Modify RS256Algorithm to use RSA from cert directly

[abatishchev]

Resolves #124, closes #118.

Drawback:

• class RSA doesn't have method SignData in .NET 3.5, so I upgraded to .NET 4.6.2

[abatishchev]

@nbarbettini can you please check whether I upgraded target framework properly? I'm asking because AppVeyor fails

[abatishchev]

@StefH can you please help with test, and what's more important with proper unit testing?

[StefH]

0]
I did also add some code-review comments...

Testing can be done like:

1] Generate certificate and private key

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

2]
Make a X509 certificate based on the two file above (https://github.com/StefH/JwtTest/blob/master/JwtTest/CertificateFromFileProvider.cs)

3]
Generate a token based on RS256 using your old (current) and new (this PR) RS256Algorithm.

4]
Copy paste this token in Encoded field on https://jwt.io/

5]
Copy paste your public certificate key (certificate_pub.crt) into that VERIFY SIGNATURE block (first block) only.

6]
When you get a blue box beneath saying signature verified then the JWT is valid.

[nbarbettini]

This line needs to be net462;netstandard1.3

[abatishchev]

Done, thanks!

[nbarbettini]

Do we have any #if directives that look for either NET35 or NET46?

[abatishchev]

No, only 1 places (this file) that looks for NET_STANDARD. Good point thought!

[abatishchev]

@ubercow sorry, it took some time to come back to the issue you're opened. Can you please take a look on this project? Should be same.

[abatishchev]

@StefH right but I meant some input how to update existing/add new unit test(s). Can you please help here?

[abatishchev]

AppVeyor can't build anything:

Could not find Cake.exe at C:\projects\jwt\tools\Cake\Cake.exe

I question its stability :(

[nbarbettini]

AppVeyor can't build anything

That doesn't seem like a typical error - can you try restarting the build?

[abatishchev]

It fails with same error for a while now: https://ci.appveyor.com/project/abatishchev/jwt/history

[StefH]

Why casting to RSA ? This is not needed ?

[abatishchev]

Indeed, thanks!

[StefH]

This line is not used because you only define <TargetFrameworks>net35;netstandard1.3</TargetFrameworks>.

So just revert back this change.

[abatishchev]

Here I want to upgrade to net462. What would be the right way to do that?

[StefH]

you can just add net462 like:
<TargetFrameworks>net35;net462;netstandard1.3</TargetFrameworks>.

But this is not needed because the net35 can be used by all frameworks.

[abatishchev]

Currently it's this:

<TargetFrameworks>net462;netstandard1.3</TargetFrameworks>

Isn't this correct?

[StefH]

@abatishchev
About unit-tests : you don't really need to test all rsa encryption code. Just use Moq to mock some calls.

[abatishchev]

Usually we test end-to-end by having hard-coded JWT and asserting expected outcome

[StefH]

If the build works fine, and all code is merged to master branch, I will take a quick look how to do unit test.

[abatishchev]

@nbarbettini please take a look to the latest changes

[nbarbettini]

I'm not super familiar with the RSACryptoServiceProvider stuff, but it looks reasonable.

Are you intending to raise the minimum framework version to .NET 4.6.2?

[abatishchev]

Yeah, I'm not either :) Hope it works, and now works better.

Yes, to normalize the code between .NetFramework and .Net Core. Hope everybody will be fine with that too.

[StefH]

If possible, can you lower the dependency for 4.6.2?

Can you lower this to .net 4.0? In that way your librabry can also be used by .net 4 and .net 4.5 libraries/programs.

[abatishchev]

Let's continue in #130. Can you please describe your scenario/environment/requirements? The thing from my perspective is that 4.6.2 is the lowest supported as of today version, all lower are out of support. And transition from 4.0 to 4.5. would be long due, and from 4.5 to 4.6.2 usually is seamless. But again I'd love to understand your perspective.