uruk-project · ycrumeyrolle · Jul 21, 2024 · Apr 22, 2024
diff --git a/src/JsonWebToken/Cryptography/EllipticalCurves.cs b/src/JsonWebToken/Cryptography/EllipticalCurves.cs
@@ -110,6 +110,19 @@ public static EllipticalCurve FromString(string crv)
             return curve;
         }
 
+
+        /// <summary>Cast the <see cref="string"/> into its <see cref="EllipticalCurve"/> representation.</summary>
+        public static explicit operator EllipticalCurve?(string? value)
+        {
+            if (value is null)
+            {
+                return null;
+            }
+
+            return FromString(value); ;
+        }
+
+
         /// <summary>Tries to parse a <see cref="string"/> into a <see cref="EllipticalCurve"/>.</summary>
         public static bool TryParse(string crv, [NotNullWhen(true)] out EllipticalCurve? curve)
         {

diff --git a/src/JsonWebToken/Jwk.cs b/src/JsonWebToken/Jwk.cs
@@ -641,22 +641,9 @@ public bool TryGetKeyUnwrapper(EncryptionAlgorithm? encryptionAlgorithm, KeyMana
         public byte[] Canonicalize()
         {
             int size = GetCanonicalizeSize();
-            byte[]? arrayToReturn = null;
-            try
-            {
-                Span<byte> buffer = size > Constants.MaxStackallocBytes
-                                    ? (arrayToReturn = ArrayPool<byte>.Shared.Rent(size))
-                                    : stackalloc byte[size];
-                Canonicalize(buffer);
-                return buffer.Slice(0, size).ToArray();
-            }
-            finally
-            {
-                if (arrayToReturn != null)
-                {
-                    ArrayPool<byte>.Shared.Return(arrayToReturn);
-                }
-            }
+            var buffer = new byte[size];
+            Canonicalize(buffer);
+            return buffer;
         }
 
         /// <summary>Compute the normal form, as defined by https://tools.ietf.org/html/rfc7638#section-3.2, and writes it to the <paramref name="buffer"/>.</summary>

diff --git a/src/JsonWebToken/PasswordBasedJwk.cs b/src/JsonWebToken/PasswordBasedJwk.cs
@@ -84,7 +84,7 @@ public static PasswordBasedJwk FromPassphrase(string passphrase, KeyManagementAl
                 ThrowHelper.ThrowArgumentNullException(ExceptionArgument.bytes);
             }
 
-            var innerKey = SymmetricJwk.FromByteArray(Utf8.GetBytes(passphrase), algorithm, computeThumbprint);
+            var innerKey = SymmetricJwk.FromByteArray(Utf8.GetBytes(passphrase), computeThumbprint);
             return new PasswordBasedJwk(innerKey, iterationCount, saltSizeInBytes, algorithm);
         }
 

diff --git a/test/JsonWebToken.Tests/ECJwkTests.cs b/test/JsonWebToken.Tests/ECJwkTests.cs
@@ -142,7 +142,7 @@ public void Equal(EllipticalCurve crv)
             key.Kid = JsonEncodedText.Encode("X");
             copiedKey.Kid = JsonEncodedText.Encode("Y");
             Assert.NotEqual(key, copiedKey);
-   
+
             Assert.NotEqual(key, Jwk.None);
         }
 
@@ -180,15 +180,21 @@ public override Signer CreateSigner_Failed(Jwk key, SignatureAlgorithm alg)
             return base.CreateSigner_Failed(key, alg);
         }
 
-        [Fact]
-        public override void Canonicalize()
+        [Theory]
+        [InlineData("ES256")]
+        [InlineData("ES384")]
+        [InlineData("ES512")]
+        [InlineData("ES256K")]
+        public override void Canonicalize(string alg)
         {
-            var jwk = ECJwk.GeneratePrivateKey(SignatureAlgorithm.ES256);
+            var jwk = ECJwk.GeneratePrivateKey((SignatureAlgorithm)alg);
             var canonicalizedKey = (ECJwk)CanonicalizeKey(jwk);
 
             Assert.True(canonicalizedKey.D.IsEmpty);
+            bool supported = EllipticalCurve.TryGetSupportedCurve((SignatureAlgorithm)alg, out var crv);
 
-            Assert.Equal(EllipticalCurve.P256.Id, canonicalizedKey.Crv.Id);
+            Assert.True(supported);
+            Assert.Equal(crv.Id, canonicalizedKey.Crv.Id);
             Assert.False(canonicalizedKey.X.IsEmpty);
             Assert.False(canonicalizedKey.Y.IsEmpty);
         }

diff --git a/test/JsonWebToken.Tests/JwkTestsBase.cs b/test/JsonWebToken.Tests/JwkTestsBase.cs
@@ -47,7 +47,7 @@ public virtual Signer CreateSigner_Failed(Jwk key, SignatureAlgorithm alg)
             return signer;
         }
 
-        public abstract void Canonicalize();
+        public abstract void Canonicalize(string alg);
 
         public Jwk CanonicalizeKey(Jwk key)
         {

diff --git a/test/JsonWebToken.Tests/PasswordBasedJwkTests.cs b/test/JsonWebToken.Tests/PasswordBasedJwkTests.cs
@@ -28,7 +28,7 @@ public void Equal()
             key.Kid = JsonEncodedText.Encode("X");
             copiedKey.Kid = JsonEncodedText.Encode("Y");
             Assert.NotEqual(key, copiedKey);
-    
+
             Assert.NotEqual(key, Jwk.None);
         }
 
@@ -39,10 +39,14 @@ public override KeyWrapper CreateKeyWrapper_Succeed(Jwk key, EncryptionAlgorithm
             return base.CreateKeyWrapper_Succeed(key, enc, alg);
         }
 
-        [Fact]
-        public override void Canonicalize()
+        [Theory]
+        [InlineData("PBES2-HS256+A128KW")]
+        [InlineData("PBES2-HS384+A192KW")]
+        [InlineData("PBES2-HS512+A256KW")]
+        public override void Canonicalize(string alg)
         {
-            var jwk = PasswordBasedJwk.FromPassphrase("Thus from my lips, by yours, my sin is purged.");
+            var jwk = PasswordBasedJwk.FromPassphrase("Thus from my lips, by yours, my sin is purged.", (KeyManagementAlgorithm)alg); // something is wrong here... how to provide the PBES alg ?
+            //var jwk = PasswordBasedJwk.FromPassphrase("Thus from my lips, by yours, my sin is purged."); // something is wrong here... how to provide the PBES alg ?
             var canonicalizedKey = (SymmetricJwk)CanonicalizeKey(jwk);
             Assert.NotEmpty(canonicalizedKey.ToArray());
         }

diff --git a/test/JsonWebToken.Tests/RsaJwkTests.cs b/test/JsonWebToken.Tests/RsaJwkTests.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.Contracts;
 using System.Numerics;
 using System.Security.Cryptography;
 using System.Text;
@@ -286,10 +287,16 @@ public override Signer CreateSigner_Succeed(Jwk key, SignatureAlgorithm alg)
             return base.CreateSigner_Succeed(key, alg);
         }
 
-        [Fact]
-        public override void Canonicalize()
+        [Theory]
+        [InlineData("RS256")]
+        [InlineData("RS384")]
+        [InlineData("RS512")]
+        [InlineData("PS256")]
+        [InlineData("PS384")]
+        [InlineData("PS512")]
+        public override void Canonicalize(string alg)
         {
-            var jwk = RsaJwk.GeneratePrivateKey(2048, SignatureAlgorithm.RS256);
+            var jwk = RsaJwk.GeneratePrivateKey(2048, (SignatureAlgorithm)alg);
             var canonicalizedKey = (RsaJwk)CanonicalizeKey(jwk);
             Assert.False(canonicalizedKey.E.IsEmpty);
             Assert.False(canonicalizedKey.N.IsEmpty);

diff --git a/test/JsonWebToken.Tests/SymmetricJwkTests.cs b/test/JsonWebToken.Tests/SymmetricJwkTests.cs
@@ -46,8 +46,11 @@
             return base.CreateSigner_Succeed(key, alg);
         }
 
-        [Fact]
-        public override void Canonicalize()
+        [Theory]
+        [InlineData("HS256")]
+        [InlineData("HS384")]
+        [InlineData("HS512")]
+        public override void Canonicalize(string alg)
         {
             var jwk = SymmetricJwk.GenerateKey(SignatureAlgorithm.HS256);
             var canonicalizedKey = (SymmetricJwk)CanonicalizeKey(jwk);