internal static AsymmetricSignatureFormatter GetSignatureFormatterForSha256(AsymmetricSecurityKey key)
{
AsymmetricAlgorithm asymmetricAlgorithm = key.GetAsymmetricAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", true);
RSACryptoServiceProvider rsaProvider = asymmetricAlgorithm as RSACryptoServiceProvider;
if (rsaProvider != null)
{
return(GetSignatureFormatterForSha256(rsaProvider));
}
return((AsymmetricSignatureFormatter) new RSAPKCS1SignatureFormatter(asymmetricAlgorithm));
}
private static SignatureProvider CreateProvider(
SecurityKey key,
string algorithm,
bool willCreateSignatures)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (algorithm == null)
{
throw new ArgumentNullException(nameof(algorithm));
}
if (string.IsNullOrWhiteSpace(algorithm))
{
throw new ArgumentException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10002: The parameter '{0}' cannot be 'null' or a string containing only whitespace.", (object)"algorithm "));
}
AsymmetricSecurityKey key1 = key as AsymmetricSecurityKey;
if (key1 != null)
{
if (willCreateSignatures && key1.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning)
{
throw new ArgumentOutOfRangeException("key.KeySize", (object)key1.KeySize, string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10630: The '{0}' for signing cannot be smaller than '{1}' bits.", (object)key.GetType(), (object)SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning));
}
if (key1.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying)
{
throw new ArgumentOutOfRangeException("key.KeySize", (object)key1.KeySize, string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10631: The '{0}' for verifying cannot be smaller than '{1}' bits.", (object)key.GetType(), (object)SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying));
}
return((SignatureProvider) new AsymmetricSignatureProvider(key1, algorithm, willCreateSignatures));
}
SymmetricSecurityKey key2 = key as SymmetricSecurityKey;
if (key2 != null)
{
if (key2.KeySize < SignatureProviderFactory.MinimumSymmetricKeySizeInBits)
{
throw new ArgumentOutOfRangeException("key.KeySize", (object)key.KeySize, string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10603: The '{0}' cannot have less than: '{1}' bits.", (object)key.GetType(), (object)SignatureProviderFactory.MinimumSymmetricKeySizeInBits));
}
return((SignatureProvider) new SymmetricSignatureProvider(key2, algorithm));
}
throw new ArgumentException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10600: '{0}' supports: '{1}' of types: '{2}' or '{3}'. SecurityKey received was of type: '{4}'.", (object)typeof(SignatureProvider).ToString(), (object)typeof(SecurityKey), (object)typeof(AsymmetricSecurityKey), (object)typeof(SymmetricSecurityKey), (object)key.GetType()));
}
/// <summary>
/// Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider" /> class used to create and verify signatures.
/// </summary>
/// <param name="key">
/// The <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" /> that will be used for cryptographic operations.
/// </param>
/// <param name="algorithm">The signature algorithm to apply.</param>
/// <param name="willCreateSignatures">
/// If this <see cref="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider" /> is required to create signatures then set this to true.
/// <para>
/// Creating signatures requires that the <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" /> has access to a private key.
/// Verifying signatures (the default), does not require access to the private key.
/// </para>
/// </param>
/// <exception cref="T:System.ArgumentNullException">
/// 'key' is null.
/// </exception>
/// <exception cref="T:System.ArgumentNullException">
/// 'algorithm' is null.
/// </exception>
/// <exception cref="T:System.ArgumentException">
/// 'algorithm' contains only whitespace.
/// </exception>
/// <exception cref="T:System.ArgumentOutOfRangeException">
/// willCreateSignatures is true and <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" />.KeySize is less than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning" />.
/// </exception>
/// <exception cref="T:System.ArgumentOutOfRangeException">
/// <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" />.KeySize is less than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying" />. Note: this is always checked.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetHashAlgorithmForSignature(System.String)" /> throws.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetHashAlgorithmForSignature(System.String)" /> returns null.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureFormatter(System.String)" /> throws.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureFormatter(System.String)" /> returns null.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureDeformatter(System.String)" /> throws.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureDeformatter(System.String)" /> returns null.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.Security.Cryptography.AsymmetricSignatureFormatter.SetHashAlgorithm(System.String)" /> throws.
/// </exception>
/// <exception cref="T:System.InvalidOperationException">
/// Is thrown if the <see cref="M:System.Security.Cryptography.AsymmetricSignatureDeformatter.SetHashAlgorithm(System.String)" /> throws.
/// </exception>
public AsymmetricSignatureProvider(
AsymmetricSecurityKey key,
string algorithm,
bool willCreateSignatures = false)
{
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (algorithm == null)
{
throw new ArgumentNullException(nameof(algorithm));
}
if (string.IsNullOrWhiteSpace(algorithm))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, "IDX10002: The parameter '{0}' cannot be 'null' or a string containing only whitespace.", nameof(algorithm)));
}
if (willCreateSignatures && key.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning)
{
throw new ArgumentOutOfRangeException(nameof(key), key.KeySize, string.Format(CultureInfo.InvariantCulture, "IDX10631: The '{0}' for verifying cannot be smaller than '{1}' bits.", key.GetType(), SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning));
}
if (key.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying)
{
throw new ArgumentOutOfRangeException(nameof(key), key.KeySize, string.Format(CultureInfo.InvariantCulture, "IDX10630: The '{0}' for signing cannot be smaller than '{1}' bits.", key.GetType(), SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying));
}
try
{
hash = key.GetHashAlgorithmForSignature(algorithm);
}
catch (Exception ex)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10618: AsymmetricSecurityKey.GetHashAlgorithmForSignature( '{0}' ) threw an exception.\nAsymmetricSecurityKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.\nException: '{2}'.", algorithm, key.ToString(), ex), ex);
}
if (hash == null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10611: AsymmetricSecurityKey.GetHashAlgorithmForSignature( '{0}' ) returned null.\nKey: '{1}'\nSignatureAlgorithm: '{0}'", algorithm, key.ToString()));
}
if (willCreateSignatures)
{
try
{
formatter = key.GetSignatureFormatter(algorithm);
formatter?.SetHashAlgorithm(hash.GetType().ToString());
}
catch (Exception ex)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10614: AsymmetricSecurityKey.GetSignatureFormater( '{0}' ) threw an exception.\nKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.\nException:'{2}'.\nIf you only need to verify signatures the parameter 'willBeUseForSigning' should be false if the private key is not be available.", algorithm, key.ToString(), ex), ex);
}
if (formatter == null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10615: AsymmetricSecurityKey.GetSignatureFormater( '{0}' ) returned null.\nKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.", algorithm, key.ToString()));
}
}
try
{
deformatter = key.GetSignatureDeformatter(algorithm);
deformatter?.SetHashAlgorithm(hash.GetType().ToString());
}
catch (Exception ex)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10616: AsymmetricSecurityKey.GetSignatureDeformatter( '{0}' ) threw an exception.\nKey: '{1}'\nSignatureAlgorithm: '{0}, check to make sure the SignatureAlgorithm is supported.'\nException:'{2}'.", algorithm, key.ToString(), ex), ex);
}
if (deformatter == null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10617: AsymmetricSecurityKey.GetSignatureDeFormater( '{0}' ) returned null.\nKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.", algorithm, key.ToString()));
}
}
