X509.Decrypt", ret.ToString() + " : " + temp); // ★ xLibTest Program.VerifyResult("JweAlgorithm.xLibTest", token, jwe.ASymmetricCryptography.AsymmetricAlgorithm, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM); #endregion #region Rsa15A128CbcHS256 // 暗号化 jwe = new JWE_Rsa15A128CbcHS256_X509(Program.PublicRsaX509Path, "", x509KSF); token = jwe.Create(payloadString); // 復号化 jwe = new JWE_Rsa15A128CbcHS256_X509(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF); ret = jwe.Decrypt(token, out temp); MyDebug.OutputDebugAndConsole("JWE_Rsa15A128CbcHS256_X509.Decrypt", ret.ToString() + " : " + temp); // ★ xLibTest Program.VerifyResult("JweAlgorithm.xLibTest", token, jwe.ASymmetricCryptography.AsymmetricAlgorithm, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256); #endregion #endregion }