internal static AsymmetricSignatureFormatter GetSignatureFormatterForSha256(AsymmetricSecurityKey key) { AsymmetricAlgorithm asymmetricAlgorithm = key.GetAsymmetricAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", true); RSACryptoServiceProvider rsaProvider = asymmetricAlgorithm as RSACryptoServiceProvider; if (rsaProvider != null) { return(GetSignatureFormatterForSha256(rsaProvider)); } return((AsymmetricSignatureFormatter) new RSAPKCS1SignatureFormatter(asymmetricAlgorithm)); }
private static SignatureProvider CreateProvider( SecurityKey key, string algorithm, bool willCreateSignatures) { if (key == null) { throw new ArgumentNullException(nameof(key)); } if (algorithm == null) { throw new ArgumentNullException(nameof(algorithm)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw new ArgumentException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10002: The parameter '{0}' cannot be 'null' or a string containing only whitespace.", (object)"algorithm ")); } AsymmetricSecurityKey key1 = key as AsymmetricSecurityKey; if (key1 != null) { if (willCreateSignatures && key1.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning) { throw new ArgumentOutOfRangeException("key.KeySize", (object)key1.KeySize, string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10630: The '{0}' for signing cannot be smaller than '{1}' bits.", (object)key.GetType(), (object)SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning)); } if (key1.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying) { throw new ArgumentOutOfRangeException("key.KeySize", (object)key1.KeySize, string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10631: The '{0}' for verifying cannot be smaller than '{1}' bits.", (object)key.GetType(), (object)SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying)); } return((SignatureProvider) new AsymmetricSignatureProvider(key1, algorithm, willCreateSignatures)); } SymmetricSecurityKey key2 = key as SymmetricSecurityKey; if (key2 != null) { if (key2.KeySize < SignatureProviderFactory.MinimumSymmetricKeySizeInBits) { throw new ArgumentOutOfRangeException("key.KeySize", (object)key.KeySize, string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10603: The '{0}' cannot have less than: '{1}' bits.", (object)key.GetType(), (object)SignatureProviderFactory.MinimumSymmetricKeySizeInBits)); } return((SignatureProvider) new SymmetricSignatureProvider(key2, algorithm)); } throw new ArgumentException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, "IDX10600: '{0}' supports: '{1}' of types: '{2}' or '{3}'. SecurityKey received was of type: '{4}'.", (object)typeof(SignatureProvider).ToString(), (object)typeof(SecurityKey), (object)typeof(AsymmetricSecurityKey), (object)typeof(SymmetricSecurityKey), (object)key.GetType())); }
/// <summary> /// Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider" /> class used to create and verify signatures. /// </summary> /// <param name="key"> /// The <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" /> that will be used for cryptographic operations. /// </param> /// <param name="algorithm">The signature algorithm to apply.</param> /// <param name="willCreateSignatures"> /// If this <see cref="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider" /> is required to create signatures then set this to true. /// <para> /// Creating signatures requires that the <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" /> has access to a private key. /// Verifying signatures (the default), does not require access to the private key. /// </para> /// </param> /// <exception cref="T:System.ArgumentNullException"> /// 'key' is null. /// </exception> /// <exception cref="T:System.ArgumentNullException"> /// 'algorithm' is null. /// </exception> /// <exception cref="T:System.ArgumentException"> /// 'algorithm' contains only whitespace. /// </exception> /// <exception cref="T:System.ArgumentOutOfRangeException"> /// willCreateSignatures is true and <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" />.KeySize is less than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning" />. /// </exception> /// <exception cref="T:System.ArgumentOutOfRangeException"> /// <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey" />.KeySize is less than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying" />. Note: this is always checked. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetHashAlgorithmForSignature(System.String)" /> throws. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetHashAlgorithmForSignature(System.String)" /> returns null. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureFormatter(System.String)" /> throws. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureFormatter(System.String)" /> returns null. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureDeformatter(System.String)" /> throws. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureDeformatter(System.String)" /> returns null. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.Security.Cryptography.AsymmetricSignatureFormatter.SetHashAlgorithm(System.String)" /> throws. /// </exception> /// <exception cref="T:System.InvalidOperationException"> /// Is thrown if the <see cref="M:System.Security.Cryptography.AsymmetricSignatureDeformatter.SetHashAlgorithm(System.String)" /> throws. /// </exception> public AsymmetricSignatureProvider( AsymmetricSecurityKey key, string algorithm, bool willCreateSignatures = false) { if (key == null) { throw new ArgumentNullException(nameof(key)); } if (algorithm == null) { throw new ArgumentNullException(nameof(algorithm)); } if (string.IsNullOrWhiteSpace(algorithm)) { throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, "IDX10002: The parameter '{0}' cannot be 'null' or a string containing only whitespace.", nameof(algorithm))); } if (willCreateSignatures && key.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning) { throw new ArgumentOutOfRangeException(nameof(key), key.KeySize, string.Format(CultureInfo.InvariantCulture, "IDX10631: The '{0}' for verifying cannot be smaller than '{1}' bits.", key.GetType(), SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning)); } if (key.KeySize < SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying) { throw new ArgumentOutOfRangeException(nameof(key), key.KeySize, string.Format(CultureInfo.InvariantCulture, "IDX10630: The '{0}' for signing cannot be smaller than '{1}' bits.", key.GetType(), SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying)); } try { hash = key.GetHashAlgorithmForSignature(algorithm); } catch (Exception ex) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10618: AsymmetricSecurityKey.GetHashAlgorithmForSignature( '{0}' ) threw an exception.\nAsymmetricSecurityKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.\nException: '{2}'.", algorithm, key.ToString(), ex), ex); } if (hash == null) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10611: AsymmetricSecurityKey.GetHashAlgorithmForSignature( '{0}' ) returned null.\nKey: '{1}'\nSignatureAlgorithm: '{0}'", algorithm, key.ToString())); } if (willCreateSignatures) { try { formatter = key.GetSignatureFormatter(algorithm); formatter?.SetHashAlgorithm(hash.GetType().ToString()); } catch (Exception ex) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10614: AsymmetricSecurityKey.GetSignatureFormater( '{0}' ) threw an exception.\nKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.\nException:'{2}'.\nIf you only need to verify signatures the parameter 'willBeUseForSigning' should be false if the private key is not be available.", algorithm, key.ToString(), ex), ex); } if (formatter == null) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10615: AsymmetricSecurityKey.GetSignatureFormater( '{0}' ) returned null.\nKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.", algorithm, key.ToString())); } } try { deformatter = key.GetSignatureDeformatter(algorithm); deformatter?.SetHashAlgorithm(hash.GetType().ToString()); } catch (Exception ex) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10616: AsymmetricSecurityKey.GetSignatureDeformatter( '{0}' ) threw an exception.\nKey: '{1}'\nSignatureAlgorithm: '{0}, check to make sure the SignatureAlgorithm is supported.'\nException:'{2}'.", algorithm, key.ToString(), ex), ex); } if (deformatter == null) { throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, "IDX10617: AsymmetricSecurityKey.GetSignatureDeFormater( '{0}' ) returned null.\nKey: '{1}'\nSignatureAlgorithm: '{0}', check to make sure the SignatureAlgorithm is supported.", algorithm, key.ToString())); } }