internal Sender(LocalParty local, TrustedParty audience, ISignAlgorithm a, KeyBase?k, DateTime expires)
{
Debug.Assert((a.AlgorithmId == SignatureAlgorithmId.None) == (k == null));
_algo = a;
_key = k;
_local = local;
Audience = audience;
DataExpiration = expires;
}
public async ValueTask <ISender> CreateSenderAsync(IActivityMonitor monitor,
TrustedParty audience,
ISignAlgorithm algorithm,
TimeSpan validity,
bool encrypt = false,
uint maxUseCount = 0)
{
Throw.CheckNotNullArgument(monitor);
Throw.CheckNotNullArgument(audience);
Throw.CheckNotNullArgument(algorithm);
Throw.CheckArgument(validity >= Configuration.MinSignatureLifetime && validity <= Configuration.MaxSignatureLifetime);
var bestBefore = _appClock.Clock.UtcNow + validity;
var key = algorithm.KeyRequirement != null
? await ResolveOutgoingKeyAsync(monitor, audience, algorithm.KeyRequirement, bestBefore, maxUseCount)
: null;
return(new Sender(this, audience, algorithm, key, bestBefore));
}
async ValueTask <KeyBase> ResolveOutgoingKeyAsync(IActivityMonitor monitor,
TrustedParty p,
KeyRequirement keyRequirement,
DateTime bestBefore,
uint maxUseCount)
{
Debug.Assert(monitor != null && p != null && keyRequirement != null);
if (keyRequirement.KeyType != KeyType.Oct)
{
Throw.NotSupportedException("Only symmetric keys are currently supported.");
}
Debug.Assert(keyRequirement.KeyType == KeyType.Oct && keyRequirement.KeySizeInBits != null);
var remote = p as RemoteParty;
var key = await p.SymmetricKeys.FindOrCreateKeyAsync(monitor, keyRequirement, bestBefore, maxUseCount, remote == null);
if (key != null)
{
return(key);
}
Debug.Assert(remote != null, "If remote was null, a local symmetric key has been created.");
return(CreateSymmetricKeyFromExchangeAsync(monitor, remote, keyRequirement.Operations, keyRequirement.KeySizeInBits.Value, bestBefore, maxUseCount, null));
}
public ValueTask <ISender> CreateSenderAsync(IActivityMonitor monitor, TrustedParty audience, TimeSpan validity, bool encrypt = false) => CreateSenderAsync(monitor, audience, audience.Configuration.OutgoingSignatureAlgorithm, validity, encrypt);