/// <summary>
/// Initializes a new instance of the <see cref="AsymmetricSignatureProvider"/> class used to create and verify signatures.
/// </summary>
/// <param name="key">The <see cref="SecurityKey"/> that will be used for signature operations.</param>
/// <param name="algorithm">The signature algorithm to apply.</param>
/// <param name="willCreateSignatures">If this <see cref="AsymmetricSignatureProvider"/> is required to create signatures then set this to true.</param>
/// <para>
/// Creating signatures requires that the <see cref="SecurityKey"/> has access to a private key.
/// Verifying signatures (the default), does not require access to the private key.
/// </para>
/// <exception cref="ArgumentNullException"><paramref name="key"/>is null.</exception>
/// <exception cref="ArgumentNullException"><paramref name="algorithm"/>is null or empty.</exception>
/// <exception cref="InvalidOperationException"><paramref name="willCreateSignatures"/>is true and there is no private key.</exception>
/// <exception cref="NotSupportedException">If <see cref="SecurityKey"/> and algorithm pair are not supported.</exception>
/// <exception cref="ArgumentOutOfRangeException">
/// willCreateSignatures is true and <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the given algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForSigningMap"/>.
/// </exception>
/// <exception cref="ArgumentOutOfRangeException">
/// <see cref="SecurityKey"/>.KeySize is less than the size corresponding to the algorithm in <see cref="AsymmetricSignatureProvider.MinimumAsymmetricKeySizeInBitsForVerifyingMap"/>. Note: this is always checked.
/// </exception>
/// <exception cref="InvalidOperationException">If the runtime is unable to create a suitable cryptographic provider.</exception>
public AsymmetricSignatureProvider(SecurityKey key, string algorithm, bool willCreateSignatures)
: base(key, algorithm)
{
_cryptoProviderFactory = key.CryptoProviderFactory;
_minimumAsymmetricKeySizeInBitsForSigningMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForSigningMap);
_minimumAsymmetricKeySizeInBitsForVerifyingMap = new Dictionary <string, int>(DefaultMinimumAsymmetricKeySizeInBitsForVerifyingMap);
var jsonWebKey = key as JsonWebKey;
if (jsonWebKey != null)
{
JsonWebKeyConverter.TryConvertToSecurityKey(jsonWebKey, out SecurityKey _);
}
if (willCreateSignatures && FoundPrivateKey(key) == PrivateKeyStatus.DoesNotExist)
{
throw LogHelper.LogExceptionMessage(new InvalidOperationException(LogHelper.FormatInvariant(LogMessages.IDX10638, key)));
}
if (!_cryptoProviderFactory.IsSupportedAlgorithm(algorithm, key))
{
throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10634, (algorithm ?? "null"), key)));
}
WillCreateSignatures = willCreateSignatures;
_keySizeIsValid = new Lazy <bool>(ValidKeySize);
_asymmetricAdapterObjectPool = new DisposableObjectPool <AsymmetricAdapter>(CreateAsymmetricAdapter, _cryptoProviderFactory.SignatureProviderObjectPoolCacheSize);
}
// This constructor will be used by NET45 for signing and for RSAKeyWrap
internal AsymmetricAdapter(SecurityKey key, string algorithm, HashAlgorithm hashAlgorithm, bool requirePrivateKey)
{
HashAlgorithm = hashAlgorithm;
// RsaSecurityKey has either Rsa OR RsaParameters.
// If we use the RsaParameters, we create a new RSA object and will need to dispose.
if (key is RsaSecurityKey rsaKey)
{
InitializeUsingRsaSecurityKey(rsaKey, algorithm);
}
else if (key is X509SecurityKey x509Key)
{
InitializeUsingX509SecurityKey(x509Key, algorithm, requirePrivateKey);
}
else if (key is JsonWebKey jsonWebKey)
{
if (JsonWebKeyConverter.TryConvertToSecurityKey(jsonWebKey, out SecurityKey securityKey))
{
if (securityKey is RsaSecurityKey rsaSecurityKeyFromJsonWebKey)
{
InitializeUsingRsaSecurityKey(rsaSecurityKeyFromJsonWebKey, algorithm);
}
else if (securityKey is X509SecurityKey x509SecurityKeyFromJsonWebKey)
{
InitializeUsingX509SecurityKey(x509SecurityKeyFromJsonWebKey, algorithm, requirePrivateKey);
}
else if (securityKey is ECDsaSecurityKey edcsaSecurityKeyFromJsonWebKey)
{
InitializeUsingEcdsaSecurityKey(edcsaSecurityKeyFromJsonWebKey);
}
else
{
throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10684, algorithm, key)));
}
}
}
else if (key is ECDsaSecurityKey ecdsaKey)
{
ECDsaSecurityKey = ecdsaKey;
SignatureFunction = SignWithECDsa;
VerifyFunction = VerifyWithECDsa;
}
else
{
throw LogHelper.LogExceptionMessage(new NotSupportedException(LogHelper.FormatInvariant(LogMessages.IDX10684, algorithm, key)));
}
}
