internal byte[] SignDigest(byte[] digest, HashAlgorithmName hashAlgorithm, KeyVaultSignatureAlgorithm signatureAlgorithm) { var algorithm = SignatureAlgorithmTranslator.SignatureAlgorithmToJwsAlgId(signatureAlgorithm, hashAlgorithm); if (hashAlgorithm == HashAlgorithmName.SHA1) { if (signatureAlgorithm != KeyVaultSignatureAlgorithm.RSAPkcs15) { throw new InvalidOperationException("SHA1 algorithm is not supported for this signature algorithm."); } digest = Sha1Helper.CreateDigest(digest); } var sigResult = cryptographyClient.Sign(algorithm, digest); return(sigResult.Signature); }
public static SignatureAlgorithm SignatureAlgorithmToJwsAlgId(KeyVaultSignatureAlgorithm signatureAlgorithm, HashAlgorithmName hashAlgorithmName) { if (signatureAlgorithm == KeyVaultSignatureAlgorithm.RSAPkcs15) { if (hashAlgorithmName == HashAlgorithmName.SHA1) { return(new SignatureAlgorithm("RSNULL")); } if (hashAlgorithmName == HashAlgorithmName.SHA256) { return(SignatureAlgorithm.RS256); } if (hashAlgorithmName == HashAlgorithmName.SHA384) { return(SignatureAlgorithm.RS384); } if (hashAlgorithmName == HashAlgorithmName.SHA512) { return(SignatureAlgorithm.RS512); } } else if (signatureAlgorithm == KeyVaultSignatureAlgorithm.ECDsa) { if (hashAlgorithmName == HashAlgorithmName.SHA256) { return(SignatureAlgorithm.ES256); } if (hashAlgorithmName == HashAlgorithmName.SHA384) { return(SignatureAlgorithm.ES384); } if (hashAlgorithmName == HashAlgorithmName.SHA512) { return(SignatureAlgorithm.ES512); } } throw new NotSupportedException("The algorithm specified is not supported."); }