roycornelissen/CryptoService.cs

## CryptoService.cs
using System;
using System.IO;
using System.Text;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.IO.Pem;
using Org.BouncyCastle.X509;
using System.Linq;

namespace JoseJWE
{
	public class CryptoService
	{
		public AsymmetricCipherKeyPair GenerateKeyPair()
		{
			var random = new SecureRandom();
			var keyGenerationParameters = new KeyGenerationParameters(random, 1024);
			var keyPairGenerator = new RsaKeyPairGenerator();
			keyPairGenerator.Init(keyGenerationParameters);
			var keyPair = keyPairGenerator.GenerateKeyPair();
			return keyPair;
		}

		public string GeneratePemEncodedCertificate(AsymmetricCipherKeyPair keyPair)
		{
				var random = new SecureRandom();
				var signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, random);

				var gen = new X509V3CertificateGenerator();
				gen.SetPublicKey(keyPair.Public);

				BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
				gen.SetSerialNumber(serialNumber);

				var x509Name = new X509Name("CN=MyCertificate,O=RoyCornelissen,OU=CryptoService");
				gen.SetIssuerDN(x509Name);
				gen.SetSubjectDN(x509Name);

				gen.SetNotBefore(DateTime.UtcNow.AddHours(-1));
				gen.SetNotAfter(DateTime.UtcNow.AddMonths(1));

				var x509 = gen.Generate(signatureFactory);
				x509.CheckValidity(DateTime.UtcNow);
				x509.Verify(keyPair.Public);

				using (var stringWriter = new StringWriter())
				{
					var writer = new PemWriter(stringWriter);
					var pog = new PemObject("CERTIFICATE", x509.GetEncoded());
					writer.WriteObject(pog);
					return stringWriter.ToString();
				}
		}

		public string DecodeJwt(string tokenData, AsymmetricKeyParameter privateKey)
		{
			var token = Parse(tokenData);
			return DecodeAndDecrypt(token, privateKey);
		}

		private string DecodeAndDecrypt(byte[][] parts, AsymmetricKeyParameter key)
		{
			byte[] header = parts[0];
			byte[] encryptedCek = parts[1];
			byte[] iv = parts[2];
			byte[] cipherText = parts[3];
			byte[] authTag = parts[4];

			var cek = Unwrap(encryptedCek, key);
			var aad = Encoding.UTF8.GetBytes(Serialize(header));

			return Decrypt(cek, iv, aad, cipherText, authTag);
		}

		private string Serialize(params byte[][] parts)
		{
			var builder = new StringBuilder();

			foreach (var part in parts)
			{
				builder.Append(Base64UrlEncode(part)).Append(".");
			}

			builder.Remove(builder.Length - 1, 1);

			return builder.ToString();
		}

		private byte[][] Parse(string token)
		{
			string[] parts = token.Split('.');

			var result = new byte[parts.Length][];

			for (int i = 0; i < parts.Length; i++)
			{
				result[i] = Base64UrlDecode(parts[i]);
			}

			return result;
		}

		private byte[] Unwrap(byte[] encryptedCek, AsymmetricKeyParameter key)
		{
			var decryptEngine = new OaepEncoding(new RsaEngine());
			decryptEngine.Init(false, key);
			var deciphered = decryptEngine.ProcessBlock(encryptedCek, 0, encryptedCek.Length);
			return deciphered;
		}

		//Preconfigured Encryption Parameters
		private static readonly int MacBitSize = 128;

		/// <summary>
		/// Performs AES decryption in GCM chaining mode over cipher text
		/// </summary>
		/// <param name="cek">aes key</param>
		/// <param name="iv">initialization vector</param>
		/// <param name="aad">additional authn data</param>
		/// <param name="cipherText">cipher text message to be decrypted</param>
		/// <param name="authTag">authentication tag</param>
		/// <returns>decrypted plain text messages</returns>
		private string Decrypt(byte[] cek, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
		{
				var keyParameter = new KeyParameter(cek);
				var gcmParameters = new AeadParameters(
					keyParameter,
					MacBitSize,
					iv);

				var gcmMode = new GcmBlockCipher(new AesFastEngine());
				gcmMode.Init(false, gcmParameters);
				gcmMode.ProcessAadBytes(aad, 0, aad.Length);

				var cipherBuffer = cipherText.Concat(authTag).ToArray();
				var plainBytes = new byte[gcmMode.GetOutputSize(cipherBuffer.Length)];
				var res = gcmMode.ProcessBytes(cipherBuffer, 0, cipherBuffer.Length, plainBytes, 0);
				gcmMode.DoFinal(plainBytes, res);

				var plain = Encoding.UTF8.GetString(plainBytes, 0, plainBytes.Length);
				return plain;
		}

		// from JWT spec
		public byte[] FromBase64Url(string base64Url)
		{
			string padded = base64Url.Length % 4 == 0
				? base64Url : base64Url + "====".Substring(base64Url.Length % 4);
			string base64 = padded.Replace("_", "/")
									.Replace("-", "+");
			return Convert.FromBase64String(base64);
		}

		// from JWT spec
		public string Base64UrlEncode(byte[] input)
		{
			var output = Convert.ToBase64String(input);
			output = output.Split('=')[0]; // Remove any trailing '='s
			output = output.Replace('+', '-'); // 62nd char of encoding
			output = output.Replace('/', '_'); // 63rd char of encoding
			return output;
		}

		// from JWT spec
		private byte[] Base64UrlDecode(string input)
		{
			var output = input;
			output = output.Replace('-', '+'); // 62nd char of encoding
			output = output.Replace('_', '/'); // 63rd char of encoding
			switch (output.Length % 4) // Pad with trailing '='s
			{
				case 0: break; // No pad chars in this case
				case 1: output += "==="; break; // Three pad chars
				case 2: output += "=="; break; // Two pad chars
				case 3: output += "="; break; // One pad char
				default: throw new Exception("Illegal base64url string!");
			}
			var converted = Convert.FromBase64String(output); // Standard base64 decoder
			return converted;
		}
	}
}

## UnitTest.cs
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using FluentAssertions;
using Jose;
using NUnit.Framework;
using Org.BouncyCastle.Crypto.Parameters;

namespace JoseJWE.Tests
{
	[TestFixture]
	public class CryptoServiceTests
	{
		private const string TokenPlainText = "{\"sub\":\"roycornelissen\",\"aud\":\"sample app\",\"nbf\":136424444,\"iss\":\"https://api.someorganization.com\",\"preferred_username\":\"Roy Cornelissen\",\"exp\":1364293137,\"given_name\":\"Roy\",\"iat\":13642555,\"family_name\":\"Cornelissen\",\"preferred_language\":\"nl-NL\"}";

		[Test]
		public void GenerateCertificate_Generates_Valid_X509Certificate()
		{
			var g = new CryptoService();
			var keyPair = g.GenerateKeyPair();

			var pemEncodedCertificate = g.GeneratePemEncodedCertificate(keyPair).ToString();

			var p = new Org.BouncyCastle.X509.X509CertificateParser();
			var certDecoded = p.ReadCertificate(Encoding.UTF8.GetBytes(pemEncodedCertificate));

			certDecoded.Should().NotBeNull();
			certDecoded.NotBefore.Should().BeBefore(DateTime.UtcNow);
			certDecoded.NotAfter.Should().BeAfter(DateTime.UtcNow);
		}

		[Test]
		public void Certificate_Used_For_JWT_Encryption_JWE_Can_Be_Decrypted()
		{
			var g = new CryptoService();
			var keypair = g.GenerateKeyPair();

			var cert = g.GeneratePemEncodedCertificate(keypair);
			var base64Certificate = g.Base64UrlEncode(Encoding.UTF8.GetBytes(cert));

			// try to perform local encryption and decryption for reference
			var p = new Org.BouncyCastle.X509.X509CertificateParser();
			var certDecoded = p.ReadCertificate(g.FromBase64Url(base64Certificate));

      // use 3rd party library JOSE-JWT to encode the JWT (only works in .NET, not from PCL!)
			var publicRsaKey = ToRSA((RsaKeyParameters)certDecoded.GetPublicKey());
			var encrypted = JWT.Encode(TokenPlainText, publicRsaKey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);

			// now attempt to decode it using our own cryptoService
			var plainText = g.DecodeJwt(encrypted, keypair.Private);
			plainText.Should().Be(TokenPlainText);
		}

    public static RSA ToRSA(RsaKeyParameters rsaKey)
    {
        RSAParameters rp = ToRSAParameters(rsaKey);
        RSACryptoServiceProvider rsaCsp = new RSACryptoServiceProvider();
        rsaCsp.ImportParameters(rp);
        return rsaCsp;
    }

    private static RSAParameters ToRSAParameters(RsaKeyParameters rsaKey)
    {
        RSAParameters rp = new RSAParameters();
        rp.Modulus = rsaKey.Modulus.ToByteArrayUnsigned();
        if (rsaKey.IsPrivate)
            rp.D = rsaKey.Exponent.ToByteArrayUnsigned();
        else
            rp.Exponent = rsaKey.Exponent.ToByteArrayUnsigned();
        return rp;
    }
	}
}
	using System;
	using System.IO;
	using System.Text;
	using Org.BouncyCastle.Asn1.Pkcs;
	using Org.BouncyCastle.Asn1.X509;
	using Org.BouncyCastle.Crypto;
	using Org.BouncyCastle.Crypto.Encodings;
	using Org.BouncyCastle.Crypto.Engines;
	using Org.BouncyCastle.Crypto.Generators;
	using Org.BouncyCastle.Crypto.Modes;
	using Org.BouncyCastle.Crypto.Operators;
	using Org.BouncyCastle.Crypto.Parameters;
	using Org.BouncyCastle.Math;
	using Org.BouncyCastle.Pkcs;
	using Org.BouncyCastle.Security;
	using Org.BouncyCastle.Utilities;
	using Org.BouncyCastle.Utilities.IO.Pem;
	using Org.BouncyCastle.X509;
	using System.Linq;

	namespace JoseJWE
	{
	public class CryptoService
	{
	public AsymmetricCipherKeyPair GenerateKeyPair()
	{
	var random = new SecureRandom();
	var keyGenerationParameters = new KeyGenerationParameters(random, 1024);
	var keyPairGenerator = new RsaKeyPairGenerator();
	keyPairGenerator.Init(keyGenerationParameters);
	var keyPair = keyPairGenerator.GenerateKeyPair();
	return keyPair;
	}

	public string GeneratePemEncodedCertificate(AsymmetricCipherKeyPair keyPair)
	{
	var random = new SecureRandom();
	var signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, random);

	var gen = new X509V3CertificateGenerator();
	gen.SetPublicKey(keyPair.Public);

	BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
	gen.SetSerialNumber(serialNumber);

	var x509Name = new X509Name("CN=MyCertificate,O=RoyCornelissen,OU=CryptoService");
	gen.SetIssuerDN(x509Name);
	gen.SetSubjectDN(x509Name);

	gen.SetNotBefore(DateTime.UtcNow.AddHours(-1));
	gen.SetNotAfter(DateTime.UtcNow.AddMonths(1));

	var x509 = gen.Generate(signatureFactory);
	x509.CheckValidity(DateTime.UtcNow);
	x509.Verify(keyPair.Public);

	using (var stringWriter = new StringWriter())
	{
	var writer = new PemWriter(stringWriter);
	var pog = new PemObject("CERTIFICATE", x509.GetEncoded());
	writer.WriteObject(pog);
	return stringWriter.ToString();
	}
	}

	public string DecodeJwt(string tokenData, AsymmetricKeyParameter privateKey)
	{
	var token = Parse(tokenData);
	return DecodeAndDecrypt(token, privateKey);
	}

	private string DecodeAndDecrypt(byte[][] parts, AsymmetricKeyParameter key)
	{
	byte[] header = parts[0];
	byte[] encryptedCek = parts[1];
	byte[] iv = parts[2];
	byte[] cipherText = parts[3];
	byte[] authTag = parts[4];

	var cek = Unwrap(encryptedCek, key);
	var aad = Encoding.UTF8.GetBytes(Serialize(header));

	return Decrypt(cek, iv, aad, cipherText, authTag);
	}

	private string Serialize(params byte[][] parts)
	{
	var builder = new StringBuilder();

	foreach (var part in parts)
	{
	builder.Append(Base64UrlEncode(part)).Append(".");
	}

	builder.Remove(builder.Length - 1, 1);

	return builder.ToString();
	}

	private byte[][] Parse(string token)
	{
	string[] parts = token.Split('.');

	var result = new byte[parts.Length][];

	for (int i = 0; i < parts.Length; i++)
	{
	result[i] = Base64UrlDecode(parts[i]);
	}

	return result;
	}

	private byte[] Unwrap(byte[] encryptedCek, AsymmetricKeyParameter key)
	{
	var decryptEngine = new OaepEncoding(new RsaEngine());
	decryptEngine.Init(false, key);
	var deciphered = decryptEngine.ProcessBlock(encryptedCek, 0, encryptedCek.Length);
	return deciphered;
	}

	//Preconfigured Encryption Parameters
	private static readonly int MacBitSize = 128;

	/// <summary>
	/// Performs AES decryption in GCM chaining mode over cipher text
	/// </summary>
	/// <param name="cek">aes key</param>
	/// <param name="iv">initialization vector</param>
	/// <param name="aad">additional authn data</param>
	/// <param name="cipherText">cipher text message to be decrypted</param>
	/// <param name="authTag">authentication tag</param>
	/// <returns>decrypted plain text messages</returns>
	private string Decrypt(byte[] cek, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
	{
	var keyParameter = new KeyParameter(cek);
	var gcmParameters = new AeadParameters(
	keyParameter,
	MacBitSize,
	iv);

	var gcmMode = new GcmBlockCipher(new AesFastEngine());
	gcmMode.Init(false, gcmParameters);
	gcmMode.ProcessAadBytes(aad, 0, aad.Length);

	var cipherBuffer = cipherText.Concat(authTag).ToArray();
	var plainBytes = new byte[gcmMode.GetOutputSize(cipherBuffer.Length)];
	var res = gcmMode.ProcessBytes(cipherBuffer, 0, cipherBuffer.Length, plainBytes, 0);
	gcmMode.DoFinal(plainBytes, res);

	var plain = Encoding.UTF8.GetString(plainBytes, 0, plainBytes.Length);
	return plain;
	}

	// from JWT spec
	public byte[] FromBase64Url(string base64Url)
	{
	string padded = base64Url.Length % 4 == 0
	? base64Url : base64Url + "====".Substring(base64Url.Length % 4);
	string base64 = padded.Replace("_", "/")
	.Replace("-", "+");
	return Convert.FromBase64String(base64);
	}

	// from JWT spec
	public string Base64UrlEncode(byte[] input)
	{
	var output = Convert.ToBase64String(input);
	output = output.Split('=')[0]; // Remove any trailing '='s
	output = output.Replace('+', '-'); // 62nd char of encoding
	output = output.Replace('/', '_'); // 63rd char of encoding
	return output;
	}

	// from JWT spec
	private byte[] Base64UrlDecode(string input)
	{
	var output = input;
	output = output.Replace('-', '+'); // 62nd char of encoding
	output = output.Replace('_', '/'); // 63rd char of encoding
	switch (output.Length % 4) // Pad with trailing '='s
	{
	case 0: break; // No pad chars in this case
	case 1: output += "==="; break; // Three pad chars
	case 2: output += "=="; break; // Two pad chars
	case 3: output += "="; break; // One pad char
	default: throw new Exception("Illegal base64url string!");
	}
	var converted = Convert.FromBase64String(output); // Standard base64 decoder
	return converted;
	}
	}
	}
	using System;
	using System.Net.Http;
	using System.Text;
	using System.Threading.Tasks;
	using FluentAssertions;
	using Jose;
	using NUnit.Framework;
	using Org.BouncyCastle.Crypto.Parameters;

	namespace JoseJWE.Tests
	{
	[TestFixture]
	public class CryptoServiceTests
	{
	private const string TokenPlainText = "{\"sub\":\"roycornelissen\",\"aud\":\"sample app\",\"nbf\":136424444,\"iss\":\"https://api.someorganization.com\",\"preferred_username\":\"Roy Cornelissen\",\"exp\":1364293137,\"given_name\":\"Roy\",\"iat\":13642555,\"family_name\":\"Cornelissen\",\"preferred_language\":\"nl-NL\"}";

	[Test]
	public void GenerateCertificate_Generates_Valid_X509Certificate()
	{
	var g = new CryptoService();
	var keyPair = g.GenerateKeyPair();

	var pemEncodedCertificate = g.GeneratePemEncodedCertificate(keyPair).ToString();

	var p = new Org.BouncyCastle.X509.X509CertificateParser();
	var certDecoded = p.ReadCertificate(Encoding.UTF8.GetBytes(pemEncodedCertificate));

	certDecoded.Should().NotBeNull();
	certDecoded.NotBefore.Should().BeBefore(DateTime.UtcNow);
	certDecoded.NotAfter.Should().BeAfter(DateTime.UtcNow);
	}

	[Test]
	public void Certificate_Used_For_JWT_Encryption_JWE_Can_Be_Decrypted()
	{
	var g = new CryptoService();
	var keypair = g.GenerateKeyPair();

	var cert = g.GeneratePemEncodedCertificate(keypair);
	var base64Certificate = g.Base64UrlEncode(Encoding.UTF8.GetBytes(cert));

	// try to perform local encryption and decryption for reference
	var p = new Org.BouncyCastle.X509.X509CertificateParser();
	var certDecoded = p.ReadCertificate(g.FromBase64Url(base64Certificate));

	// use 3rd party library JOSE-JWT to encode the JWT (only works in .NET, not from PCL!)
	var publicRsaKey = ToRSA((RsaKeyParameters)certDecoded.GetPublicKey());
	var encrypted = JWT.Encode(TokenPlainText, publicRsaKey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);

	// now attempt to decode it using our own cryptoService
	var plainText = g.DecodeJwt(encrypted, keypair.Private);
	plainText.Should().Be(TokenPlainText);
	}

	public static RSA ToRSA(RsaKeyParameters rsaKey)
	{
	RSAParameters rp = ToRSAParameters(rsaKey);
	RSACryptoServiceProvider rsaCsp = new RSACryptoServiceProvider();
	rsaCsp.ImportParameters(rp);
	return rsaCsp;
	}

	private static RSAParameters ToRSAParameters(RsaKeyParameters rsaKey)
	{
	RSAParameters rp = new RSAParameters();
	rp.Modulus = rsaKey.Modulus.ToByteArrayUnsigned();
	if (rsaKey.IsPrivate)
	rp.D = rsaKey.Exponent.ToByteArrayUnsigned();
	else
	rp.Exponent = rsaKey.Exponent.ToByteArrayUnsigned();
	return rp;
	}
	}
	}