public Signer(JWK key, string algorithm = null) { if (algorithm != null) { AddAttribute("alg", algorithm, UNPROTECTED); } if (key.ContainsName("kid")) { AddAttribute("kid", key.AsString("kid"), UNPROTECTED); } if (key.ContainsName("use")) { string usage = key.AsString("use"); if (usage != "sig") { throw new JoseException("Key cannot be used for encrytion"); } } #if false if (key.ContainsName("key_ops")) { JSON usageObject = key ["key_ops"]; bool validUsage = false; if (usageObject.Type != CBORType.Array) { throw new Exception("key_ops is incorrectly formed"); } for (int i = 0; i < usageObject.Count; i++) { switch (usageObject[i].AsString()) { case "encrypt": case "keywrap": validUsage = true; break; } } string usage = key.AsString("key_ops"); if (!validUsage) { throw new Exception("Key cannot be used for encryption"); } } #endif keyToSign = key; }
public Recipient(JWK key, string algorithm = null, EncryptMessage msg = null) { if (algorithm == null && key.ContainsName("alg")) { algorithm = key.AsString("alg"); } if (algorithm != null) { switch (algorithm) { case "dir": // Direct encryption mode case "A128GCM": case "A192GCM": case "A256GCM": if (key.AsString("kty") != "oct") { throw new JoseException("Invalid parameters"); } RecipientType = RecipientType.Direct; algorithm = "dir"; break; case "ECDH-ES": #if DEBUG case "ECDH-SS": #endif // DEBUG if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP")) { throw new JoseException("Invalid Parameters"); } RecipientType = RecipientType.KeyAgreeDirect; break; case "RSA1_5": case "RSA-OAEP": case "RSA-OAEP-256": if (key.AsString("kty") != "RSA") { throw new JoseException("Invalid Parameter"); } RecipientType = RecipientType.KeyTransport; break; case "A128KW": case "A192KW": case "A256KW": case "A128GCMKW": case "A192GCMKW": case "A256GCMKW": if (key.AsString("kty") != "oct") { throw new JoseException("Invalid Parameter"); } RecipientType = RecipientType.KeyWrap; break; case "ECDH-ES+A128KW": case "ECDH-ES+A192KW": case "ECDH-ES+A256KW": if ((key.AsString("kty") != "EC") && (key.AsString("kty") != "OKP")) { throw new JoseException("Invalid Parameter"); } RecipientType = RecipientType.KeyAgree; break; case "PBES2-HS256+A128KW": case "PBES2-HS384+A192KW": case "PBES2-HS512+A256KW": if (key.AsString("kty") != "oct") { throw new JoseException("Invalid Parameter"); } RecipientType = RecipientType.Password; break; default: throw new JoseException("Unrecognized recipient algorithm"); } _mKey = key; if (FindAttr("alg", msg) == null) { AddAttribute("alg", algorithm, UNPROTECTED); } } else { switch (key.AsString("kty")) { case "oct": RecipientType = RecipientType.KeyWrap; switch (key.AsBytes("k").Length) { case 128 / 8: algorithm = "A128KW"; break; case 192 / 8: algorithm = "A192KW"; break; case 256 / 8: algorithm = "A256KW"; break; default: throw new JoseException("Key size does not match any algorthms"); } break; case "RSA": RecipientType = RecipientType.KeyTransport; algorithm = "RSA-OAEP-256"; break; case "EC": RecipientType = RecipientType.KeyAgree; algorithm = "ECDH-ES+A128KW"; break; } if (FindAttr("alg", msg) == null) { AddAttribute("alg", algorithm, UNPROTECTED); } _mKey = key; } if (key.ContainsName("use")) { string usage = key.AsString("use"); if (usage != "enc") { throw new JoseException("Key cannot be used for encrytion"); } } if (key.ContainsName("key_ops")) { string usageObject = key.AsString("key_ops"); bool validUsage = false; string[] usageArray = usageObject.Split(','); for (int i = 0; i < usageArray.Length; i++) { switch (usageArray[i]) { case "encrypt": case "keywrap": validUsage = true; break; } } if (!validUsage) { throw new JoseException("Key cannot be used for encryption"); } } if (key.ContainsName("kid") && (FindAttr("kid", msg) == null)) { AddAttribute("kid", key.AsString("kid"), UNPROTECTED); } }