public void SignDataStreamRequiresPrivateKey([EnumValues] SignatureAlgorithm algorithm)
{
JsonWebKey jwk = KeyUtilities.CreateKey(algorithm, keyOps: new[] { KeyOperation.Sign, KeyOperation.Verify });
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
Assert.ThrowsAsync(new InstanceOfTypeConstraint(typeof(CryptographicException)), async() => await client.SignDataAsync(algorithm, TestStream));
}
public void SignRequiresPrivateKey([EnumValues] SignatureAlgorithm algorithm)
{
JsonWebKey jwk = KeyUtilities.CreateKey(algorithm, keyOps: new[] { KeyOperation.Sign, KeyOperation.Verify });
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
byte[] digest = algorithm.GetHashAlgorithm().ComputeHash(TestData);
Assert.ThrowsAsync(new InstanceOfTypeConstraint(typeof(CryptographicException)), async() => await client.SignAsync(algorithm, digest));
}
public async Task WrapKeyUnwrapKeyRoundtrip([EnumValues(Exclude = new[] { nameof(KeyWrapAlgorithm.RsaOaep256) })] KeyWrapAlgorithm algorithm)
{
JsonWebKey jwk = KeyUtilities.CreateKey(algorithm, includePrivateParameters: true);
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
WrapResult wrapped = await client.WrapKeyAsync(algorithm, TestKey);
UnwrapResult unwrapped = await client.UnwrapKeyAsync(algorithm, wrapped.EncryptedKey);
CollectionAssert.AreEqual(TestKey, unwrapped.Key);
}
public async Task SignDataStreamVerifyDataStreamRoundtrip([EnumValues(Exclude = new[] { nameof(SignatureAlgorithm.PS256), nameof(SignatureAlgorithm.PS384), nameof(SignatureAlgorithm.PS512) })] SignatureAlgorithm algorithm)
{
JsonWebKey jwk = KeyUtilities.CreateKey(algorithm, includePrivateParameters: true);
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
SignResult signed = await client.SignDataAsync(algorithm, TestStream);
VerifyResult verified = await client.VerifyDataAsync(algorithm, TestStream, signed.Signature);
Assert.IsTrue(verified.IsValid);
}
private async Task <KeyVaultKey> CreateTestKeyWithKeyMaterial(SignatureAlgorithm algorithm)
{
string keyName = Recording.GenerateId();
JsonWebKey keyMaterial = KeyUtilities.CreateKey(algorithm, includePrivateParameters: true);
KeyVaultKey key = await Client.ImportKeyAsync(keyName, keyMaterial);
keyMaterial.Id = key.Key.Id;
key.Key = keyMaterial;
return(key);
}
public async Task SignVerifyRoundtrip([EnumValues(Exclude = new[] { nameof(SignatureAlgorithm.PS256), nameof(SignatureAlgorithm.PS384), nameof(SignatureAlgorithm.PS512) })] SignatureAlgorithm algorithm)
{
JsonWebKey jwk = KeyUtilities.CreateKey(algorithm, includePrivateParameters: true);
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
byte[] digest = algorithm.GetHashAlgorithm().ComputeHash(TestData);
SignResult signed = await client.SignAsync(algorithm, digest);
VerifyResult verified = await client.VerifyAsync(algorithm, digest, signed.Signature);
Assert.IsTrue(verified.IsValid);
}