/// <summary>
/// Returns a <see cref="SignatureProvider"/> instance supports the <see cref="SecurityKey"/> and algorithm.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> to use for signing.</param>
/// <param name="algorithm">The algorithm to use for verifying.</param>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception>
/// <exception cref="ArgumentOutOfRangeException"><see cref="AsymmetricSecurityKey"/> is too small.</exception>
/// <exception cref="ArgumentOutOfRangeException"><see cref="SymmetricSecurityKey"/> is too small.</exception>
/// <exception cref="ArgumentException"><see cref="SecurityKey"/>' is not a <see cref="AsymmetricSecurityKey"/> or a <see cref="SymmetricSecurityKey"/>.</exception>
/// <remarks>When finished with the <see cref="SignatureProvider"/> call <see cref="ReleaseSignatureProvider(SignatureProvider)"/>.</remarks>
public virtual SignatureProvider CreateForVerifying(SecurityKey key, string algorithm)
{
return(CreateSignatureProvider(key, algorithm, false));
}
private SignatureProvider CreateSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
{
if (key == null)
{
throw LogHelper.LogArgumentNullException(nameof(key));
}
if (string.IsNullOrEmpty(algorithm))
{
throw LogHelper.LogArgumentNullException(nameof(algorithm));
}
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key, willCreateSignatures))
{
SignatureProvider signatureProvider = CustomCryptoProvider.Create(algorithm, key, willCreateSignatures) as SignatureProvider;
if (signatureProvider == null)
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, LogMessages.IDX10646, algorithm, key, typeof(SignatureProvider))));
}
return(signatureProvider);
}
if (!IsSupportedAlgorithm(algorithm, key))
{
throw LogHelper.LogExceptionMessage(new ArgumentException(String.Format(CultureInfo.InvariantCulture, LogMessages.IDX10634, algorithm, key)));
}
AsymmetricSecurityKey asymmetricKey = key as AsymmetricSecurityKey;
if (asymmetricKey != null)
{
return(new AsymmetricSignatureProvider(asymmetricKey, algorithm, willCreateSignatures));
}
SymmetricSecurityKey symmetricKey = key as SymmetricSecurityKey;
if (symmetricKey != null)
{
return(new SymmetricSignatureProvider(symmetricKey, algorithm));
}
JsonWebKey jsonWebKey = key as JsonWebKey;
if (jsonWebKey != null)
{
if (jsonWebKey.Kty != null)
{
if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.RSA || jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.EllipticCurve)
{
return(new AsymmetricSignatureProvider(key, algorithm, willCreateSignatures));
}
if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.Octet)
{
return(new SymmetricSignatureProvider(key, algorithm));
}
}
}
// TODO improve this message. Nothing about JsonWebKey is mentioned.
throw LogHelper.LogExceptionMessage(new ArgumentException(String.Format(CultureInfo.InvariantCulture, LogMessages.IDX10600, typeof(SignatureProvider), typeof(SecurityKey), typeof(AsymmetricSecurityKey), typeof(SymmetricSecurityKey), key.GetType())));
}
/// <summary>
/// Creates a <see cref="SignatureProvider"/> that supports the <see cref="SecurityKey"/> and algorithm.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> to use for signing.</param>
/// <param name="algorithm">The algorithm to use for signing.</param>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception>
/// <exception cref="ArgumentOutOfRangeException"><see cref="AsymmetricSecurityKey"/>' is too small.</exception>
/// <exception cref="ArgumentOutOfRangeException"><see cref="SymmetricSecurityKey"/> is too small.</exception>
/// <exception cref="ArgumentException"><see cref="SecurityKey"/> is not a <see cref="AsymmetricSecurityKey"/> or a <see cref="SymmetricSecurityKey"/>.</exception>
/// <remarks>
/// AsymmetricSignatureProviders require access to a PrivateKey for Signing.
/// <para>When finished with the <see cref="SignatureProvider"/> call <see cref="ReleaseSignatureProvider(SignatureProvider)"/>.</para>
/// </remarks>
public virtual SignatureProvider CreateForSigning(SecurityKey key, string algorithm)
{
return(CreateSignatureProvider(key, algorithm, true));
}
/// <summary>
/// Creates an instance of <see cref="KeyWrapProvider"/> for a specific <SecurityKey, Algorithm>.
/// </summary>
/// <param name="key">the <see cref="SecurityKey"/> to use.</param>
/// <param name="algorithm">the algorithm to use.</param>
/// <returns>an instance of <see cref="KeyWrapProvider"/></returns>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception>
/// <exception cref="ArgumentException">If <see cref="SecurityKey"/> and algorithm pair are not supported.</exception>
/// <exception cref="ArgumentException">'key' is not a <see cref="SymmetricSecurityKey"/>.</exception>
/// <remarks>
/// <para>When finished with the <see cref="KeyWrapProvider"/> call <see cref="ReleaseKeyWrapProvider(KeyWrapProvider)"/>.</para>
/// </remarks>
public virtual KeyWrapProvider CreateKeyWrapProvider(SecurityKey key, string algorithm)
{
return(CreateKeyWrapProvider(key, algorithm, false));
}
/// <summary>
/// Creates an instance of <see cref="AuthenticatedEncryptionProvider"/> for a specific <SecurityKey, Algorithm>.
/// </summary>
/// <param name="key">the <see cref="SecurityKey"/> to use.</param>
/// <param name="algorithm">the algorithm to use.</param>
/// <returns>an instance of <see cref="AuthenticatedEncryptionProvider"/></returns>
/// <exception cref="ArgumentNullException">'key' is null.</exception>
/// <exception cref="ArgumentNullException">'algorithm' is null or empty.</exception>
/// <exception cref="ArgumentException">'key' is not a <see cref="SymmetricSecurityKey"/>.</exception>
/// <exception cref="ArgumentException">'algorithm, key' pair is not supported.</exception>
public virtual AuthenticatedEncryptionProvider CreateAuthenticatedEncryptionProvider(SecurityKey key, string algorithm)
{
if (key == null)
{
throw LogHelper.LogArgumentNullException(nameof(key));
}
if (string.IsNullOrEmpty(algorithm))
{
throw LogHelper.LogArgumentNullException(nameof(algorithm));
}
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key))
{
var cryptoProvider = CustomCryptoProvider.Create(algorithm, key) as AuthenticatedEncryptionProvider;
if (cryptoProvider == null)
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, LogMessages.IDX10646, algorithm, key, typeof(AuthenticatedEncryptionProvider))));
}
return(cryptoProvider);
}
if (IsSupportedAuthenticatedEncryptionAlgorithm(algorithm, key))
{
return(new AuthenticatedEncryptionProvider(key, algorithm));
}
throw LogHelper.LogExceptionMessage(new ArgumentException(nameof(algorithm), string.Format(CultureInfo.InvariantCulture, LogMessages.IDX10652, algorithm)));
}
/// <summary>
/// Checks if an 'algorithm, key' pair is supported.
/// </summary>
/// <param name="algorithm">the algorithm to check.</param>
/// <param name="key">the <see cref="SecurityKey"/>.</param>
/// <returns>true if 'algorithm, key' pair is supported.</returns>
public virtual bool IsSupportedAlgorithm(string algorithm, SecurityKey key)
{
if (CustomCryptoProvider != null && CustomCryptoProvider.IsSupportedAlgorithm(algorithm, key))
{
return(true);
}
if (key as RsaSecurityKey != null)
{
return(IsRsaAlgorithmSupported(algorithm));
}
var x509Key = key as X509SecurityKey;
if (x509Key != null)
{
#if NETSTANDARD1_4
if (x509Key.PublicKey as RSA == null)
{
return(false);
}
#else
if (x509Key.PublicKey as RSACryptoServiceProvider == null)
{
return(false);
}
#endif
return(IsRsaAlgorithmSupported(algorithm));
}
JsonWebKey jsonWebKey = key as JsonWebKey;
if (jsonWebKey != null)
{
if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.RSA)
{
return(IsRsaAlgorithmSupported(algorithm));
}
else if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.EllipticCurve)
{
return(IsEcdsaAlgorithmSupported(algorithm));
}
else if (jsonWebKey.Kty == JsonWebAlgorithmsKeyTypes.Octet)
{
return(IsSymmetricAlgorithmSupported(algorithm));
}
return(false);
}
ECDsaSecurityKey ecdsaSecurityKey = key as ECDsaSecurityKey;
if (ecdsaSecurityKey != null)
{
return(IsEcdsaAlgorithmSupported(algorithm));
}
if (key as SymmetricSecurityKey != null)
{
return(IsSymmetricAlgorithmSupported(algorithm));
}
return(false);
}
/// <summary>
/// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> that will be used for signature operations.<see cref="SecurityKey"/></param>
/// <param name="algorithm">The signature algorithm to apply.</param>
public AsymmetricSignatureProvider(SecurityKey key, string algorithm)
: this(key, algorithm, false)
{
}
