1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
using System;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
{
/// <summary>Credentialed class for generating signatures based on the use of primitives from the BC light-weight API.</summary>
public class BcDefaultTlsCredentialedSigner
: DefaultTlsCredentialedSigner
{
private static BcTlsCertificate GetEndEntity(BcTlsCrypto crypto, Certificate certificate)
{
if (certificate == null || certificate.IsEmpty)
throw new ArgumentException("No certificate");
return BcTlsCertificate.Convert(crypto, certificate.GetCertificateAt(0));
}
private static TlsSigner MakeSigner(BcTlsCrypto crypto, AsymmetricKeyParameter privateKey,
Certificate certificate, SignatureAndHashAlgorithm signatureAndHashAlgorithm)
{
TlsSigner signer;
if (privateKey is RsaKeyParameters)
{
RsaKeyParameters privKeyRsa = (RsaKeyParameters)privateKey;
if (signatureAndHashAlgorithm != null)
{
int signatureScheme = SignatureScheme.From(signatureAndHashAlgorithm);
if (SignatureScheme.IsRsaPss(signatureScheme))
{
return new BcTlsRsaPssSigner(crypto, privKeyRsa, signatureScheme);
}
}
RsaKeyParameters pubKeyRsa = GetEndEntity(crypto, certificate).GetPubKeyRsa();
signer = new BcTlsRsaSigner(crypto, privKeyRsa, pubKeyRsa);
}
else if (privateKey is DsaPrivateKeyParameters)
{
signer = new BcTlsDsaSigner(crypto, (DsaPrivateKeyParameters)privateKey);
}
else if (privateKey is ECPrivateKeyParameters)
{
ECPrivateKeyParameters privKeyEC = (ECPrivateKeyParameters)privateKey;
if (signatureAndHashAlgorithm != null)
{
int signatureScheme = SignatureScheme.From(signatureAndHashAlgorithm);
if (SignatureScheme.IsECDsa(signatureScheme))
{
return new BcTlsECDsa13Signer(crypto, privKeyEC, signatureScheme);
}
}
signer = new BcTlsECDsaSigner(crypto, privKeyEC);
}
else if (privateKey is Ed25519PrivateKeyParameters)
{
signer = new BcTlsEd25519Signer(crypto, (Ed25519PrivateKeyParameters)privateKey);
}
else if (privateKey is Ed448PrivateKeyParameters)
{
signer = new BcTlsEd448Signer(crypto, (Ed448PrivateKeyParameters)privateKey);
}
else
{
throw new ArgumentException("'privateKey' type not supported: " + privateKey.GetType().FullName);
}
return signer;
}
public BcDefaultTlsCredentialedSigner(TlsCryptoParameters cryptoParams, BcTlsCrypto crypto,
AsymmetricKeyParameter privateKey, Certificate certificate,
SignatureAndHashAlgorithm signatureAndHashAlgorithm)
: base(cryptoParams, MakeSigner(crypto, privateKey, certificate, signatureAndHashAlgorithm), certificate,
signatureAndHashAlgorithm)
{
}
}
}
|