public virtual AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter deformatter = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(this._strDeformatter);
deformatter.SetKey(key);
return(deformatter);
}
public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter item = base.CreateDeformatter(key);
item.SetHashAlgorithm(_hashAlgorithm);
return(item);
}
// Token: 0x060023A2 RID: 9122 RVA: 0x00081F7C File Offset: 0x0008017C
public sealed override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = base.CreateDeformatter(key);
asymmetricSignatureDeformatter.SetHashAlgorithm(this._hashAlgorithm);
return(asymmetricSignatureDeformatter);
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter item = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(DeformatterAlgorithm);
item.SetKey(key);
item.SetHashAlgorithm("SHA1");
return(item);
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
AsymmetricSignatureDeformatter deformatter = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(base.DeformatterAlgorithm);
deformatter.SetKey(key);
deformatter.SetHashAlgorithm("SHA1");
return(deformatter);
}
/// <summary>Creates an <see cref="T:System.Security.Cryptography.AsymmetricSignatureDeformatter" /> instance with the specified key using the <see cref="P:System.Security.Cryptography.SignatureDescription.DeformatterAlgorithm" /> property.</summary>
/// <returns>The newly created <see cref="T:System.Security.Cryptography.AsymmetricSignatureDeformatter" /> instance.</returns>
/// <param name="key">The key to use in the <see cref="T:System.Security.Cryptography.AsymmetricSignatureDeformatter" />. </param>
public virtual AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (this._DeformatterAlgorithm == null)
{
throw new ArgumentNullException("DeformatterAlgorithm");
}
AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(this._DeformatterAlgorithm);
if (this._KeyAlgorithm == null)
{
throw new NullReferenceException("KeyAlgorithm");
}
asymmetricSignatureDeformatter.SetKey(key);
return(asymmetricSignatureDeformatter);
}
public virtual AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (_DeformatterAlgorithm == null)
{
throw new ArgumentNullException("DeformatterAlgorithm");
}
// this should throw the InvalidCastException if we have an invalid class
// (but not if the class doesn't exist - as null is valid for AsymmetricSignatureDeformatter)
AsymmetricSignatureDeformatter def = (AsymmetricSignatureDeformatter)CryptoConfig.CreateFromName(_DeformatterAlgorithm);
if (_KeyAlgorithm == null)
{
throw new NullReferenceException("KeyAlgorithm");
}
def.SetKey(key);
return(def);
}
/// <summary>
/// Wrapper that verifies the signature for SHA256 taking into consideration the special logic for FIPS compliance
/// </summary>
/// <param name="deformatter">the signature deformatter</param>
/// <param name="hash">the hash algorithm</param>
/// <param name="signatureValue">the byte array for the signature value</param>
/// <returns>true/false indicating if signature was verified or not</returns>
internal static bool VerifySignatureForSha256( AsymmetricSignatureDeformatter deformatter, HashAlgorithm hash, byte[] signatureValue )
{
if ( SecurityUtils.RequiresFipsCompliance )
{
//
// When FIPS is turned ON. We need to set the hash algorithm specifically
// else for SHA256 and FIPS turned ON, the underlying deformatter does not understand the
// OID for the hashing algorithm.
//
deformatter.SetHashAlgorithm( "SHA256" );
return deformatter.VerifySignature( hash.Hash, signatureValue );
}
else
{
return deformatter.VerifySignature( hash, signatureValue );
}
}
public FaultingAsymmetricSecurityKey(AsymmetricSecurityKey key = null, AsymmetricAlgorithm agorithm = null, AsymmetricSignatureDeformatter deformatter = null, AsymmetricSignatureFormatter formatter = null, HashAlgorithm hash = null, bool hasPrivateKey = false)
{
Key = key;
}
void VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, string signatureMethod)
{
this.Signature.SignedInfo.ComputeHash(hash);
bool result;
if (SecurityUtils.RequiresFipsCompliance && signatureMethod == SecurityAlgorithms.RsaSha256Signature)
{
// This is to avoid the RSAPKCS1SignatureFormatter.VerifySignature from using SHA256Managed (non-FIPS-Compliant).
// Hence we precompute the hash using SHA256CSP (FIPS compliant) and pass it to method.
// NOTE: RSAPKCS1SignatureFormatter does not understand SHA256CSP inherently and hence this workaround.
deformatter.SetHashAlgorithm("SHA256");
result = deformatter.VerifySignature(hash.Hash, GetSignatureValue());
}
else
{
result = deformatter.VerifySignature(hash, GetSignatureValue());
}
if (!result)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.GetString(SR.SignatureVerificationFailed)));
}
}
private void VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter, string signatureMethod)
{
bool flag;
this.Signature.SignedInfo.ComputeHash(hash);
if (System.IdentityModel.SecurityUtils.RequiresFipsCompliance && (signatureMethod == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"))
{
deformatter.SetHashAlgorithm("SHA256");
flag = deformatter.VerifySignature(hash.Hash, this.GetSignatureValue());
}
else
{
flag = deformatter.VerifySignature(hash, this.GetSignatureValue());
}
if (!flag)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(System.IdentityModel.SR.GetString("SignatureVerificationFailed")));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures.
/// </summary>
/// <param name="key">
/// The <see cref="AsymmetricSecurityKey"/> that will be used for cryptographic operations.
/// </param>
/// <param name="algorithm">
/// The signature algorithm to apply.
/// </param>
/// <param name="willCreateSignatures">
/// If this <see cref="AsymmetricSignatureProvider"/> is required to create signatures then set this to true.
/// <para>
/// Creating signatures requires that the <see cref="AsymmetricSecurityKey"/> has access to a private key.
/// Verifying signatures (the default), does not require access to the private key.
/// </para>
/// </param>
/// <exception cref="ArgumentNullException">
/// 'key' is null.
/// </exception>
/// <exception cref="ArgumentNullException">
/// 'algorithm' is null.
/// </exception>
/// <exception cref="ArgumentException">
/// 'algorithm' contains only whitespace.
/// </exception>
/// <exception cref="ArgumentOutOfRangeException">
/// willCreateSignatures is true and <see cref="AsymmetricSecurityKey"/>.KeySize is less than <see cref="SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning"/>.
/// </exception>
/// <exception cref="ArgumentOutOfRangeException">
/// <see cref="AsymmetricSecurityKey"/>.KeySize is less than <see cref="SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying"/>. Note: this is always checked.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSecurityKey.GetHashAlgorithmForSignature"/> throws.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSecurityKey.GetHashAlgorithmForSignature"/> returns null.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSecurityKey.GetSignatureFormatter"/> throws.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSecurityKey.GetSignatureFormatter"/> returns null.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSecurityKey.GetSignatureDeformatter"/> throws.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSecurityKey.GetSignatureDeformatter"/> returns null.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSignatureFormatter.SetHashAlgorithm"/> throws.
/// </exception>
/// <exception cref="InvalidOperationException">
/// Is thrown if the <see cref="AsymmetricSignatureDeformatter.SetHashAlgorithm"/> throws.
/// </exception>
public AsymmetricSignatureProvider(AsymmetricSecurityKey key, string algorithm, bool willCreateSignatures = false)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
if (string.IsNullOrWhiteSpace(algorithm))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10002, "algorithm"));
}
if (willCreateSignatures)
{
if (key.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning)
{
throw new ArgumentOutOfRangeException("key.KeySize", key.KeySize, string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10631, key.GetType(), SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning));
}
}
if (key.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying)
{
throw new ArgumentOutOfRangeException("key.KeySize", key.KeySize, string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10630, key.GetType(), SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying));
}
this.key = key;
try
{
this.hash = this.key.GetHashAlgorithmForSignature(algorithm);
}
catch (Exception ex)
{
if (DiagnosticUtility.IsFatal(ex))
{
throw;
}
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10618, algorithm, this.key.ToString(), ex), ex);
}
if (this.hash == null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10611, algorithm, this.key.ToString()));
}
if (willCreateSignatures)
{
try
{
this.formatter = this.key.GetSignatureFormatter(algorithm);
this.formatter.SetHashAlgorithm(this.hash.GetType().ToString());
}
catch (Exception ex)
{
if (DiagnosticUtility.IsFatal(ex))
{
throw;
}
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10614, algorithm, this.key.ToString(), ex), ex);
}
if (this.formatter == null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10615, algorithm, this.key.ToString()));
}
}
try
{
this.deformatter = this.key.GetSignatureDeformatter(algorithm);
this.deformatter.SetHashAlgorithm(this.hash.GetType().ToString());
}
catch (Exception ex)
{
if (DiagnosticUtility.IsFatal(ex))
{
throw;
}
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10616, algorithm, this.key.ToString(), ex), ex);
}
if (this.deformatter == null)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10617, algorithm, this.key.ToString()));
}
}
internal static void LogVerifySignedInfo(SignedXml signedXml, AsymmetricAlgorithm key, SignatureDescription signatureDescription, HashAlgorithm hashAlgorithm, AsymmetricSignatureDeformatter asymmetricSignatureDeformatter, byte[] actualHashValue, byte[] signatureValue)
{
if (InformationLoggingEnabled)
{
string data = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_VerifySignedInfoAsymmetric"), new object[] { GetKeyName(key), signatureDescription.GetType().Name, hashAlgorithm.GetType().Name, asymmetricSignatureDeformatter.GetType().Name });
WriteLine(signedXml, TraceEventType.Information, SignedXmlDebugEvent.VerifySignedInfo, data);
}
if (VerboseLoggingEnabled)
{
string str2 = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_ActualHashValue"), new object[] { FormatBytes(actualHashValue) });
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, str2);
string str3 = string.Format(CultureInfo.InvariantCulture, SecurityResources.GetResourceString("Log_RawSignatureValue"), new object[] { FormatBytes(signatureValue) });
WriteLine(signedXml, TraceEventType.Verbose, SignedXmlDebugEvent.VerifySignedInfo, str3);
}
}
