public static SignatureAlgorithmDataRecordV2 FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey)
{
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
return(new SignatureAlgorithmDataRecordV2 {
Type = rsa.Name,
HashAlgorithm = rsa.HashAlgorithm.Name,
Parameter = rsa.GetPublicKey().ToXml(),
IsParameterEncrypted = false
});
case ECDsaSignatureAlgorithm ecdsa:
return(new SignatureAlgorithmDataRecordV2 {
Type = ecdsa.Name,
HashAlgorithm = ecdsa.HashAlgorithm.Name,
Parameter = ecdsa.GetPublicKey().ToXml(),
IsParameterEncrypted = false
});
case HMACSignatureAlgorithm hmac:
return(new SignatureAlgorithmDataRecordV2 {
Type = hmac.Name,
HashAlgorithm = hmac.HashAlgorithm.Name,
Parameter = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted),
IsParameterEncrypted = isEncrypted
});
public static SignatureAlgorithmDataRecord FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm)
{
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
return(new SignatureAlgorithmDataRecord {
Type = rsa.Name,
HashAlgorithm = rsa.HashAlgorithm.Name,
Parameter = rsa.GetPublicKey().ToXml()
});
case ECDsaSignatureAlgorithm ecdsa:
return(new SignatureAlgorithmDataRecord {
Type = ecdsa.Name,
HashAlgorithm = ecdsa.HashAlgorithm.Name,
Parameter = ecdsa.GetPublicKey().ToXml()
});
case HMACSignatureAlgorithm hmac:
return(new SignatureAlgorithmDataRecord {
Type = hmac.Name,
HashAlgorithm = hmac.HashAlgorithm.Name,
Parameter = Encoding.UTF8.GetString(hmac.Key)
});
default:
throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized.");
}
}
/// <summary>
/// Create a new instance of the <see cref="Client"/> class.
/// </summary>
/// <param name="id">The identity of the client that can be looked up by the server.</param>
/// <param name="name">The descriptive name of the client</param>
/// <param name="signatureAlgorithm">The <see cref="Dalion.HttpMessageSigning.ISignatureAlgorithm"/> that is used to verify the signature.</param>
/// <param name="nonceLifetime">The time span after which repeated nonce values are allowed again.</param>
/// <param name="clockSkew">The clock skew to apply when validation a time.</param>
/// <param name="claims">The additional claims that the validated principal will have upon successful signature verification.</param>
public Client(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, TimeSpan nonceLifetime, TimeSpan clockSkew, params Claim[] claims)
{
if (id == KeyId.Empty)
{
throw new ArgumentException("Value cannot be null or empty.", nameof(id));
}
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException("Value cannot be null or empty.", nameof(name));
}
if (nonceLifetime <= TimeSpan.Zero)
{
throw new ArgumentOutOfRangeException(nameof(nonceLifetime), nonceLifetime, "The specified nonce expiration time span is invalid");
}
if (clockSkew <= TimeSpan.Zero)
{
throw new ArgumentOutOfRangeException(nameof(clockSkew), clockSkew, "The specified clock skew time span is invalid");
}
NonceLifetime = nonceLifetime;
ClockSkew = clockSkew;
Claims = claims ?? Array.Empty <Claim>();
Id = id;
Name = name;
SignatureAlgorithm = signatureAlgorithm ?? throw new ArgumentNullException(nameof(signatureAlgorithm));
}
/// <summary>
/// Create a new instance of the <see cref="Client" /> class, with the specified options.
/// </summary>
/// <param name="id">The identity of the client that can be looked up by the server.</param>
/// <param name="name">The descriptive name of the client.</param>
/// <param name="signatureAlgorithm">The <see cref="Dalion.HttpMessageSigning.ISignatureAlgorithm" /> that is used to verify the signature.</param>
/// <param name="configure">A delegate that allows configuring additional options for the new instance. Pass <see langword="null" /> to use the default options.</param>
/// <returns>The newly created <see cref="Client" /> instance.</returns>
public static Client Create(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, Action <ClientOptions> configure = null)
{
var options = new ClientOptions();
configure?.Invoke(options);
return(new Client(id, name, signatureAlgorithm, options));
}
public RegisteredSigningSettingsTests()
{
_keyId = new KeyId("abc123");
_signatureAlgorithm = A.Fake <ISignatureAlgorithm>();
_signingSettings = new SigningSettings {
KeyId = _keyId, SignatureAlgorithm = _signatureAlgorithm
};
_sut = new RegisteredSigningSettings(_keyId, _signingSettings);
}
private void LoadKey()
{
if (_keyStore == KeyStorage.Nomad)
{
_signatureAlgorithm =
new RsaSignatureAlgorithm(File.ReadAllText(_issuerXmlPath));
}
else if (_keyStore == KeyStorage.PKI)
{
_signatureAlgorithm =
new PkiSignatureAlgorithm(File.ReadAllBytes(_issuerXmlPath), _keyPassword);
}
}
/// <summary>
/// Generate certificate signing request.
/// </summary>
/// <param name="signatureAlgorithm">Signature algorithm.</param>
/// <param name="keyPair">Asymmetric key pair.</param>
/// <param name="dn">Distinct name.</param>
/// <param name="extensions">Extensions.</param>
/// <returns></returns>
/// <exception cref="Exception"/>
public static Pkcs10CertificationRequest GenerateCsr(ISignatureAlgorithm signatureAlgorithm,
AsymmetricCipherKeyPair keyPair,
X509Name dn,
X509Extensions extensions)
{
if (signatureAlgorithm is null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
string id = signatureAlgorithm.X509 is null ? signatureAlgorithm.Mechanism : signatureAlgorithm.X509.Id;
return(GenerateCsr(id, keyPair, dn, extensions));
}
internal static bool ShouldIncludeDateHeader(this ISignatureAlgorithm signatureAlgorithm)
{
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
var signatureAlgorithmString = signatureAlgorithm.Name.ToLowerInvariant();
return(signatureAlgorithmString.StartsWith("rsa", StringComparison.Ordinal) ||
signatureAlgorithmString.StartsWith("hmac", StringComparison.Ordinal) ||
signatureAlgorithmString.StartsWith("ecdsa", StringComparison.Ordinal));
}
public SignatureService(
ISignatureWriteRepository signatureWriteRepository,
ISignatureReadRepository signatureReadRepository,
IArticleReadRepository articleReadRepository,
IArticleWriteRepository articleWriteRepository,
ISignatureAlgorithm signatureAlgorithm
)
{
this.signatureWriteRepository = signatureWriteRepository;
this.articleReadRepository = articleReadRepository;
this.signatureReadRepository = signatureReadRepository;
this.articleWriteRepository = articleWriteRepository;
this.signatureAlgorithm = signatureAlgorithm;
}
/// <summary>
/// Generate issuer self signed certificate.
/// </summary>
/// <param name="signatureAlgorithm">Signature algorithm.</param>
/// <param name="keyPair">The asymmetric key pair of issuer.</param>
/// <param name="dn">The distinct name of issuer.</param>
/// <param name="extensions">Extensions of issuer.</param>
/// <param name="start">Start time.</param>
/// <param name="days">The valid days from the start time.</param>
/// <returns></returns>
/// <exception cref="Exception"/>
public static X509Certificate GenerateIssuerCert(ISignatureAlgorithm signatureAlgorithm,
AsymmetricCipherKeyPair keyPair,
X509Name dn,
X509Extensions extensions,
DateTime start,
int days)
{
if (signatureAlgorithm is null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
string id = signatureAlgorithm.X509 is null ? signatureAlgorithm.Mechanism : signatureAlgorithm.X509.Id;
return(GenerateIssuerCert(id, keyPair, dn, extensions, start, days));
}
/// <summary>
/// Create a new instance of the <see cref="Client" /> class.
/// </summary>
/// <param name="id">The identity of the client that can be looked up by the server.</param>
/// <param name="name">The descriptive name of the client</param>
/// <param name="signatureAlgorithm">The <see cref="Dalion.HttpMessageSigning.ISignatureAlgorithm" /> that is used to verify the signature.</param>
/// <param name="options">The options to apply during creation of the new <see cref="Client" /> instance.</param>
public Client(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, ClientOptions options)
{
if (id == KeyId.Empty)
{
throw new ArgumentException("Value cannot be null or empty.", nameof(id));
}
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException("Value cannot be null or empty.", nameof(name));
}
_options = options ?? throw new ArgumentNullException(nameof(options));
_options.Validate();
Id = id;
Name = name;
SignatureAlgorithm = signatureAlgorithm ?? throw new ArgumentNullException(nameof(signatureAlgorithm));
}
/// <summary>
/// Create a new instance of the <see cref="Client" /> class.
/// </summary>
/// <param name="id">The identity of the client that can be looked up by the server.</param>
/// <param name="name">The descriptive name of the client</param>
/// <param name="signatureAlgorithm">The <see cref="Dalion.HttpMessageSigning.ISignatureAlgorithm" /> that is used to verify the signature.</param>
/// <param name="nonceLifetime">The time span after which repeated nonce values are allowed again.</param>
/// <param name="clockSkew">The clock skew to allow when validation a time.</param>
/// <param name="claims">The additional claims that the validated principal will have upon successful signature verification.</param>
/// <param name="requestTargetEscaping">The method of escaping the value of the (request-target) pseudo-header.</param>
public Client(
KeyId id,
string name,
ISignatureAlgorithm signatureAlgorithm,
TimeSpan nonceLifetime,
TimeSpan clockSkew,
RequestTargetEscaping requestTargetEscaping,
params Claim[] claims)
: this(id, name, signatureAlgorithm, new ClientOptions {
RequestTargetEscaping = requestTargetEscaping,
NonceLifetime = nonceLifetime,
ClockSkew = clockSkew,
Claims = claims
})
{
}
/// <summary>
/// Generate subject certificate.
/// </summary>
/// <param name="signatureAlgorithm">Signature algorithm.</param>
/// <param name="issuerPrivateKey">The asymmetric private key of issuer.</param>
/// <param name="issuerCert">The certificate of issuer.</param>
/// <param name="subjectPublicKey">The asymmetric public key of subject.</param>
/// <param name="subjectDN">The distinct name of subject.</param>
/// <param name="subjectExtensions">Extensions of subject.</param>
/// <param name="start">Start time.</param>
/// <param name="days">The valid days from the start time.</param>
/// <returns></returns>
/// <exception cref="Exception"/>
public static X509Certificate GenerateSubjectCert(ISignatureAlgorithm signatureAlgorithm,
AsymmetricKeyParameter issuerPrivateKey,
X509Certificate issuerCert,
AsymmetricKeyParameter subjectPublicKey,
X509Name subjectDN,
X509Extensions subjectExtensions,
DateTime start,
int days)
{
if (signatureAlgorithm is null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
string id = signatureAlgorithm.X509 is null ? signatureAlgorithm.Mechanism : signatureAlgorithm.X509.Id;
return(GenerateSubjectCert(id, issuerPrivateKey, issuerCert, subjectPublicKey, subjectDN, subjectExtensions, start, days));
}
public HeaderName[] ProvideDefaultHeaders(ISignatureAlgorithm signatureAlgorithm)
{
var list = new List <HeaderName> {
HeaderName.PredefinedHeaderNames.RequestTarget
};
if (signatureAlgorithm.ShouldIncludeDateHeader())
{
list.Add(HeaderName.PredefinedHeaderNames.Date);
}
if (signatureAlgorithm.ShouldIncludeCreatedHeader())
{
list.Add(HeaderName.PredefinedHeaderNames.Created);
}
if (signatureAlgorithm.ShouldIncludeExpiresHeader())
{
list.Add(HeaderName.PredefinedHeaderNames.Expires);
}
return(list.ToArray());
}
public IEnumerable<SignedFile> GetSignedFiles(string directory,
ISignatureAlgorithm signatureAlgorithm)
{
string[] files = Directory.GetFiles(directory, "*",
SearchOption.AllDirectories);
IEnumerable<SignedFile> signedFiles = from file in files
select
new SignedFile
{
FilePath =
file.Substring(
directory.
Length),
Signature =
signatureAlgorithm.Sign(
File.ReadAllBytes(file))
};
return signedFiles;
}
private static void BuildClientUnit(out Pkcs10CertificationRequest clientCsr)
{
ISignatureAlgorithm algorithm = SignatureAlgorithmHelper.GOST3411withECGOST3410;
AsymmetricCipherKeyPair keyPair = algorithm.GenerateKeyPair();
Tuple <X509NameLabel, string>[] names = new Tuple <X509NameLabel, string>[]
{
new Tuple <X509NameLabel, string>(X509NameLabel.C, "CN"),
new Tuple <X509NameLabel, string>(X509NameLabel.CN, "LH.Net.Sockets TEST TCP Client")
};
X509Name dn = X509Helper.GenerateX509Name(names);
Tuple <X509ExtensionLabel, bool, Asn1Encodable>[] exts = new Tuple <X509ExtensionLabel, bool, Asn1Encodable>[]
{
new Tuple <X509ExtensionLabel, bool, Asn1Encodable>(X509ExtensionLabel.BasicConstraints, true, new BasicConstraints(false)),
new Tuple <X509ExtensionLabel, bool, Asn1Encodable>(X509ExtensionLabel.KeyUsage, true, new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign))
};
X509Extensions extensions = X509Helper.GenerateX509Extensions(exts);
clientCsr = X509Helper.GenerateCsr(algorithm, keyPair, dn, extensions);
}
public IEnumerable <SignedFile> GetSignedFiles(string directory,
ISignatureAlgorithm signatureAlgorithm)
{
string[] files = Directory.GetFiles(directory, "*",
SearchOption.AllDirectories);
IEnumerable <SignedFile> signedFiles = from file in files
select
new SignedFile
{
FilePath =
file.Substring(
directory.
Length),
Signature =
signatureAlgorithm.Sign(
File.ReadAllBytes(file))
};
return(signedFiles);
}
public SignatureAlgorithmDataRecord FromSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey)
{
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
return(new SignatureAlgorithmDataRecord {
Type = rsa.Name,
Hash = rsa.HashAlgorithm.Name,
Param = rsa.GetPublicKey().ToXml(),
Encrypted = false
});
case ECDsaSignatureAlgorithm ecdsa:
return(new SignatureAlgorithmDataRecord {
Type = ecdsa.Name,
Hash = ecdsa.HashAlgorithm.Name,
Param = ecdsa.GetPublicKey().ToXml(),
Encrypted = false
});
case HMACSignatureAlgorithm hmac:
var paramValue = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted);
var xmlString = new XElement("Secret", paramValue).ToString();
return(new SignatureAlgorithmDataRecord {
Type = hmac.Name,
Hash = hmac.HashAlgorithm.Name,
Param = xmlString,
Encrypted = isEncrypted
});
default:
throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized.");
}
}
private static void XTest(ISignatureAlgorithm algorithm, ISigner signer, ISigner verifier, byte[] test)
{
signer.BlockUpdate(test, 0, test.Length);
byte[] signature = signer.GenerateSignature();
verifier.BlockUpdate(test, 0, test.Length);
bool diff = !verifier.VerifySignature(signature);
//
string id = algorithm.X509 is null ? string.Empty : algorithm.X509.Id;
Console.Write("{0}{1}{2} ", algorithm.Mechanism.PadRight(32), signer.AlgorithmName.PadRight(32), id.PadRight(32));
if (diff)
{
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("diff");
_diff++;
Console.ResetColor();
}
else
{
Console.WriteLine("same");
}
}
public void SetSignatureAlgorithm(ClientDataRecord dataRecord, ISignatureAlgorithm signatureAlgorithm, SharedSecretEncryptionKey encryptionKey)
{
if (dataRecord == null)
{
throw new ArgumentNullException(nameof(dataRecord));
}
if (signatureAlgorithm == null)
{
throw new ArgumentNullException(nameof(signatureAlgorithm));
}
switch (signatureAlgorithm)
{
case RSASignatureAlgorithm rsa:
dataRecord.SigType = rsa.Name;
dataRecord.SigHashAlgorithm = rsa.HashAlgorithm.Name;
dataRecord.SigParameter = rsa.GetPublicKey().ToXml();
dataRecord.IsSigParameterEncrypted = false;
break;
case ECDsaSignatureAlgorithm ecdsa:
dataRecord.SigType = ecdsa.Name;
dataRecord.SigHashAlgorithm = ecdsa.HashAlgorithm.Name;
dataRecord.SigParameter = ecdsa.GetPublicKey().ToXml();
dataRecord.IsSigParameterEncrypted = false;
break;
case HMACSignatureAlgorithm hmac:
dataRecord.SigType = hmac.Name;
dataRecord.SigHashAlgorithm = hmac.HashAlgorithm.Name;
dataRecord.SigParameter = GetParameterWithEncryption(hmac, encryptionKey, out var isEncrypted);
dataRecord.IsSigParameterEncrypted = isEncrypted;
break;
default:
throw new NotSupportedException($"The specified signature algorithm of type {signatureAlgorithm.GetType().Name} cannot be serialized.");
}
}
public Client(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, params Claim[] claims)
: this(id, name, signatureAlgorithm, new ClientOptions {
Claims = claims
})
{
}
public InheritedClient(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, TimeSpan nonceLifetime) : base(id, name, signatureAlgorithm, TimeSpan.FromMinutes(1))
{
}
/// <summary>
/// Try get algorithm from mechanism.
/// </summary>
/// <param name="mechanism">Algorithm mechanism.</param>
/// <param name="algorithm">Algorithm.</param>
/// <returns></returns>
public static bool TryGetAlgorithm(string mechanism, out ISignatureAlgorithm algorithm)
{
mechanism = mechanism.Replace('_', '-').ToUpperInvariant();
switch (mechanism)
{
case "SHA1WITHCVC-ECDSA":
case "SHA-1WITHCVC-ECDSA": algorithm = SHA1withCVC_ECDSA; return(true);
case "SHA224WITHCVC-ECDSA":
case "SHA-224WITHCVC-ECDSA": algorithm = SHA224withCVC_ECDSA; return(true);
case "SHA256WITHCVC-ECDSA":
case "SHA-256WITHCVC-ECDSA": algorithm = SHA256withCVC_ECDSA; return(true);
case "SHA384WITHCVC-ECDSA":
case "SHA-384WITHCVC-ECDSA": algorithm = SHA384withCVC_ECDSA; return(true);
case "SHA512WITHCVC-ECDSA":
case "SHA-512WITHCVC-ECDSA": algorithm = SHA512withCVC_ECDSA; return(true);
case "ED25519": algorithm = new Ed25519(); return(true);
case "ED25519CTX": algorithm = new Ed25519ctx(); return(true);
case "ED25519PH": algorithm = new Ed25519ph(); return(true);
case "ED448": algorithm = new Ed448(); return(true);
case "ED448PH": algorithm = new Ed448ph(); return(true);
case "GOST3411WITHECGOST3410":
case "ECGOST3410":
case "ECGOST3410-2001":
case "ECGOST-3410":
case "ECGOST-3410-2001": algorithm = GOST3411withECGOST3410; return(true);
case "GOST3411WITHGOST3410":
case "GOST3410":
case "GOST3410-94":
case "GOST-3410":
case "GOST-3410-94": algorithm = GOST3411withGOST3410; return(true);
case "RIPEMD160WITHPLAIN-ECDSA":
case "RIPEMD-160WITHPLAIN-ECDSA": algorithm = RIPEMD160withPLAIN_ECDSA; return(true);
case "SHA1WITHPLAIN-ECDSA":
case "SHA-1WITHPLAIN-ECDSA": algorithm = SHA1withPLAIN_ECDSA; return(true);
case "SHA224WITHPLAIN-ECDSA":
case "SHA-224WITHPLAIN-ECDSA": algorithm = SHA224withPLAIN_ECDSA; return(true);
case "SHA256WITHPLAIN-ECDSA":
case "SHA-256WITHPLAIN-ECDSA": algorithm = SHA256withPLAIN_ECDSA; return(true);
case "SHA384WITHPLAIN-ECDSA":
case "SHA-384WITHPLAIN-ECDSA": algorithm = SHA384withPLAIN_ECDSA; return(true);
case "SHA512WITHPLAIN-ECDSA":
case "SHA-512WITHPLAIN-ECDSA": algorithm = SHA512withPLAIN_ECDSA; return(true);
case "PSSWITHRSA": algorithm = PSSwithRSA; return(true);
case "SHA1WITHDSA":
case "SHA-1WITHDSA": algorithm = SHA1withDSA; return(true);
case "SHA224WITHDSA":
case "SHA-224WITHDSA": algorithm = SHA224withDSA; return(true);
case "SHA256WITHDSA":
case "SHA-256WITHDSA": algorithm = SHA256withDSA; return(true);
case "SHA384WITHDSA":
case "SHA-384WITHDSA": algorithm = SHA384withDSA; return(true);
case "SHA512WITHDSA":
case "SHA-512WITHDSA": algorithm = SHA512withDSA; return(true);
case "SHA3-224WITHDSA":
case "SHA-3-224WITHDSA": algorithm = SHA3_224withDSA; return(true);
case "SHA3-256WITHDSA":
case "SHA-3-256WITHDSA": algorithm = SHA3_256withDSA; return(true);
case "SHA3-384WITHDSA":
case "SHA-3-384WITHDSA": algorithm = SHA3_384withDSA; return(true);
case "SHA3-512WITHDSA":
case "SHA-3-512WITHDSA": algorithm = SHA3_512withDSA; return(true);
case "SHA1WITHECDSA":
case "SHA-1WITHECDSA": algorithm = SHA1withECDSA; return(true);
case "SHA224WITHECDSA":
case "SHA-224WITHECDSA": algorithm = SHA224withECDSA; return(true);
case "SHA256WITHECDSA":
case "SHA-256WITHECDSA": algorithm = SHA256withECDSA; return(true);
case "SHA384WITHECDSA":
case "SHA-384WITHECDSA": algorithm = SHA384withECDSA; return(true);
case "SHA512WITHECDSA":
case "SHA-512WITHECDSA": algorithm = SHA512withECDSA; return(true);
case "SHA3-224WITHECDSA":
case "SHA-3-224WITHECDSA": algorithm = SHA3_224withECDSA; return(true);
case "SHA3-256WITHECDSA":
case "SHA-3-256WITHECDSA": algorithm = SHA3_256withECDSA; return(true);
case "SHA3-384WITHECDSA":
case "SHA-3-384WITHECDSA": algorithm = SHA3_384withECDSA; return(true);
case "SHA3-512WITHECDSA":
case "SHA-3-512WITHECDSA": algorithm = SHA3_512withECDSA; return(true);
case "MD2WITHRSA": algorithm = MD2withRSA; return(true);
case "MD5WITHRSA": algorithm = MD5withRSA; return(true);
case "RIPEMD128WITHRSA":
case "RIPEMD-128WITHRSA": algorithm = RIPEMD128withRSA; return(true);
case "RIPEMD160WITHRSA":
case "RIPEMD-160WITHRSA": algorithm = RIPEMD160withRSA; return(true);
case "RIPEMD256WITHRSA":
case "RIPEMD-256WITHRSA": algorithm = RIPEMD256withRSA; return(true);
case "SHA1WITHRSA":
case "SHA-1WITHRSA": algorithm = SHA1withRSA; return(true);
case "SHA224WITHRSA":
case "SHA-224WITHRSA": algorithm = SHA224withRSA; return(true);
case "SHA256WITHRSA":
case "SHA-256WITHRSA": algorithm = SHA256withRSA; return(true);
case "SHA384WITHRSA":
case "SHA-384WITHRSA": algorithm = SHA384withRSA; return(true);
case "SHA512WITHRSA":
case "SHA-512WITHRSA": algorithm = SHA512withRSA; return(true);
case "SHA3-224WITHRSA":
case "SHA-3-224WITHRSA": algorithm = SHA3_224withRSA; return(true);
case "SHA3-256WITHRSA":
case "SHA-3-256WITHRSA": algorithm = SHA3_256withRSA; return(true);
case "SHA3-384WITHRSA":
case "SHA-3-384WITHRSA": algorithm = SHA3_384withRSA; return(true);
case "SHA3-512WITHRSA":
case "SHA-3-512WITHRSA": algorithm = SHA3_512withRSA; return(true);
case "SHA1WITHRSAANDMGF1":
case "SHA-1WITHRSAANDMGF1": algorithm = PSSwithRSA; return(true);
case "SHA256WITHSM2":
case "SHA-256WITHSM2": algorithm = SHA256withSM2; return(true);
case "SM3WITHSM2": algorithm = SM3withSM2; return(true);
default: break;
}
string prefix;
string suffix;
int index = mechanism.IndexOf("WITH");
if (index >= 0)
{
prefix = mechanism.Substring(0, index);
suffix = mechanism.Substring(index + 4, mechanism.Length - index - 4);
}
else
{
prefix = string.Empty;
suffix = mechanism;
}
if (suffix == "ELGAMAL")
{
algorithm = null;
return(false);
}
if (HashAlgorithmHelper.TryGetAlgorithm(prefix, out IHashAlgorithm hashAlgorithm))
{
switch (suffix)
{
case "CVC-ECDSA": algorithm = new CVC_ECDSA(hashAlgorithm); return(true);
case "DSA": algorithm = new DSA(hashAlgorithm); return(true);
case "ECDSA": algorithm = new ECDSA(hashAlgorithm); return(true);
case "ECGOST3410":
case "ECGOST3410-2001":
case "ECGOST-3410":
case "ECGOST-3410-2001": algorithm = new ECGOST3410(hashAlgorithm); return(true);
case "ECNR": algorithm = new ECNR(hashAlgorithm); return(true);
case "GOST3410":
case "GOST3410-94":
case "GOST-3410":
case "GOST-3410-94": algorithm = new GOST3410(hashAlgorithm); return(true);
case "PLAIN-ECDSA": algorithm = new PLAIN_ECDSA(hashAlgorithm); return(true);
case "RSA": algorithm = new RSA(hashAlgorithm); return(true);
case "ISO9796-2":
case "RSA/ISO9796-2":
case "RSAANDISO9796-2": algorithm = new RSAandISO9796_2(hashAlgorithm); return(true);
case "RSAANDMGF1": algorithm = new RSAandMGF1(hashAlgorithm); return(true);
case "RSA/X9.31":
case "RSA/X931":
case "RSAANDX931":
case "RSAANDX9.31": algorithm = new RSAandX931(hashAlgorithm); return(true);
case "SM2": algorithm = new SM2(hashAlgorithm); return(true);
default: break;
}
}
algorithm = null;
return(false);
}
public Client(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, TimeSpan nonceLifetime, params Claim[] claims) : this(id, name, signatureAlgorithm, nonceLifetime, DefaultClockSkew, claims)
{
}
public void SetUp()
{
_signer = new RsaSignatureAlgorithm(_keys);
_verifier = new RsaSignatureAlgorithm(_publicKey);
}
/// <summary>
/// Creates instance of IssuerInformation using specified <see cref="ISignatureAlgorithm"/> and Issuername
/// </summary>
/// <param name="issuerName">Name of issuer. Suggested FQDN.</param>
/// <param name="issuerAlgorithm">Algorithm issuer use to sign files</param>
public IssuerInformation(string issuerName, ISignatureAlgorithm issuerAlgorithm)
{
IssuerName = issuerName;
IssuerAlgorithm = issuerAlgorithm;
}
/// <summary>
/// Initializes <see cref="SignatureProvider"/> with default algorithm
/// </summary>
/// <param name="defaultSignatureAlgorithm">When no algorithm for issuer specified, check with provided one</param>
public SignatureProvider(ISignatureAlgorithm defaultSignatureAlgorithm)
{
_defaultSignatureAlgorithm = defaultSignatureAlgorithm;
}
public Dispose()
{
_signatureAlgorithm = A.Fake <ISignatureAlgorithm>();
_signingSettings.SignatureAlgorithm = _signatureAlgorithm;
}
public Client(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, TimeSpan nonceLifetime, params Claim[] claims)
: this(id, name, signatureAlgorithm, new ClientOptions {
NonceLifetime = nonceLifetime, Claims = claims
})
{
}
/// <summary>
/// Creates instance of IssuerInformation using specified <see cref="ISignatureAlgorithm"/> and Issuername
/// </summary>
/// <param name="issuerName">Name of issuer. Suggested FQDN.</param>
/// <param name="issuerAlgorithm">Algorithm issuer use to sign files</param>
public IssuerInformation(string issuerName, ISignatureAlgorithm issuerAlgorithm)
{
IssuerName = issuerName;
IssuerAlgorithm = issuerAlgorithm;
}
public Client(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, params Claim[] claims) : this(id, name, signatureAlgorithm, DefaultNonceLifetime, claims)
{
}
public IHttpMessageSigningBuilder UseSignatureAlgorithm(ISignatureAlgorithm signatureAlgorithm)
{
_signingSettings.SignatureAlgorithm = signatureAlgorithm ?? throw new ArgumentNullException(nameof(signatureAlgorithm));
return(this);
}
/// <summary>
/// Initializes <see cref="SignatureProvider"/> with default algorithm
/// </summary>
/// <param name="defaultSignatureAlgorithm">When no algorithm for issuer specified, check with provided one</param>
public SignatureProvider(ISignatureAlgorithm defaultSignatureAlgorithm)
{
_defaultSignatureAlgorithm = defaultSignatureAlgorithm;
}
public InheritedClient(KeyId id, string name, ISignatureAlgorithm signatureAlgorithm, TimeSpan nonceLifetime, TimeSpan clockSkew) : base(id, name, signatureAlgorithm, nonceLifetime, clockSkew)
{
}
