Skip to content

Commit

Permalink
Add tests for RsaOaepKeyWrap
Browse files Browse the repository at this point in the history 
Although RsaOeapKeyWrap identifier doesn't exist, we already released
and decided to support it.
That is the reason why we should keep RsaOaepKeyWrap tests around.
  • Loading branch information
@GeoK
GeoK committed Oct 1, 2018
1 parent c8e9d09 commit 0b0abbf
Show file tree
Hide file tree
Showing 4 changed files with 104 additions and 0 deletions.
32 changes: 32 additions & 0 deletions test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,14 @@ public static TheoryData<CreateTokenTheoryData> RoundTripJWEKeyWrappingTheoryDat
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256)
},
new CreateTokenTheoryData()
{
TestId = "WrongRsaOaepKeyWrapIdentifier-Aes128CbcHmacSha256",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256)
},
new CreateTokenTheoryData()
{
TestId = "RsaOaepKeyWrap-Aes192CbcHmacSha384",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Expand All @@ -425,6 +433,14 @@ public static TheoryData<CreateTokenTheoryData> RoundTripJWEKeyWrappingTheoryDat
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
},
new CreateTokenTheoryData()
{
TestId = "WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
},
new CreateTokenTheoryData()
{
TestId = "RsaOaepKeyWrap-Aes256CbcHmacSha512",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Expand All @@ -433,6 +449,14 @@ public static TheoryData<CreateTokenTheoryData> RoundTripJWEKeyWrappingTheoryDat
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512)
},
new CreateTokenTheoryData()
{
TestId = "WrongRsaOaepKeyWrapIdentifier-Aes256CbcHmacSha512",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512)
},
new CreateTokenTheoryData()
{
TestId = "SymmetricSecurityKey2_128-Aes128KW-Aes128CbcHmacSha256",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.SymmetricSecurityKey2_128, Default.SymmetricSigningKey256),
Expand All @@ -455,6 +479,14 @@ public static TheoryData<CreateTokenTheoryData> RoundTripJWEKeyWrappingTheoryDat
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
},
new CreateTokenTheoryData()
{
TestId = "WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384",
ValidationParameters = Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
Payload = Default.PayloadString,
SigningCredentials = Default.SymmetricSigningCredentials,
EncryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384)
}
};
}
Expand Down
33 changes: 33 additions & 0 deletions test/Microsoft.IdentityModel.Tokens.Saml.Tests/Saml2SecurityTokenHandlerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1701,6 +1701,9 @@ public static TheoryData<Saml2TheoryData> RoundTripEncryptedTokenTheoryData
var encryptingCredentials_KeyWrap_128_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes128Gcm);
var encryptingCredentials_KeyWrap_192_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192Gcm);
var encryptingCredentials_KeyWrap_256_RSAOAEP = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256Gcm);
var encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128Gcm);
var encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192Gcm);
var encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier = new X509EncryptingCredentials(cert, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256Gcm);

//SET HELPER CRYPTO PROVIDER FACTORY - remove when AES-GCM is released and supported
encryptingCredentials128_PreShared.CryptoProviderFactory = new AesGcmProviderFactory();
Expand All @@ -1709,6 +1712,9 @@ public static TheoryData<Saml2TheoryData> RoundTripEncryptedTokenTheoryData
encryptingCredentials_KeyWrap_128_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory();
encryptingCredentials_KeyWrap_192_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory();
encryptingCredentials_KeyWrap_256_RSAOAEP.CryptoProviderFactory = new AesGcmProviderFactory();
encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory();
encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory();
encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier.CryptoProviderFactory = new AesGcmProviderFactory();

// token descriptors (Pre_Shared for one scenario and KeyWrap for another one)
var tokenDescriptor_128_PreShared = CreateTokenDescriptor(signingCredentials, encryptingCredentials128_PreShared);
Expand All @@ -1717,6 +1723,9 @@ public static TheoryData<Saml2TheoryData> RoundTripEncryptedTokenTheoryData
var tokenDescriptor_KeyWrap_128_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_128_RSAOAEP);
var tokenDescriptor_KeyWrap_192_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_192_RSAOAEP);
var tokenDescriptor_KeyWrap_256_RSAOAEP = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_256_RSAOAEP);
var tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_128_Wrong_RSAOAEP_Identifier);
var tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_192_Wrong_RSAOAEP_Identifier);
var tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier = CreateTokenDescriptor(signingCredentials, encryptingCredentials_KeyWrap_256_Wrong_RSAOAEP_Identifier);

var tokenDescriptor_KeyWrap_Signed = new SecurityTokenDescriptor
{
Expand Down Expand Up @@ -1782,6 +1791,30 @@ public static TheoryData<Saml2TheoryData> RoundTripEncryptedTokenTheoryData
TestId = nameof(tokenDescriptor_KeyWrap_256_RSAOAEP),
});

theoryData.Add(new Saml2TheoryData
{
SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken,
ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
ExpectedException = ExpectedException.NoExceptionExpected,
TestId = nameof(tokenDescriptor_KeyWrap_128_Wrong_RSAOAEP_Identifier),
});

theoryData.Add(new Saml2TheoryData
{
SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken,
ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
ExpectedException = ExpectedException.NoExceptionExpected,
TestId = nameof(tokenDescriptor_KeyWrap_192_Wrong_RSAOAEP_Identifier),
});

theoryData.Add(new Saml2TheoryData
{
SecurityToken = tokenHandler.CreateToken(tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier) as Saml2SecurityToken,
ValidationParameters = CreateTokenValidationParameters(signingKey, KeyingMaterial.DefaultX509Key_2048_With_KeyId),
ExpectedException = ExpectedException.NoExceptionExpected,
TestId = nameof(tokenDescriptor_KeyWrap_256_Wrong_RSAOAEP_Identifier),
});

return theoryData;
}
}
Expand Down
7 changes: 7 additions & 0 deletions test/Microsoft.IdentityModel.Tokens.Tests/EncryptingCredentialsTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,13 @@ public static TheoryData<EncryptingCredentialsTheoryData> ConstructorATheoryData
Alg = SecurityAlgorithms.RsaOaepMgf1pKeyWrap,
Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
TestId = "ValidTest"
},
new EncryptingCredentialsTheoryData
{
Key = Default.AsymmetricEncryptionKeyPublic,
Alg = SecurityAlgorithms.RsaOaepKeyWrap,
Enc = SecurityAlgorithms.Aes128CbcHmacSha256,
TestId = "ValidTest_WrongRsaOaepKeyWrapIdentifier"
}
};
}
Expand Down
32 changes: 32 additions & 0 deletions test/System.IdentityModel.Tokens.Jwt.Tests/CreateAndValidateTokens.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -801,6 +801,14 @@ public static TheoryData<string, SecurityTokenDescriptor, TokenValidationParamet
ExpectedException.NoExceptionExpected
);

encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128CbcHmacSha256);
theoryData.Add(
"WrongRsaOaepKeyWrapIdentifier-Aes128CbcHmacSha256",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);

encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"RsaOaepKeyWrap-Aes192CbcHmacSha384",
Expand All @@ -809,6 +817,14 @@ public static TheoryData<string, SecurityTokenDescriptor, TokenValidationParamet
ExpectedException.NoExceptionExpected
);

encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);

encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepMgf1pKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512);
theoryData.Add(
"RsaOaepKeyWrap-Aes256CbcHmacSha512",
Expand All @@ -817,6 +833,14 @@ public static TheoryData<string, SecurityTokenDescriptor, TokenValidationParamet
ExpectedException.NoExceptionExpected
);

encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes256CbcHmacSha512);
theoryData.Add(
"WrongRsaOaepKeyWrapIdentifier-Aes256CbcHmacSha512",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);

// signing key not found
theoryData.Add(
"SigningKey-Not-Found",
Expand Down Expand Up @@ -866,6 +890,14 @@ public static TheoryData<string, SecurityTokenDescriptor, TokenValidationParamet
ExpectedException.NoExceptionExpected
);

encryptingCredentials = new EncryptingCredentials(KeyingMaterial.RsaSecurityKey_2048, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes192CbcHmacSha384);
theoryData.Add(
"WrongRsaOaepKeyWrapIdentifier-Aes192CbcHmacSha384",
Default.SecurityTokenDescriptor(encryptingCredentials, Default.SymmetricSigningCredentials, ClaimSets.DefaultClaims),
Default.TokenValidationParameters(KeyingMaterial.RsaSecurityKey_2048, Default.SymmetricSigningKey256),
ExpectedException.NoExceptionExpected
);

return theoryData;
}

Expand Down

0 comments on commit 0b0abbf

Please sign in to comment.