public RsaSigner(RsaJwk key, SignatureAlgorithm algorithm)
: base(algorithm)
{
if (key is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.key);
}
if (!key.SupportSignature(algorithm))
{
ThrowHelper.ThrowNotSupportedException_SignatureAlgorithm(algorithm, key);
}
if (key.HasPrivateKey)
{
if (key.KeySizeInBits < 2048)
{
ThrowHelper.ThrowArgumentOutOfRangeException_SigningKeyTooSmall(key, 2048);
}
_canOnlyVerify = false;
}
else
{
if (key.KeySizeInBits < 1024)
{
ThrowHelper.ThrowArgumentOutOfRangeException_SigningKeyTooSmall(key, 1024);
}
_canOnlyVerify = true;
}
_hashAlgorithm = algorithm.HashAlgorithm;
switch (algorithm.Id)
{
case Algorithms.RsaSha256:
case Algorithms.RsaSha384:
case Algorithms.RsaSha512:
_signaturePadding = RSASignaturePadding.Pkcs1;
break;
case Algorithms.RsaSsaPssSha256:
case Algorithms.RsaSsaPssSha384:
case Algorithms.RsaSsaPssSha512:
_signaturePadding = RSASignaturePadding.Pss;
break;
default:
ThrowHelper.ThrowNotSupportedException_Algorithm(algorithm.Name);
_signaturePadding = RSASignaturePadding.Pkcs1;
break;
}
_hashSizeInBytes = key.KeySizeInBits >> 3;
_base64HashSizeInBytes = Base64Url.GetArraySizeRequiredToEncode(_hashSizeInBytes);
_rsaPool = new ObjectPool <RSA>(new RsaObjectPoolPolicy(key.ExportParameters()));
}
