public RsaSigner(RsaJwk key, SignatureAlgorithm algorithm) : base(algorithm) { if (key is null) { ThrowHelper.ThrowArgumentNullException(ExceptionArgument.key); } if (!key.SupportSignature(algorithm)) { ThrowHelper.ThrowNotSupportedException_SignatureAlgorithm(algorithm, key); } if (key.HasPrivateKey) { if (key.KeySizeInBits < 2048) { ThrowHelper.ThrowArgumentOutOfRangeException_SigningKeyTooSmall(key, 2048); } _canOnlyVerify = false; } else { if (key.KeySizeInBits < 1024) { ThrowHelper.ThrowArgumentOutOfRangeException_SigningKeyTooSmall(key, 1024); } _canOnlyVerify = true; } _hashAlgorithm = algorithm.HashAlgorithm; switch (algorithm.Id) { case Algorithms.RsaSha256: case Algorithms.RsaSha384: case Algorithms.RsaSha512: _signaturePadding = RSASignaturePadding.Pkcs1; break; case Algorithms.RsaSsaPssSha256: case Algorithms.RsaSsaPssSha384: case Algorithms.RsaSsaPssSha512: _signaturePadding = RSASignaturePadding.Pss; break; default: ThrowHelper.ThrowNotSupportedException_Algorithm(algorithm.Name); _signaturePadding = RSASignaturePadding.Pkcs1; break; } _hashSizeInBytes = key.KeySizeInBits >> 3; _base64HashSizeInBytes = Base64Url.GetArraySizeRequiredToEncode(_hashSizeInBytes); _rsaPool = new ObjectPool <RSA>(new RsaObjectPoolPolicy(key.ExportParameters())); }