|
25 | 25 | //
|
26 | 26 | //------------------------------------------------------------------------------
|
27 | 27 |
|
| 28 | +using System; |
| 29 | +using System.Security.Cryptography.X509Certificates; |
28 | 30 | using Microsoft.IdentityModel.Logging;
|
29 | 31 |
|
30 | 32 | namespace Microsoft.IdentityModel.Tokens
|
31 | 33 | {
|
32 | 34 | /// <summary>
|
33 |
| - /// A wrapper class for properties that are used for token encryption. |
| 35 | + /// A class for properties that are used for token encryption. |
34 | 36 | /// </summary>
|
35 | 37 | public class EncryptingCredentials
|
36 | 38 | {
|
| 39 | + private string _alg; |
| 40 | + private string _enc; |
| 41 | + private SecurityKey _key; |
| 42 | + |
| 43 | + /// <summary> |
| 44 | + /// Initializes a new instance of the <see cref="EncryptingCredentials"/> class. |
| 45 | + /// </summary> |
| 46 | + /// <param name="certificate"><see cref="X509Certificate2"/>.</param> |
| 47 | + /// <param name="alg">A key wrap encryption algorithm to apply when encrypting a session key.</param> |
| 48 | + /// <param name="enc">Data encryption algorithm to apply when encrypting plaintext.</param> |
| 49 | + /// <exception cref="ArgumentNullException">if 'certificate' is null.</exception> |
| 50 | + /// <exception cref="ArgumentNullException">if 'alg' is null or empty.</exception> |
| 51 | + /// <exception cref="ArgumentNullException">if 'enc' is null or empty.</exception> |
| 52 | + protected EncryptingCredentials(X509Certificate2 certificate, string alg, string enc) |
| 53 | + { |
| 54 | + if (certificate == null) |
| 55 | + throw LogHelper.LogArgumentNullException(nameof(certificate)); |
| 56 | + |
| 57 | + Key = new X509SecurityKey(certificate); |
| 58 | + Alg = alg; |
| 59 | + Enc = enc; |
| 60 | + } |
| 61 | + |
37 | 62 | /// <summary>
|
38 | 63 | /// Initializes a new instance of the <see cref="EncryptingCredentials"/> class.
|
39 | 64 | /// </summary>
|
40 | 65 | /// <param name="key"><see cref="SecurityKey"/></param>
|
41 |
| - /// <param name="alg">The key encryption algorithm to apply.</param> |
42 |
| - /// <param name="enc">The encryption algorithm to apply.</param> |
| 66 | + /// <param name="alg">A key wrap encryption algorithm to apply when encrypting a session key.</param> |
| 67 | + /// <param name="enc">Data encryption algorithm to apply when encrypting plaintext.</param> |
| 68 | + /// <exception cref="ArgumentNullException">if 'key' is null.</exception> |
| 69 | + /// <exception cref="ArgumentNullException">if 'alg' is null or empty.</exception> |
| 70 | + /// <exception cref="ArgumentNullException">if 'enc' is null or empty.</exception> |
43 | 71 | public EncryptingCredentials(SecurityKey key, string alg, string enc)
|
44 | 72 | {
|
45 |
| - if (key == null) |
46 |
| - throw LogHelper.LogArgumentNullException(nameof(key)); |
| 73 | + Key = key; |
| 74 | + Alg = alg; |
| 75 | + Enc = enc; |
| 76 | + } |
47 | 77 |
|
48 |
| - if (string.IsNullOrWhiteSpace(alg)) |
49 |
| - throw LogHelper.LogArgumentNullException(nameof(alg)); |
| 78 | + /// <summary> |
| 79 | + /// Initializes a new instance of the <see cref="EncryptingCredentials"/> class. |
| 80 | + /// </summary> |
| 81 | + /// <remarks> Used in scenarios when a key represents a 'shared' symmetric key. |
| 82 | + /// For example, SAML 2.0 Assertion will be encrypted using a provided symmetric key |
| 83 | + /// which won't be serialized to a SAML token. |
| 84 | + /// </remarks> |
| 85 | + /// <param name="key"><see cref="SecurityKey"/></param> |
| 86 | + /// <param name="enc">Data encryption algorithm to apply when encrypting plaintext.</param> |
| 87 | + /// <exception cref="ArgumentException">If the <see cref="SecurityKey"/> is not <see cref="SymmetricSecurityKey"/>.</exception> |
| 88 | + /// <exception cref="ArgumentNullException">if 'enc' is null or empty.</exception> |
| 89 | + public EncryptingCredentials(SecurityKey key, string enc) |
| 90 | + { |
| 91 | + Key = key; |
50 | 92 |
|
51 |
| - if (string.IsNullOrWhiteSpace(enc)) |
52 |
| - throw LogHelper.LogArgumentNullException(nameof(enc)); |
| 93 | + if (key.GetType() != typeof(SymmetricSecurityKey)) |
| 94 | + throw LogHelper.LogArgumentException<ArgumentException>("key", LogMessages.IDX10704); |
53 | 95 |
|
54 |
| - Alg = alg; |
| 96 | + //explicitly setting Alg to None |
| 97 | + Alg = SecurityAlgorithms.None; |
55 | 98 | Enc = enc;
|
56 |
| - Key = key; |
57 | 99 | }
|
58 | 100 |
|
59 | 101 | /// <summary>
|
60 |
| - /// Gets the algorithm which used for token encryption. |
| 102 | + /// Gets the key wrap encryption algorithm used for a session key encryption. |
61 | 103 | /// </summary>
|
62 | 104 | public string Alg
|
63 | 105 | {
|
64 |
| - get; |
65 |
| - private set; |
| 106 | + get => _alg; |
| 107 | + private set => _alg = string.IsNullOrEmpty(value) ? throw LogHelper.LogArgumentNullException("alg") : value; |
66 | 108 | }
|
67 | 109 |
|
68 | 110 | /// <summary>
|
69 |
| - /// Gets the algorithm which used for token encryption. |
| 111 | + /// Gets the data encryption algorithm used for plaintext encryption. |
70 | 112 | /// </summary>
|
71 | 113 | public string Enc
|
72 | 114 | {
|
73 |
| - get; |
74 |
| - private set; |
| 115 | + get => _enc; |
| 116 | + private set => _enc = string.IsNullOrEmpty(value) ? throw LogHelper.LogArgumentNullException("enc") : value; |
75 | 117 | }
|
76 | 118 |
|
77 | 119 | /// <summary>
|
78 |
| - /// Users can override the default <see cref="CryptoProviderFactory"/> with this property. This factory will be used for creating encryition providers. |
| 120 | + /// Users can override the default <see cref="CryptoProviderFactory"/> with this property. This factory will be used for creating encryption providers. |
79 | 121 | /// </summary>
|
80 | 122 | public CryptoProviderFactory CryptoProviderFactory { get; set; }
|
81 | 123 |
|
82 | 124 | /// <summary>
|
83 |
| - /// Gets the <see cref="SecurityKey"/> which used for signature valdiation. |
| 125 | + /// Gets the <see cref="SecurityKey"/> which used for signature validation. |
84 | 126 | /// </summary>
|
85 | 127 | public SecurityKey Key
|
86 | 128 | {
|
87 |
| - get; |
88 |
| - private set; |
| 129 | + get => _key; |
| 130 | + private set => _key = value ?? throw LogHelper.LogArgumentNullException("key"); |
89 | 131 | }
|
90 | 132 | }
|
91 | 133 | }
|
0 commit comments