mcs/class/System.IdentityModel/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.cs

   1 //
   2 // X509AsymmetricSecurityKey.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2005 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System;
  29 using System.Collections.Generic;
  30 using System.Xml;
  31 using System.IdentityModel.Policy;
  32 using System.Security.Cryptography;
  33 using System.Security.Cryptography.X509Certificates;
  34 using System.Security.Cryptography.Xml;
  35
  36 namespace System.IdentityModel.Tokens
  37 {
  38         public class X509AsymmetricSecurityKey : AsymmetricSecurityKey
  39         {
  40                 public X509AsymmetricSecurityKey (X509Certificate2 certificate)
  41                 {
  42                         if (certificate == null)
  43                                 throw new ArgumentNullException ("certificate");
  44                         cert = certificate;
  45                 }
  46
  47                 X509Certificate2 cert;
  48
  49                 // AsymmetricSecurityKey implementation
  50
  51                 public override AsymmetricAlgorithm GetAsymmetricAlgorithm (
  52                         string algorithm, bool privateKey)
  53                 {
  54                         if (algorithm == null)
  55                                 throw new ArgumentNullException ("algorithm");
  56                         if (privateKey && !cert.HasPrivateKey)
  57                                 throw new NotSupportedException ("The certificate does not contain a private key.");
  58
  59                         AsymmetricAlgorithm alg = privateKey ?
  60                                 cert.PrivateKey : cert.PublicKey.Key;
  61
  62                         switch (algorithm) {
  63 //                      case SignedXml.XmlDsigDSAUrl:
  64 //                              if (alg is DSA)
  65 //                                      return alg;
  66 //                              throw new NotSupportedException (String.Format ("The certificate does not contain DSA private key while '{0}' requires it.", algorithm));
  67                         case EncryptedXml.XmlEncRSA15Url:
  68                         case EncryptedXml.XmlEncRSAOAEPUrl:
  69                         case SignedXml.XmlDsigRSASHA1Url:
  70                         case SecurityAlgorithms.RsaSha256Signature:
  71                                 if (alg is RSA)
  72                                         return alg;
  73                                 throw new NotSupportedException (String.Format ("The certificate does not contain RSA private key while '{0}' requires it.", algorithm));
  74                         }
  75
  76                         throw new NotSupportedException (String.Format ("The asymmetric algorithm '{0}' is not supported.", algorithm));
  77                 }
  78
  79                 public override HashAlgorithm GetHashAlgorithmForSignature (
  80                         string algorithm)
  81                 {
  82                         if (algorithm == null)
  83                                 throw new ArgumentNullException ("algorithm");
  84                         switch (algorithm) {
  85                         //case SignedXml.XmlDsigDSAUrl: // it is documented as supported, but it isn't in reality and it wouldn't be possible.
  86                         case SignedXml.XmlDsigRSASHA1Url:
  87                                 return new SHA1Managed ();
  88                         case SecurityAlgorithms.RsaSha256Signature:
  89                                 return new SHA256Managed ();
  90                         default:
  91                                 throw new NotSupportedException (String.Format ("'{0}' Hash algorithm is not supported in this security key.", algorithm));
  92                         }
  93                 }
  94
  95                 public override AsymmetricSignatureDeformatter GetSignatureDeformatter (string algorithm)
  96                 {
  97                         switch (algorithm) {
  98                                 //case SignedXml.XmlDsigDSAUrl:
  99                                 //      DSA dsa = (cert.PublicKey.Key as DSA);
 100                                 //      if (dsa == null) {
 101                                 //              throw new NotSupportedException (String.Format ("The certificate does not contain DSA public key while '{0}' requires it.", algorithm));
 102                                 //      }
 103                                 //      else {
 104                                 //              return new DSASignatureDeformatter(dsa);
 105                                 //      }
 106                                 case SignedXml.XmlDsigRSASHA1Url:
 107                                 case SecurityAlgorithms.RsaSha256Signature:
 108                                         RSA rsa = (cert.PublicKey.Key as RSA);
 109                                         if (rsa == null) {
 110                                                 throw new NotSupportedException (String.Format ("The certificate does not contain RSA public key while '{0}' requires it.", algorithm));
 111                                         }
 112                                         else {
 113                                                 return new RSAPKCS1SignatureDeformatter (rsa);
 114                                         }
 115                                 default:
 116                                         throw new NotSupportedException (String.Format ("'{0}' Hash algorithm is not supported in this security key.", algorithm));
 117                         }
 118                 }
 119
 120                 public override AsymmetricSignatureFormatter GetSignatureFormatter (string algorithm)
 121                 {
 122                         switch (algorithm) {
 123                                 //case SignedXml.XmlDsigDSAUrl:
 124                                 //      DSA dsa = (cert.PrivateKey as DSA);
 125                                 //      if (dsa == null) {
 126                                 //              throw new NotSupportedException (String.Format ("The certificate does not contain DSA private key while '{0}' requires it.", algorithm));
 127                                 //      }
 128                                 //      else {
 129                                 //              return new DSASignatureFormatter(dsa);
 130                                 //      }
 131                                 case SignedXml.XmlDsigRSASHA1Url:
 132                                 case SecurityAlgorithms.RsaSha256Signature:
 133                                         RSA rsa = (cert.PrivateKey as RSA);
 134                                         if (rsa == null) {
 135                                                 throw new NotSupportedException (String.Format ("The certificate does not contain RSA private key while '{0}' requires it.", algorithm));
 136                                         }
 137                                         else {
 138                                                 return new RSAPKCS1SignatureFormatter (rsa);
 139                                         }
 140                                 default:
 141                                         throw new NotSupportedException (String.Format ("'{0}' Hash algorithm is not supported in this security key.", algorithm));
 142                         }
 143                 }
 144
 145                 public override bool HasPrivateKey ()
 146                 {
 147                         return cert.HasPrivateKey;
 148                 }
 149
 150                 // SecurityKey implementation
 151
 152                 public override int KeySize {
 153                         get { return cert.PublicKey.Key.KeySize; }
 154                 }
 155
 156                 public override byte [] DecryptKey (string algorithm, byte [] keyData)
 157                 {
 158                         if (algorithm == null)
 159                                 throw new ArgumentNullException ("algorithm");
 160                         if (keyData == null)
 161                                 throw new ArgumentNullException ("keyData");
 162
 163                         if (!HasPrivateKey ())
 164                                 throw new NotSupportedException ("This X509 certificate does not contain private key.");
 165
 166                         if (cert.PrivateKey.KeyExchangeAlgorithm == null)
 167                                 throw new NotSupportedException ("The exchange algorithm of the X509 certificate private key is null");
 168
 169                         switch (algorithm) {
 170                         case EncryptedXml.XmlEncRSA15Url:
 171                         case EncryptedXml.XmlEncRSAOAEPUrl:
 172                                 break;
 173                         default:
 174                                 throw new NotSupportedException (String.Format ("This X509 security key does not support specified algorithm '{0}'", algorithm));
 175                         }
 176
 177                         bool useOAEP =
 178                                 algorithm == EncryptedXml.XmlEncRSAOAEPUrl;
 179                         return EncryptedXml.DecryptKey (keyData, cert.PrivateKey as RSA, useOAEP);
 180                 }
 181
 182                 public override byte [] EncryptKey (string algorithm, byte [] keyData)
 183                 {
 184                         if (algorithm == null)
 185                                 throw new ArgumentNullException ("algorithm");
 186                         if (keyData == null)
 187                                 throw new ArgumentNullException ("keyData");
 188
 189                         switch (algorithm) {
 190                         case EncryptedXml.XmlEncRSA15Url:
 191                         case EncryptedXml.XmlEncRSAOAEPUrl:
 192                                 break;
 193                         default:
 194                                 throw new NotSupportedException (String.Format ("This X509 security key does not support specified algorithm '{0}'", algorithm));
 195                         }
 196
 197                         bool useOAEP =
 198                                 algorithm == EncryptedXml.XmlEncRSAOAEPUrl;
 199
 200                         return EncryptedXml.EncryptKey (keyData, cert.PublicKey.Key as RSA, useOAEP);
 201                 }
 202
 203                 public override bool IsAsymmetricAlgorithm (string algorithm)
 204                 {
 205                         return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Asymmetric;
 206                 }
 207
 208                 public override bool IsSupportedAlgorithm (string algorithm)
 209                 {
 210                         switch (algorithm) {
 211                         case SecurityAlgorithms.RsaV15KeyWrap:
 212                         case SecurityAlgorithms.RsaOaepKeyWrap:
 213                         case SecurityAlgorithms.RsaSha1Signature:
 214                         case SecurityAlgorithms.RsaSha256Signature:
 215                                 return true;
 216                         default:
 217                                 return false;
 218                         }
 219                 }
 220
 221                 public override bool IsSymmetricAlgorithm (string algorithm)
 222                 {
 223                         return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Symmetric;
 224                 }
 225         }
 226 }