class/System.IdentityModel/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.cs

   1 //
   2 // X509AsymmetricSecurityKey.cs
   3 //
   4 // Author:
   5 //      Atsushi Enomoto <atsushi@ximian.com>
   6 //
   7 // Copyright (C) 2005 Novell, Inc.  http://www.novell.com
   8 //
   9 // Permission is hereby granted, free of charge, to any person obtaining
  10 // a copy of this software and associated documentation files (the
  11 // "Software"), to deal in the Software without restriction, including
  12 // without limitation the rights to use, copy, modify, merge, publish,
  13 // distribute, sublicense, and/or sell copies of the Software, and to
  14 // permit persons to whom the Software is furnished to do so, subject to
  15 // the following conditions:
  16 //
  17 // The above copyright notice and this permission notice shall be
  18 // included in all copies or substantial portions of the Software.
  19 //
  20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  27 //
  28 using System;
  29 using System.Collections.Generic;
  30 using System.Xml;
  31 using System.IdentityModel.Policy;
  32 using System.Security.Cryptography;
  33 using System.Security.Cryptography.X509Certificates;
  34 using System.Security.Cryptography.Xml;
  35
  36 namespace System.IdentityModel.Tokens
  37 {
  38         public class X509AsymmetricSecurityKey : AsymmetricSecurityKey
  39         {
  40                 public X509AsymmetricSecurityKey (X509Certificate2 certificate)
  41                 {
  42                         if (certificate == null)
  43                                 throw new ArgumentNullException ("certificate");
  44                         cert = certificate;
  45                 }
  46
  47                 X509Certificate2 cert;
  48
  49                 // AsymmetricSecurityKey implementation
  50
  51                 public override AsymmetricAlgorithm GetAsymmetricAlgorithm (
  52                         string algorithm, bool privateKey)
  53                 {
  54                         if (algorithm == null)
  55                                 throw new ArgumentNullException ("algorithm");
  56                         if (privateKey && !cert.HasPrivateKey)
  57                                 throw new NotSupportedException ("The certificate does not contain a private key.");
  58
  59                         AsymmetricAlgorithm alg = privateKey ?
  60                                 cert.PrivateKey : cert.PublicKey.Key;
  61
  62                         switch (algorithm) {
  63 //                      case SignedXml.XmlDsigDSAUrl:
  64 //                              if (alg is DSA)
  65 //                                      return alg;
  66 //                              throw new NotSupportedException (String.Format ("The certificate does not contain DSA private key while '{0}' requires it.", algorithm));
  67                         case EncryptedXml.XmlEncRSA15Url:
  68                         case EncryptedXml.XmlEncRSAOAEPUrl:
  69                         case SignedXml.XmlDsigRSASHA1Url:
  70                         case SecurityAlgorithms.RsaSha256Signature:
  71                                 if (alg is RSA)
  72                                         return alg;
  73                                 throw new NotSupportedException (String.Format ("The certificate does not contain RSA private key while '{0}' requires it.", algorithm));
  74                         }
  75
  76                         throw new NotSupportedException (String.Format ("The asymmetric algorithm '{0}' is not supported.", algorithm));
  77                 }
  78
  79                 public override HashAlgorithm GetHashAlgorithmForSignature (
  80                         string algorithm)
  81                 {
  82                         if (algorithm == null)
  83                                 throw new ArgumentNullException ("algorithm");
  84                         switch (algorithm) {
  85                         //case SignedXml.XmlDsigDSAUrl: // it is documented as supported, but it isn't in reality and it wouldn't be possible.
  86                         case SignedXml.XmlDsigRSASHA1Url:
  87                                 return new HMACSHA1 ();
  88                         case SecurityAlgorithms.RsaSha256Signature:
  89                                 return new HMACSHA256 ();
  90                         default:
  91                                 throw new NotSupportedException (String.Format ("'{0}' Hash algorithm is not supported in this security key.", algorithm));
  92                         }
  93                 }
  94
  95                 [MonoTODO]
  96                 public override AsymmetricSignatureDeformatter GetSignatureDeformatter (string algorithm)
  97                 {
  98                         throw new NotImplementedException ();
  99                 }
 100
 101                 [MonoTODO]
 102                 public override AsymmetricSignatureFormatter GetSignatureFormatter (string algorithm)
 103                 {
 104                         throw new NotImplementedException ();
 105                 }
 106
 107                 public override bool HasPrivateKey ()
 108                 {
 109                         return cert.HasPrivateKey;
 110                 }
 111
 112                 // SecurityKey implementation
 113
 114                 public override int KeySize {
 115                         get { return cert.PublicKey.Key.KeySize; }
 116                 }
 117
 118                 public override byte [] DecryptKey (string algorithm, byte [] keyData)
 119                 {
 120                         if (algorithm == null)
 121                                 throw new ArgumentNullException ("algorithm");
 122                         if (keyData == null)
 123                                 throw new ArgumentNullException ("keyData");
 124
 125                         if (!HasPrivateKey ())
 126                                 throw new NotSupportedException ("This X509 certificate does not contain private key.");
 127
 128                         if (cert.PrivateKey.KeyExchangeAlgorithm == null)
 129                                 throw new NotSupportedException ("The exchange algorithm of the X509 certificate private key is null");
 130
 131                         switch (algorithm) {
 132                         case EncryptedXml.XmlEncRSA15Url:
 133                         case EncryptedXml.XmlEncRSAOAEPUrl:
 134                                 break;
 135                         default:
 136                                 throw new NotSupportedException (String.Format ("This X509 security key does not support specified algorithm '{0}'", algorithm));
 137                         }
 138
 139                         bool useOAEP =
 140                                 algorithm == EncryptedXml.XmlEncRSAOAEPUrl;
 141                         return EncryptedXml.DecryptKey (keyData, cert.PrivateKey as RSA, useOAEP);
 142                 }
 143
 144                 public override byte [] EncryptKey (string algorithm, byte [] keyData)
 145                 {
 146                         if (algorithm == null)
 147                                 throw new ArgumentNullException ("algorithm");
 148                         if (keyData == null)
 149                                 throw new ArgumentNullException ("keyData");
 150
 151                         switch (algorithm) {
 152                         case EncryptedXml.XmlEncRSA15Url:
 153                         case EncryptedXml.XmlEncRSAOAEPUrl:
 154                                 break;
 155                         default:
 156                                 throw new NotSupportedException (String.Format ("This X509 security key does not support specified algorithm '{0}'", algorithm));
 157                         }
 158
 159                         bool useOAEP =
 160                                 algorithm == EncryptedXml.XmlEncRSAOAEPUrl;
 161
 162                         return EncryptedXml.EncryptKey (keyData, cert.PublicKey.Key as RSA, useOAEP);
 163                 }
 164
 165                 public override bool IsAsymmetricAlgorithm (string algorithm)
 166                 {
 167                         return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Asymmetric;
 168                 }
 169
 170                 public override bool IsSupportedAlgorithm (string algorithm)
 171                 {
 172                         switch (algorithm) {
 173                         case SecurityAlgorithms.RsaV15KeyWrap:
 174                         case SecurityAlgorithms.RsaOaepKeyWrap:
 175                         case SecurityAlgorithms.RsaSha1Signature:
 176                         case SecurityAlgorithms.RsaSha256Signature:
 177                                 return true;
 178                         default:
 179                                 return false;
 180                         }
 181                 }
 182
 183                 public override bool IsSymmetricAlgorithm (string algorithm)
 184                 {
 185                         return GetAlgorithmSupportType (algorithm) == AlgorithmSupportType.Symmetric;
 186                 }
 187         }
 188 }