internal DnssecEcdsaPrivateKey(DnssecAlgorithm algorithm, DnssecPrivateKeyType keyType, ECParameters ecdsaPrivateKey)
: base(algorithm, keyType)
{
_ecdsaPrivateKey = ecdsaPrivateKey;
InitDnsKey();
}
public static DnssecPrivateKey Parse(BinaryReader bR)
{
if (Encoding.ASCII.GetString(bR.ReadBytes(2)) != "DK")
{
throw new InvalidDataException("DNSSEC private key format is invalid.");
}
int version = bR.ReadByte();
switch (version)
{
case 1:
DnssecAlgorithm algorithm = (DnssecAlgorithm)bR.ReadByte();
switch (algorithm)
{
case DnssecAlgorithm.RSAMD5:
case DnssecAlgorithm.RSASHA1:
case DnssecAlgorithm.RSASHA1_NSEC3_SHA1:
case DnssecAlgorithm.RSASHA256:
case DnssecAlgorithm.RSASHA512:
return(new DnssecRsaPrivateKey(algorithm, bR));
case DnssecAlgorithm.ECDSAP256SHA256:
case DnssecAlgorithm.ECDSAP384SHA384:
return(new DnssecEcdsaPrivateKey(algorithm, bR));
default:
throw new NotSupportedException("DNSSEC algorithm is not supported: " + algorithm.ToString());
}
default:
throw new InvalidDataException("DNSSEC private key version not supported: " + version);
}
}
public static DnssecPrivateKey Create(DnssecAlgorithm algorithm, DnssecPrivateKeyType keyType, int keySize = -1)
{
switch (algorithm)
{
case DnssecAlgorithm.RSAMD5:
case DnssecAlgorithm.RSASHA1:
case DnssecAlgorithm.RSASHA1_NSEC3_SHA1:
case DnssecAlgorithm.RSASHA256:
case DnssecAlgorithm.RSASHA512:
if ((keySize < 1024) || (keySize > 4096))
{
throw new ArgumentOutOfRangeException(nameof(keySize), "Valid RSA key size range is between 1024-4096 bits.");
}
using (RSA rsa = RSA.Create(keySize))
{
return(new DnssecRsaPrivateKey(algorithm, keyType, keySize, rsa.ExportParameters(true)));
}
case DnssecAlgorithm.ECDSAP256SHA256:
using (ECDsa ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256))
{
return(new DnssecEcdsaPrivateKey(algorithm, keyType, ecdsa.ExportParameters(true)));
}
case DnssecAlgorithm.ECDSAP384SHA384:
using (ECDsa ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP384))
{
return(new DnssecEcdsaPrivateKey(algorithm, keyType, ecdsa.ExportParameters(true)));
}
default:
throw new NotSupportedException("DNSSEC algorithm is not supported: " + algorithm.ToString());
}
}
protected DnssecPrivateKey(DnssecAlgorithm algorithm, DnssecPrivateKeyType keyType)
{
_algorithm = algorithm;
_keyType = keyType;
_state = DnssecPrivateKeyState.Generated;
_stateChangedOn = DateTime.UtcNow;
}
internal DnssecRsaPrivateKey(DnssecAlgorithm algorithm, DnssecPrivateKeyType keyType, int keySize, RSAParameters rsaPrivateKey)
: base(algorithm, keyType)
{
_keySize = keySize;
_rsaPrivateKey = rsaPrivateKey;
_hashAlgorithm = DnsRRSIGRecordData.GetHashAlgorithmName(algorithm);
InitDnsKey();
}
protected DnssecPrivateKey(DnssecAlgorithm algorithm, BinaryReader bR)
{
_algorithm = algorithm;
_keyType = (DnssecPrivateKeyType)bR.ReadByte();
_state = (DnssecPrivateKeyState)bR.ReadByte();
_stateChangedOn = DateTime.UnixEpoch.AddSeconds(bR.ReadInt64());
_isRetiring = bR.ReadBoolean();
_rolloverDays = bR.ReadUInt16();
ReadPrivateKeyFrom(bR);
}
internal DnssecRsaPrivateKey(DnssecAlgorithm algorithm, BinaryReader bR)
: base(algorithm, bR)
{
_hashAlgorithm = DnsRRSIGRecordData.GetHashAlgorithmName(algorithm);
InitDnsKey();
}
internal DnssecEcdsaPrivateKey(DnssecAlgorithm algorithm, BinaryReader bR)
: base(algorithm, bR)
{
InitDnsKey();
}
