public void SecurityKey(SecurityKey securityKey, SecurityToken securityToken, TokenValidationParameters validationParameters, ExpectedException ee) { try { Validators.ValidateIssuerSecurityKey(securityKey, securityToken, validationParameters); ee.ProcessNoException(); } catch (Exception ex) { ee.ProcessException(ex); } }
public static ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, ISecurityTokenValidator tokenValidator, ExpectedException expectedException) { ClaimsPrincipal retVal = null; try { SecurityToken validatedToken; retVal = tokenValidator.ValidateToken(securityToken, validationParameters, out validatedToken); expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } return(retVal); }
public static TheoryData <KeyWrapTheoryData> RsaKeyWrapConstructorTheoryData() { return(new TheoryData <KeyWrapTheoryData> { new KeyWrapTheoryData { ExpectedException = ExpectedException.ArgumentNullException("key"), First = true, TestId = "SecurityKeyNULL", WillUnwrap = false, WrapAlgorithm = SecurityAlgorithms.Aes128KeyWrap, WrapKey = null }, new KeyWrapTheoryData { ExpectedException = ExpectedException.ArgumentNullException("algorithm"), TestId = "AlgorithmNULL", WillUnwrap = false, WrapAlgorithm = null, WrapKey = KeyingMaterial.RsaSecurityKey_2048 }, new KeyWrapTheoryData { ExpectedException = ExpectedException.NotSupportedException("IDX10661:"), TestId = "KeyTooSmall1024", WillUnwrap = false, WrapAlgorithm = SecurityAlgorithms.RsaOAEP, WrapKey = KeyingMaterial.RsaSecurityKey_1024 }, new KeyWrapTheoryData { ExpectedException = ExpectedException.NotSupportedException("IDX10661:"), TestId = "KeyDoesNotMatchAlgorithm", WillUnwrap = false, WrapAlgorithm = SecurityAlgorithms.Aes128KW, WrapKey = KeyingMaterial.RsaSecurityKey_2048 }, new KeyWrapTheoryData { TestId = "RsaAlgorithmMatch", WillUnwrap = false, WrapAlgorithm = SecurityAlgorithms.RsaPKCS1, WrapKey = KeyingMaterial.RsaSecurityKey_2048 }, new KeyWrapTheoryData { TestId = "X509AlgorithmMatch", WillUnwrap = false, WrapKey = KeyingMaterial.X509SecurityKey2, WrapAlgorithm = SecurityAlgorithms.RsaPKCS1 }, new KeyWrapTheoryData { TestId = "JwkRSA", WillUnwrap = false, WrapKey = KeyingMaterial.JsonWebKeyRsa256, WrapAlgorithm = SecurityAlgorithms.RsaPKCS1, }, new KeyWrapTheoryData { TestId = "RsaPublicKey", UnwrapKey = KeyingMaterial.JsonWebKeyRsa256Public, UnwrapAlgorithm = SecurityAlgorithms.RsaPKCS1, WillUnwrap = true } }); }
public static TheoryData <KeyWrapTestParams> UnwrapTheoryData() { var theoryData = new TheoryData <KeyWrapTestParams>(); // Unwrap parameter checking AddUnwrapParameterCheckTheoryData("Test1", SecurityAlgorithms.Aes128KW, Default.SymmetricEncryptionKey128, null, ExpectedException.ArgumentNullException(), theoryData); byte[] wrappedKey = new byte[12]; Array.Copy(Guid.NewGuid().ToByteArray(), wrappedKey, wrappedKey.Length); AddUnwrapParameterCheckTheoryData("Test2", SecurityAlgorithms.Aes128KW, Default.SymmetricEncryptionKey128, wrappedKey, ExpectedException.ArgumentException("IDX10664:"), theoryData); return(theoryData); }
public static TheoryData <string, SecurityKey, string, ExpectedException> KeyWrapConstructorTheoryData() { var theoryData = new TheoryData <string, SecurityKey, string, ExpectedException>(); theoryData.Add("Test1", null, null, ExpectedException.ArgumentNullException()); theoryData.Add("Test2", Default.SymmetricEncryptionKey128, null, ExpectedException.ArgumentNullException()); theoryData.Add("Test3", Default.SymmetricEncryptionKey128, SecurityAlgorithms.Aes128Encryption, ExpectedException.NotSupportedException("IDX10661:")); theoryData.Add("Test4", Default.SymmetricEncryptionKey128, SecurityAlgorithms.Aes128KW, ExpectedException.NoExceptionExpected); theoryData.Add("Test5", Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256KW, ExpectedException.NoExceptionExpected); theoryData.Add("Test6", Default.SymmetricEncryptionKey128, SecurityAlgorithms.Aes256KW, ExpectedException.ArgumentOutOfRangeException("IDX10662:")); theoryData.Add("Test7", Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128KW, ExpectedException.ArgumentOutOfRangeException("IDX10662:")); JsonWebKey key = new JsonWebKey() { Kty = JsonWebAlgorithmsKeyTypes.Octet }; theoryData.Add("Test8", key, SecurityAlgorithms.Aes256KW, ExpectedException.NotSupportedException("IDX10661:")); key = new JsonWebKey() { Kty = JsonWebAlgorithmsKeyTypes.RSA, K = KeyingMaterial.JsonWebKeySymmetric128.K }; theoryData.Add("Test9", key, SecurityAlgorithms.Aes256KW, ExpectedException.NotSupportedException("IDX10661:")); theoryData.Add("Test10", KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.Aes256KW, ExpectedException.NotSupportedException("IDX10661:")); theoryData.Add("Test11", KeyingMaterial.JsonWebKeySymmetric128, SecurityAlgorithms.Aes128KW, ExpectedException.NoExceptionExpected); theoryData.Add("Test12", KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.Aes256KW, ExpectedException.NoExceptionExpected); return(theoryData); }
public static TheoryData <string, SecurityKey, string, bool, ExpectedException> RsaKeyWrapConstructorTheoryData() { var theoryData = new TheoryData <string, SecurityKey, string, bool, ExpectedException>(); theoryData.Add( "SecurityKey_NULL", null, null, false, ExpectedException.ArgumentNullException()); theoryData.Add( "Algorithm_NULL", KeyingMaterial.RsaSecurityKey_2048, null, false, ExpectedException.ArgumentNullException()); theoryData.Add( "KeyTooSmall_1024", KeyingMaterial.RsaSecurityKey_1024, SecurityAlgorithms.RsaOAEP, false, ExpectedException.ArgumentException("IDX10661:")); theoryData.Add( "KeyDoesNotRightType", KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.Aes128KW, false, ExpectedException.ArgumentException("IDX10661:")); theoryData.Add( "KeyAlgorithmMatch", KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaPKCS1, false, ExpectedException.NoExceptionExpected); theoryData.Add( "X509AlorithmMatch", KeyingMaterial.X509SecurityKey2, SecurityAlgorithms.RsaPKCS1, false, ExpectedException.NoExceptionExpected); theoryData.Add( "JWK_RSA", KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaPKCS1, true, ExpectedException.NoExceptionExpected); // TODO - rethink how we check for private key. theoryData.Add( "OnlyRSAPublicKeyProvided", KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaPKCS1, true, ExpectedException.NoExceptionExpected); return(theoryData); }
public static TheoryData <KeyWrapTestParams> UnwrapMismatchTheoryData() { var theoryData = new TheoryData <KeyWrapTestParams>(); AddUnwrapMismatchTheoryData("Test1", Default.SymmetricEncryptionKey128, Default.SymmetricEncryptionKey128_2, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128KW, ExpectedException.KeyWrapException("IDX10659:"), theoryData); AddUnwrapMismatchTheoryData("Test2", Default.SymmetricEncryptionKey256, Default.SymmetricEncryptionKey256_2, SecurityAlgorithms.Aes256KW, SecurityAlgorithms.Aes256KW, ExpectedException.KeyWrapException("IDX10659:"), theoryData); AddUnwrapMismatchTheoryData("Test3", Default.SymmetricEncryptionKey128, Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes256KW, ExpectedException.KeyWrapException("IDX10659:"), theoryData); return(theoryData); }
private void AsymmetricConstructorVariation(string testcase, SecurityKey key, string algorithm, ExpectedException expectedException) { AsymmetricSignatureProvider provider = null; try { if (testcase.StartsWith("Signing")) { provider = new AsymmetricSignatureProvider(key, algorithm, true); } else { provider = new AsymmetricSignatureProvider(key, algorithm, false); } expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
public void AsymmetricSignatureProviders_Verify() { List <string> errors = new List <string>(); byte[] rawBytes = new byte[8192]; (new Random()).NextBytes(rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, null, null, ExpectedException.ArgumentNullException(), errors, false); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, new byte[1], null, ExpectedException.ArgumentNullException(), errors, false); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, new byte[0], new byte[1], ExpectedException.ArgumentException("IDX10625:"), errors, false); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, new byte[1], new byte[0], ExpectedException.ArgumentException("IDX10626:"), errors, false); var signature = GetSignature(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); #if NETCOREAPP1_0 AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); #endif // wrong hash AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha384Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha512Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); // wrong key AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_4096_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); signature = GetSignature(KeyingMaterial.RsaSecurityKey_4096, SecurityAlgorithms.RsaSha256Signature, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_4096, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_4096_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); // wrong hash AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_4096_Public, SecurityAlgorithms.RsaSha384Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_4096_Public, SecurityAlgorithms.RsaSha512Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); // wrong key AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); // sha384, 512 signature = GetSignature(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048, SecurityAlgorithms.RsaSha384Signature, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha384Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); signature = GetSignature(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha512Signature, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha512Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); //ecdsa signature = GetSignature(KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.ECDsa256Key_Public, SecurityAlgorithms.EcdsaSha256, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); // wrong key AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha384, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); #if NETCOREAPP1_0 AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.ECDsa384Key, SecurityAlgorithms.EcdsaSha384, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); #else AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.ECDsa384Key, SecurityAlgorithms.EcdsaSha384, rawBytes, signature, new ExpectedException(typeof(CryptographicException)), errors, false); #endif signature = GetSignature(KeyingMaterial.ECDsa384Key, SecurityAlgorithms.EcdsaSha384, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.ECDsa384Key, SecurityAlgorithms.EcdsaSha384, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); signature = GetSignature(KeyingMaterial.JsonWebKeyEcdsa256, SecurityAlgorithms.EcdsaSha256, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.JsonWebKeyEcdsa256, SecurityAlgorithms.EcdsaSha256, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.JsonWebKeyEcdsa256Public, SecurityAlgorithms.EcdsaSha256, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); signature = GetSignature(KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256, rawBytes); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); AsymmetricSignatureProviders_Verify_Variation(KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); TestUtilities.AssertFailIfErrors("AsymmetricSignatureProviders_Verify", errors); }
private void SymmetricSignatureProvidersSignVariation(SecurityKey key, string algorithm, byte[] input, ExpectedException ee, List <string> errors) { try { SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm); byte[] signature = provider.Sign(input); ee.ProcessNoException(errors); } catch (Exception ex) { ee.ProcessException(ex, errors); } }
public void AsymmetricSignatureProvider_Constructor() { AsymmetricSecurityKey privateKey = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.Key as AsymmetricSecurityKey; AsymmetricSecurityKey publicKey = KeyingMaterial.DefaultX509SigningCreds_Public_2048_RsaSha2_Sha2.Key as AsymmetricSecurityKey; string sha2SignatureAlgorithm = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2.Algorithm; // no errors AsymmetricConstructorVariation("Signing: - Creates with no errors", privateKey, sha2SignatureAlgorithm, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Private Key)", privateKey, sha2SignatureAlgorithm, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Public Key)", publicKey, sha2SignatureAlgorithm, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Signing: - Creates with no errors", KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Public Key)", KeyingMaterial.ECDsa256Key_Public, SecurityAlgorithms.EcdsaSha256, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Private Key)", KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors (Public Key)", KeyingMaterial.ECDsa384Key_Public, SecurityAlgorithms.EcdsaSha384, ExpectedException.NoExceptionExpected); // null, empty algorithm digest AsymmetricConstructorVariation("Signing: - NUll key", null, sha2SignatureAlgorithm, ExpectedException.ArgumentNullException()); AsymmetricConstructorVariation("Signing: - SignatureAlorithm == null", privateKey, null, ExpectedException.ArgumentException("IDX10634:")); AsymmetricConstructorVariation("Signing: - SignatureAlorithm == whitespace", privateKey, " ", ExpectedException.ArgumentException("IDX10634:")); // No Private keys AsymmetricConstructorVariation("Signing: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, ExpectedException.InvalidOperationException("IDX10638:")); AsymmetricConstructorVariation("Verifying: - SecurityKey without private key", publicKey, sha2SignatureAlgorithm, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Signing: - no private key", KeyingMaterial.ECDsa521Key_Public, SecurityAlgorithms.EcdsaSha512, ExpectedException.InvalidOperationException("IDX10638:")); // Signature algorithm not supported AsymmetricConstructorVariation("Signing: - SignatureAlgorithm not supported", KeyingMaterial.X509SecurityKey_1024, "SecurityAlgorithms.RsaSha256Signature", ExpectedException.ArgumentException(substringExpected: "IDX10634:")); AsymmetricConstructorVariation("Verifying: - SignatureAlgorithm not supported", KeyingMaterial.DefaultX509Key_Public_2048, "SecurityAlgorithms.RsaSha256Signature", ExpectedException.ArgumentException(substringExpected: "IDX10634:")); // constructing using jsonweb keys AsymmetricConstructorVariation("Signing: - Creates with no errors", KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors", KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Signing: - Creates with no errors", KeyingMaterial.JsonWebKeyEcdsa256, SecurityAlgorithms.EcdsaSha256, ExpectedException.NoExceptionExpected); AsymmetricConstructorVariation("Verifying: - Creates with no errors", KeyingMaterial.JsonWebKeyEcdsa256Public, SecurityAlgorithms.EcdsaSha256, ExpectedException.NoExceptionExpected); }
public void SignatureProviders_Sign() { List <string> errors = new List <string>(); byte[] rawBytes = new byte[8192]; (new Random()).NextBytes(rawBytes); // Asymmetric AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, null, ExpectedException.ArgumentNullException(), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, new byte[0], ExpectedException.ArgumentException("IDX10624:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_1024, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.ArgumentOutOfRangeException("IDX10630:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); #if NETCOREAPP1_0 AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); Assert.ThrowsAny <CryptographicException>(() => { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.RsaSecurityKeyWithCngProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature); provider.Sign(rawBytes); }); #endif // since the actual exception thrown is private - WindowsCryptographicException, using this pattern to match the derived exception Assert.ThrowsAny <CryptographicException>(() => { AsymmetricSignatureProvider provider = new AsymmetricSignatureProvider(KeyingMaterial.RsaSecurityKeyWithCspProvider_2048_Public, SecurityAlgorithms.RsaSha256Signature); provider.Sign(rawBytes); }); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.RsaSecurityKey_2048, "NOT_SUPPORTED", rawBytes, ExpectedException.ArgumentException("IDX10634:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.ECDsa256Key, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.ECDsa256Key_Public, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256Signature, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyEcdsa256, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.NoExceptionExpected, errors); AsymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeyEcdsa256Public, SecurityAlgorithms.EcdsaSha256, rawBytes, ExpectedException.InvalidOperationException("IDX10638:"), errors); // Symmetric SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, null, ExpectedException.ArgumentNullException(), errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[0], ExpectedException.ArgumentException("IDX10624:"), errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.SymmetricSecurityKey_56, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.ArgumentOutOfRangeException("IDX10603:"), errors); SymmetricSignatureProvidersSignVariation(KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256Signature, rawBytes, ExpectedException.NoExceptionExpected, errors); TestUtilities.AssertFailIfErrors("SignatureProviders_Sign", errors); }
private void SignatureProvider_DisposeVariation(string testCase, SignatureProvider provider, ExpectedException expectedException) { try { if (testCase.StartsWith("Sign")) { provider.Sign(new byte[256]); } else if (testCase.StartsWith("Verify")) { provider.Verify(new byte[256], new byte[256]); } else if (testCase.StartsWith("Dispose")) { provider.Dispose(); } else { Assert.True(false, "Test case does not match any scenario"); } expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
public void TokenReplay(string securityToken, DateTime?expirationTime, TokenValidationParameters validationParameters, ExpectedException ee) { try { Validators.ValidateTokenReplay(expirationTime, securityToken, validationParameters); ee.ProcessNoException(); } catch (Exception ex) { ee.ProcessException(ex); } }
private static void AddUnwrapParameterCheckTheoryData(string testId, string algorithm, SecurityKey key, byte[] wrappedKey, ExpectedException ee, TheoryData <KeyWrapTheoryData> theoryData) { theoryData.Add(new KeyWrapTheoryData { ExpectedException = ee, TestId = testId, WrapAlgorithm = algorithm, WrapKey = key, WrappedKey = wrappedKey }); }
public void SymmetricSignatureProvider_ConstructorTests() { // no errors SymmetricSignatureProvider_ConstructorVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, ExpectedException.NoExceptionExpected); SymmetricSignatureProvider_ConstructorVariation(KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256, ExpectedException.NoExceptionExpected); // null key SymmetricSignatureProvider_ConstructorVariation(null, SecurityAlgorithms.HmacSha256Signature, ExpectedException.ArgumentNullException()); // empty algorithm SymmetricSignatureProvider_ConstructorVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, string.Empty, ExpectedException.ArgumentException()); // unsupported algorithm SymmetricSignatureProvider_ConstructorVariation(KeyingMaterial.DefaultSymmetricSecurityKey_256, "unknown algorithm", ExpectedException.ArgumentException("IDX10634:")); // smaller key < 256 bytes SymmetricSignatureProvider_ConstructorVariation(KeyingMaterial.SymmetricSecurityKey_56, SecurityAlgorithms.HmacSha256Signature, ExpectedException.ArgumentOutOfRangeException("IDX10603")); // GetKeyedHashAlgorithm throws SymmetricSecurityKey key = new FaultingSymmetricSecurityKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, new CryptographicException("hi from inner"), null, null, KeyingMaterial.DefaultSymmetricKeyBytes_256); SymmetricSignatureProvider_ConstructorVariation(key, SecurityAlgorithms.HmacSha256Signature, ExpectedException.InvalidOperationException("IDX10634:", typeof(CryptographicException))); }
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant public void Constructors(string testId, SecurityKey key, string algorithm, bool isDecrypt, ExpectedException ee) { try { var context = Guid.NewGuid().ToString(); var provider = new RsaKeyWrapProvider(key, algorithm, isDecrypt) { Context = context }; ee.ProcessNoException(); Assert.Equal(provider.Algorithm, algorithm); Assert.Equal(provider.Context, context); Assert.True(ReferenceEquals(provider.Key, key)); } catch (Exception ex) { ee.ProcessException(ex); } }
public void CryptoProviderFactory_Tests() { CryptoProviderFactory factory = new CryptoProviderFactory(); // Asymmetric / Symmetric both need signature alg specified FactoryCreateFor("Signing: algorithm string.Empty", KeyingMaterial.X509SecurityKey_1024, string.Empty, factory, ExpectedException.ArgumentNullException()); FactoryCreateFor("Verifying: algorithm string.Empty", KeyingMaterial.X509SecurityKey_1024, string.Empty, factory, ExpectedException.ArgumentNullException()); // Json Web Keys FactoryCreateFor("Signing: No exception", KeyingMaterial.JsonWebKeyRsa256, SecurityAlgorithms.RsaSha256, factory, ExpectedException.NoExceptionExpected); FactoryCreateFor("Signing: security key without private key", KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256, factory, ExpectedException.InvalidOperationException("IDX10638:")); FactoryCreateFor("Verifying: No exception", KeyingMaterial.JsonWebKeyRsa256Public, SecurityAlgorithms.RsaSha256, factory, ExpectedException.NoExceptionExpected); FactoryCreateFor("Signing: No exception", KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256, factory, ExpectedException.NoExceptionExpected); FactoryCreateFor("Verifying: No exception", KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256, factory, ExpectedException.NoExceptionExpected); // Keytype not supported FactoryCreateFor("Signing: SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentException("IDX10634:")); FactoryCreateFor("Verifying: SecurityKey type not Asymmetric or Symmetric", NotAsymmetricOrSymmetricSecurityKey.New, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentException("IDX10634:")); // Private keys missing FactoryCreateFor("Signing RsaSecurityKey_2048_Public: SecurityKey without private key", KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.InvalidOperationException(substringExpected: "IDX10638:")); FactoryCreateFor("Verifying RsaSecurityKey_2048_Public: SecurityKey without private key", KeyingMaterial.RsaSecurityKey_2048_Public, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.NoExceptionExpected); FactoryCreateFor("Signing ECDsa256Key_Public: SecurityKey without private key", KeyingMaterial.ECDsa256Key_Public, SecurityAlgorithms.EcdsaSha256, factory, ExpectedException.InvalidOperationException(substringExpected: "IDX10638:")); // Key size checks FactoryCreateFor("Signing: AsymmetricKeySize Key to small", KeyingMaterial.X509SecurityKey_1024, SecurityAlgorithms.RsaSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10630:")); FactoryCreateFor("Signing: SymmetricKeySize Key to small", KeyingMaterial.SymmetricSecurityKey_56, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.ArgumentOutOfRangeException("IDX10603:")); FactoryCreateFor("Signing: SymmetricKeySize Key", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.NoExceptionExpected); FactoryCreateFor("Verifying: SymmetricKeySize Key", KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, factory, ExpectedException.NoExceptionExpected); // extensibility tests // smaller key sizes but no exceptions using custom crypto factory FactoryCreateFor("Signing: AsymmetricKeySize Key to small", KeyingMaterial.X509SecurityKey_1024, SecurityAlgorithms.RsaSha256Signature, new CustomCryptoProviderFactory(new string[] { SecurityAlgorithms.RsaSha256Signature }), ExpectedException.NoExceptionExpected); FactoryCreateFor("Signing: SymmetricKeySize Key to small", KeyingMaterial.SymmetricSecurityKey_56, SecurityAlgorithms.HmacSha256Signature, new CustomCryptoProviderFactory(new string[] { SecurityAlgorithms.HmacSha256Signature }), ExpectedException.NoExceptionExpected); }
public static TheoryData <KeyWrapTestParams> WrapUnwrapTheoryData() { var theoryData = new TheoryData <KeyWrapTestParams>(); // round trip positive tests AddWrapUnwrapTheoryData("Test1", SecurityAlgorithms.Aes128KW, Default.SymmetricEncryptionKey128, theoryData); AddWrapUnwrapTheoryData("Test2", SecurityAlgorithms.Aes256KW, Default.SymmetricEncryptionKey256, theoryData); // Wrap parameter checking AddWrapParameterCheckTheoryData("Test3", SecurityAlgorithms.Aes128KW, Default.SymmetricEncryptionKey128, null, ExpectedException.ArgumentNullException(), theoryData); byte[] keyToWrap = new byte[9]; Array.Copy(Guid.NewGuid().ToByteArray(), keyToWrap, keyToWrap.Length); AddWrapParameterCheckTheoryData("Test4", SecurityAlgorithms.Aes128KW, Default.SymmetricEncryptionKey128, keyToWrap, ExpectedException.ArgumentException("IDX10664:"), theoryData); return(theoryData); }
private void SymmetricSignatureProvider_ConstructorVariation(SecurityKey key, string algorithm, ExpectedException expectedException) { try { SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm); expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
private static void AddUnwrapMismatchTheoryData(string testId, SecurityKey encryptKey, SecurityKey decryptKey, string encryptAlg, string decryptAlg, ExpectedException ee, TheoryData <KeyWrapTestParams> theoryData) { theoryData.Add(new KeyWrapTestParams { EncryptAlgorithm = encryptAlg, EncryptKey = encryptKey, DecryptAlgorithm = decryptAlg, DecryptKey = decryptKey, EE = ee, TestId = testId }); }
public void SymmetricSignatureProvider_Verify() { List <string> errors = new List <string>(); byte[] rawBytes = new byte[8192]; (new Random()).NextBytes(rawBytes); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, null, null, ExpectedException.ArgumentNullException(), errors, false); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[0], null, ExpectedException.ArgumentNullException(), errors, false); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[0], new byte[0], ExpectedException.ArgumentException("IDX10625:"), errors, false); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[1], new byte[0], ExpectedException.ArgumentException("IDX10626:"), errors, false); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, new byte[1], new byte[1], ExpectedException.NoExceptionExpected, errors, false); var signature = GetSignatureFromSymmetricKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, rawBytes); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); // wrong algorithm SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha384Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); // wrong key SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.SymmetricSecurityKey2_256, SecurityAlgorithms.HmacSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, false); signature = GetSignatureFromSymmetricKey(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha512Signature, rawBytes); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha512Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); signature = GetSignatureFromSymmetricKey(KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256Signature, rawBytes); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.JsonWebKeySymmetric256, SecurityAlgorithms.HmacSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); SymmetricSignatureProviders_Verify_Variation(KeyingMaterial.DefaultSymmetricSecurityKey_256, SecurityAlgorithms.HmacSha256Signature, rawBytes, signature, ExpectedException.NoExceptionExpected, errors, true); TestUtilities.AssertFailIfErrors("SymmetricSignatureProvider_Verify", errors); }
private static void AddUnwrapParameterCheckTheoryData(string testId, string algorithm, SecurityKey key, byte[] wrappedKey, ExpectedException ee, TheoryData <KeyWrapTestParams> theoryData) { theoryData.Add(new KeyWrapTestParams { EncryptAlgorithm = algorithm, EncryptKey = key, WrappedKey = wrappedKey, EE = ee, TestId = testId }); }
private void SymmetricSignatureProviders_Verify_Variation(SecurityKey key, string algorithm, byte[] rawBytes, byte[] signature, ExpectedException ee, List <string> errors, bool shouldSignatureSucceed) { try { SymmetricSignatureProvider provider = new SymmetricSignatureProvider(key, algorithm); if (provider.Verify(rawBytes, signature) != shouldSignatureSucceed) { errors.Add("SignatureProvider.Verify did not return expected: " + shouldSignatureSucceed + " , algorithm: " + algorithm); } ee.ProcessNoException(errors); } catch (Exception ex) { ee.ProcessException(ex, errors); } }
#pragma warning restore CS3016 // Arrays as attribute arguments is not CLS-compliant public void DefaultCryptoProviderFactory(SecurityKey key, string algorithm, bool isSupported, bool supportsSigning, ExpectedException ee) { Assert.True(CryptoProviderFactory.Default.IsSupportedAlgorithm(algorithm, key) == isSupported, string.Format(CultureInfo.InvariantCulture, "SecurityKey: '{0}', algorithm: '{1}', isSupported: '{2}'", key, algorithm, isSupported)); if (isSupported && supportsSigning) { try { var signatureProvider = CryptoProviderFactory.Default.CreateForSigning(key, algorithm); var signatureProviderVerify = CryptoProviderFactory.Default.CreateForVerifying(key, algorithm); var bytes = Encoding.UTF8.GetBytes("GenerateASignature"); var signature = signatureProvider.Sign(bytes); var signatureCheck = signatureProviderVerify.Verify(bytes, signature); Assert.True(signatureCheck); CryptoProviderFactory.Default.ReleaseSignatureProvider(signatureProvider); CryptoProviderFactory.Default.ReleaseSignatureProvider(signatureProviderVerify); ee.ProcessNoException(); } catch (Exception ex) { ee.ProcessException(ex); } } }
private void FactoryCreateFor(string testcase, SecurityKey key, string algorithm, CryptoProviderFactory factory, ExpectedException expectedException) { Console.WriteLine(testcase); try { if (testcase.StartsWith("Signing")) { factory.CreateForSigning(key, algorithm); } else { factory.CreateForVerifying(key, algorithm); } expectedException.ProcessNoException(); } catch (Exception ex) { expectedException.ProcessException(ex); } }
public void Constructor() { // testing constructor that takes rsa parameters RsaSecurityKeyConstructor(KeyingMaterial.RsaParameters_1024, ExpectedException.NoExceptionExpected); RsaSecurityKeyConstructor(KeyingMaterial.RsaParameters_1024_Public, ExpectedException.NoExceptionExpected); // missing modulus or exponent RsaSecurityKeyConstructor(KeyingMaterial.RsaParameters_2048_MissingExponent, ExpectedException.ArgumentException("IDX10700")); RsaSecurityKeyConstructor(KeyingMaterial.RsaParameters_2048_MissingModulus, ExpectedException.ArgumentException("IDX10700")); // testing constructor that takes Rsa instance RsaSecurityKeyConstructorWithRsa(null, ExpectedException.ArgumentNullException("rsa")); RSA rsaCsp_2048 = new RSACryptoServiceProvider(); rsaCsp_2048.ImportParameters(KeyingMaterial.RsaParameters_2048); RSA rsaCsp_2048_Public = new RSACryptoServiceProvider(); rsaCsp_2048_Public.ImportParameters(KeyingMaterial.RsaParameters_2048_Public); RsaSecurityKeyConstructorWithRsa(rsaCsp_2048, ExpectedException.NoExceptionExpected); RsaSecurityKeyConstructorWithRsa(rsaCsp_2048_Public, ExpectedException.NoExceptionExpected); }
private static void AddUnwrapMismatchTheoryData(string testId, SecurityKey encryptKey, SecurityKey decryptKey, string encryptAlg, string decryptAlg, ExpectedException ee, TheoryData <KeyWrapTheoryData> theoryData) { theoryData.Add(new KeyWrapTheoryData { ExpectedException = ee, TestId = testId, UnwrapAlgorithm = decryptAlg, UnwrapKey = decryptKey, WrapAlgorithm = encryptAlg, WrapKey = encryptKey }); }
public void Lifetime(DateTime?notBefore, DateTime?expires, SecurityToken securityToken, TokenValidationParameters validationParameters, ExpectedException ee) { try { Validators.ValidateLifetime(notBefore, expires, securityToken, validationParameters); ee.ProcessNoException(); } catch (Exception ex) { ee.ProcessException(ex); } }
public void Issuer(string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, ExpectedException ee) { try { Validators.ValidateIssuer(issuer, securityToken, validationParameters); ee.ProcessNoException(); } catch (Exception ex) { ee.ProcessException(ex); } }