forked from NetDevPack/Security.Jwt
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAlgorithm.cs
More file actions
146 lines (125 loc) · 5.67 KB
/
Algorithm.cs
File metadata and controls
146 lines (125 loc) · 5.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
using Microsoft.IdentityModel.Tokens;
namespace NetDevPack.Security.Jwt.Core.Jwa;
public class Algorithm
{
private Algorithm(string algorithm)
{
switch (algorithm)
{
case EncryptionAlgorithmKey.Aes128KW:
case EncryptionAlgorithmKey.Aes256KW:
AlgorithmType = AlgorithmType.AES;
CryptographyType = CryptographyType.Encryption;
break;
case EncryptionAlgorithmKey.RsaPKCS1:
case EncryptionAlgorithmKey.RsaOAEP:
CryptographyType = CryptographyType.Encryption;
AlgorithmType = AlgorithmType.RSA;
break;
case DigitalSignaturesAlgorithm.EcdsaSha256:
case DigitalSignaturesAlgorithm.EcdsaSha384:
case DigitalSignaturesAlgorithm.EcdsaSha512:
CryptographyType = CryptographyType.DigitalSignature;
AlgorithmType = AlgorithmType.ECDsa;
break;
case DigitalSignaturesAlgorithm.HmacSha256:
case DigitalSignaturesAlgorithm.HmacSha384:
case DigitalSignaturesAlgorithm.HmacSha512:
CryptographyType = CryptographyType.DigitalSignature;
AlgorithmType = AlgorithmType.HMAC;
break;
case DigitalSignaturesAlgorithm.RsaSha256:
case DigitalSignaturesAlgorithm.RsaSha384:
case DigitalSignaturesAlgorithm.RsaSha512:
case DigitalSignaturesAlgorithm.RsaSsaPssSha256:
case DigitalSignaturesAlgorithm.RsaSsaPssSha384:
case DigitalSignaturesAlgorithm.RsaSsaPssSha512:
CryptographyType = CryptographyType.DigitalSignature;
AlgorithmType = AlgorithmType.RSA;
break;
default:
throw new NotSupportedException($"Not supported algorithm {algorithm}");
}
Alg = algorithm;
}
private Algorithm()
{
AlgorithmType = AlgorithmType.RSA;
}
public EncryptionAlgorithmContent EncryptionAlgorithmContent { get; set; }
public AlgorithmType AlgorithmType { get; internal set; }
public CryptographyType CryptographyType { get; internal set; }
public JwtType JwtType => CryptographyType == CryptographyType.Encryption ? JwtType.Jwe : JwtType.Jws;
public string Use => CryptographyType == CryptographyType.Encryption ? "enc" : "sig";
public string Alg { get; internal set; }
public string Curve { get; set; }
public Algorithm WithCurve(string curve)
{
if (this.AlgorithmType != AlgorithmType.ECDsa)
throw new InvalidOperationException("Only Elliptic Curves accept curves");
this.Curve = curve;
return this;
}
/// <summary>
/// Content encryption algorithm
/// https://datatracker.ietf.org/doc/html/rfc7518#section-5.1
/// </summary>
public Algorithm WithContentEncryption(EncryptionAlgorithmContent enc)
{
if (CryptographyType == CryptographyType.DigitalSignature)
throw new InvalidOperationException("Only Json Web Encryption has enc param");
switch (enc)
{
case Jwa.EncryptionAlgorithmContent.Aes128CbcHmacSha256:
case Jwa.EncryptionAlgorithmContent.Aes128Gcm:
case Jwa.EncryptionAlgorithmContent.Aes192CbcHmacSha384:
case Jwa.EncryptionAlgorithmContent.Aes192Gcm:
case Jwa.EncryptionAlgorithmContent.Aes256CbcHmacSha512:
case Jwa.EncryptionAlgorithmContent.Aes256Gcm:
EncryptionAlgorithmContent = enc;
break;
default:
throw new NotSupportedException($"Not supported encryption algorithm {enc}");
}
return this;
}
/// <summary>
/// See RFC 7518 - JSON Web Algorithms (JWA) - Section 6.1. "kty" (Key Type) Parameter Values
/// </summary>
public string Kty()
{
return AlgorithmType switch
{
AlgorithmType.RSA => JsonWebAlgorithmsKeyTypes.RSA,
AlgorithmType.ECDsa => JsonWebAlgorithmsKeyTypes.EllipticCurve,
AlgorithmType.HMAC => JsonWebAlgorithmsKeyTypes.Octet,
AlgorithmType.AES => JsonWebAlgorithmsKeyTypes.Octet,
_ => throw new ArgumentOutOfRangeException()
};
}
public static Algorithm Create(string algorithm)
{
return new Algorithm(algorithm);
}
public static Algorithm Create(AlgorithmType algorithmType, JwtType jwtType)
{
if (jwtType == JwtType.Both)
return new Algorithm();
if (jwtType == JwtType.Jws)
return algorithmType switch
{
AlgorithmType.RSA => new Algorithm(DigitalSignaturesAlgorithm.RsaSsaPssSha256),
AlgorithmType.ECDsa => new Algorithm(DigitalSignaturesAlgorithm.EcdsaSha256).WithCurve(JsonWebKeyECTypes.P256),
AlgorithmType.HMAC => new Algorithm(DigitalSignaturesAlgorithm.HmacSha256),
_ => throw new InvalidOperationException($"Invalid algorithm for Json Web Signature (JWS): {algorithmType}")
};
return algorithmType switch
{
AlgorithmType.RSA => new Algorithm(EncryptionAlgorithmKey.RsaOAEP).WithContentEncryption(EncryptionAlgorithmContent.Aes128CbcHmacSha256),
AlgorithmType.AES => new Algorithm(EncryptionAlgorithmKey.Aes128KW).WithContentEncryption(EncryptionAlgorithmContent.Aes128CbcHmacSha256),
_ => throw new InvalidOperationException($"Invalid algorithm for Json Web Encryption (JWE): {algorithmType}")
};
}
public static implicit operator string(Algorithm value) => value.Alg;
public static implicit operator Algorithm(string value) => new (value);
}