public Signer(JWK key, string algorithm = null)
{
if (algorithm != null)
{
AddAttribute("alg", algorithm, UNPROTECTED);
}
if (key.ContainsName("kid"))
{
AddAttribute("kid", key.AsString("kid"), UNPROTECTED);
}
if (key.ContainsName("use"))
{
string usage = key.AsString("use");
if (usage != "sig")
{
throw new JoseException("Key cannot be used for encrytion");
}
}
#if false
if (key.ContainsName("key_ops"))
{
JSON usageObject = key ["key_ops"];
bool validUsage = false;
if (usageObject.Type != CBORType.Array)
{
throw new Exception("key_ops is incorrectly formed");
}
for (int i = 0; i < usageObject.Count; i++)
{
switch (usageObject[i].AsString())
{
case "encrypt":
case "keywrap":
validUsage = true;
break;
}
}
string usage = key.AsString("key_ops");
if (!validUsage)
{
throw new Exception("Key cannot be used for encryption");
}
}
#endif
keyToSign = key;
}
public Recipient(JWK key, string algorithm = null, EncryptMessage msg = null)
{
if (algorithm == null && key.ContainsName("alg"))
{
algorithm = key.AsString("alg");
}
if (algorithm != null)
{
switch (algorithm)
{
case "dir": // Direct encryption mode
case "A128GCM":
case "A192GCM":
case "A256GCM":
if (key.AsString("kty") != "oct")
{
throw new JoseException("Invalid parameters");
}
RecipientType = RecipientType.Direct;
algorithm = "dir";
break;
case "ECDH-ES":
#if DEBUG
case "ECDH-SS":
#endif // DEBUG
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
throw new JoseException("Invalid Parameters");
}
RecipientType = RecipientType.KeyAgreeDirect;
break;
case "RSA1_5":
case "RSA-OAEP":
case "RSA-OAEP-256":
if (key.AsString("kty") != "RSA")
{
throw new JoseException("Invalid Parameter");
}
RecipientType = RecipientType.KeyTransport;
break;
case "A128KW":
case "A192KW":
case "A256KW":
case "A128GCMKW":
case "A192GCMKW":
case "A256GCMKW":
if (key.AsString("kty") != "oct")
{
throw new JoseException("Invalid Parameter");
}
RecipientType = RecipientType.KeyWrap;
break;
case "ECDH-ES+A128KW":
case "ECDH-ES+A192KW":
case "ECDH-ES+A256KW":
if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP"))
{
throw new JoseException("Invalid Parameter");
}
RecipientType = RecipientType.KeyAgree;
break;
case "PBES2-HS256+A128KW":
case "PBES2-HS384+A192KW":
case "PBES2-HS512+A256KW":
if (key.AsString("kty") != "oct")
{
throw new JoseException("Invalid Parameter");
}
RecipientType = RecipientType.Password;
break;
default:
throw new JoseException("Unrecognized recipient algorithm");
}
_mKey = key;
if (FindAttr("alg", msg) == null)
{
AddAttribute("alg", algorithm, UNPROTECTED);
}
}
else
{
switch (key.AsString("kty"))
{
case "oct":
RecipientType = RecipientType.KeyWrap;
switch (key.AsBytes("k").Length)
{
case 128 / 8:
algorithm = "A128KW";
break;
case 192 / 8:
algorithm = "A192KW";
break;
case 256 / 8:
algorithm = "A256KW";
break;
default:
throw new JoseException("Key size does not match any algorthms");
}
break;
case "RSA":
RecipientType = RecipientType.KeyTransport;
algorithm = "RSA-OAEP-256";
break;
case "EC":
RecipientType = RecipientType.KeyAgree;
algorithm = "ECDH-ES+A128KW";
break;
}
if (FindAttr("alg", msg) == null)
{
AddAttribute("alg", algorithm, UNPROTECTED);
}
_mKey = key;
}
if (key.ContainsName("use"))
{
string usage = key.AsString("use");
if (usage != "enc")
{
throw new JoseException("Key cannot be used for encrytion");
}
}
if (key.ContainsName("key_ops"))
{
string usageObject = key.AsString("key_ops");
bool validUsage = false;
string[] usageArray = usageObject.Split(',');
for (int i = 0; i < usageArray.Length; i++)
{
switch (usageArray[i])
{
case "encrypt":
case "keywrap":
validUsage = true;
break;
}
}
if (!validUsage)
{
throw new JoseException("Key cannot be used for encryption");
}
}
if (key.ContainsName("kid") && (FindAttr("kid", msg) == null))
{
AddAttribute("kid", key.AsString("kid"), UNPROTECTED);
}
}