public async Task SignDataShouldThrowForUnsupportedHashAlgorithm()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration);
using (var ecdsa = materialized.ToECDsa())
{
var exception = Assert.Throws <NotSupportedException>(() =>
ecdsa.SignData(Array.Empty <byte>(), new HashAlgorithmName("unsupported")));
Assert.Equal("The specified algorithm is not supported.", exception.Message);
}
}
public async Task SignDataShouldThrowForUnsupportedHashAlgorithm()
{
using (var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration))
{
using (var rsa = materialized.ToRSA())
{
var exception = Assert.Throws <NotSupportedException>(() =>
rsa.SignData(Array.Empty <byte>(), new HashAlgorithmName("unsupported"), RSASignaturePadding.Pkcs1));
Assert.Equal("The specified algorithm is not supported.", exception.Message);
}
}
}
public async Task SignDataShouldThrowForDigestAndKeySizeMismatch()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);
using (var ecdsa = materialized.ToECDsa())
{
Assert.Equal(256, ecdsa.KeySize);
var data = new byte[] { 1, 2, 3 };
var ex = Assert.Throws <NotSupportedException>(() => ecdsa.SignData(data, HashAlgorithmName.SHA384));
Assert.Equal("The key size '256' is not valid for digest algorithm 'SHA384'.", ex.Message);
}
}
public async Task ShouldHashDataAndVerifyWithKey()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);
using (var ecdsa = materialized.ToECDsa())
{
var data = new byte[] { 1, 2, 3 };
var signature = ecdsa.SignData(data, HashAlgorithmName.SHA256);
var result = ecdsa.VerifyData(data, signature, HashAlgorithmName.SHA256);
Assert.True(result);
}
}
public async Task ShouldHashDataAndVerifyWithCertificate()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration);
using (var rsa = materialized.ToRSA())
{
var data = new byte[] { 1, 2, 3 };
var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var result = rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Assert.True(result);
}
}
public async Task ShouldRoundTripASignatureWithCertificateViaMsi()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateWithMSIConfiguration);
using (var ecdsa = materialized.ToECDsa())
using (var sha256 = SHA256.Create())
{
var data = new byte[] { 1, 2, 3 };
var digest = sha256.ComputeHash(data);
var signature = ecdsa.SignHash(digest);
var result = ecdsa.VerifyHash(digest, signature);
Assert.True(result);
}
}
public async Task ShouldRoundTripASignatureWithCertificateViaMsi()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateWithMSIConfiguration);
using (var rsa = materialized.ToRSA())
using (var sha256 = SHA256.Create())
{
var data = new byte[] { 1, 2, 3 };
var digest = sha256.ComputeHash(data);
var signature = rsa.SignHash(digest, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var result = rsa.VerifyHash(digest, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Assert.True(result);
}
}
public async Task ShouldRoundTripEncryptAndDecryptWithKey()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);
using (var rsa = materialized.ToRSA())
{
var data = Encoding.UTF8.GetBytes("Clear text");
var cipherText = rsa.Encrypt(data, RSAEncryptionPadding.Pkcs1);
var returnedData = rsa.Decrypt(cipherText, RSAEncryptionPadding.Pkcs1);
var text = Encoding.UTF8.GetString(returnedData);
Assert.Equal("Clear text", text);
}
}
public async Task ShouldFailToVerifyBadSignatureWithCertificate()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(certificateConfiguration);
using (var ecdsa = materialized.ToECDsa())
using (var sha256 = SHA256.Create())
{
var data = new byte[] { 1, 2, 3 };
var digest = sha256.ComputeHash(data);
var signature = ecdsa.SignHash(digest);
signature[0] = (byte)~signature[0]; //Flip some bits.
var result = ecdsa.VerifyHash(digest, signature);
Assert.False(result);
}
}
public async Task SignHashShouldThrowForDigestAndKeySizeMismatch()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);
using (var ecdsa = materialized.ToECDsa())
using (var sha384 = SHA384.Create())
{
Assert.Equal(256, ecdsa.KeySize);
var data = new byte[] { 1, 2, 3 };
var digest = sha384.ComputeHash(data);
var ex = Assert.Throws <NotSupportedException>(() => ecdsa.SignHash(digest));
Assert.Equal("The key size '256' is not valid for digest of size '48' bytes.", ex.Message);
}
}
public async Task ShouldFailToVerifyBadSignatureWithKey()
{
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration);
using (var rsa = materialized.ToRSA())
using (var sha256 = SHA256.Create())
{
var data = new byte[] { 1, 2, 3 };
var digest = sha256.ComputeHash(data);
var signature = rsa.SignHash(digest, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
signature[0] = (byte)~signature[0]; //Flip some bits.
var result = rsa.VerifyHash(digest, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Assert.False(result);
}
}
public async Task ShouldHashDataAndVerifyWorkWithCustomCryptographyClientOptions()
{
var cryptographyClientOptions = new CryptographyClientOptions
{
Transport = new HttpClientTransport()
};
var materialized = await KeyVaultConfigurationDiscoverer.Materialize(keyConfiguration, cryptographyClientOptions);
using (var rsa = materialized.ToRSA())
{
var data = new byte[] { 1, 2, 3 };
var signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var result = rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Assert.True(result);
}
}