Microsoft.IdentityModel.Tokens
This adapter abstracts the 'RSA' differences between versions of .Net targets.
Calls and
Base class for a Security Key that contains Asymmetric key material.
Default constructor
This must be overridden to get a bool indicating if a private key exists.
true if it has a private key; otherwise, false.
Gets the status of the private key.
'Exists' if private key exists for sure; 'DoesNotExist' if private key doesn't exist for sure; 'Unknown' if we cannot determine.
Enum for the existence of private key
private key exists for sure
private key doesn't exist for sure
unable to determine the existence of private key
Provides signature and verification operations for Asymmetric Algorithms using a .
Mapping from algorithm to minimum .KeySize when creating signatures.
Mapping from algorithm to minimum .KeySize when verifying signatures.
Initializes a new instance of the class used to create and verify signatures.
The that will be used for signature operations.
The signature algorithm to apply.
Initializes a new instance of the class used to create and verify signatures.
The that will be used for signature operations.
The signature algorithm to apply.
If this is required to create signatures then set this to true.
Creating signatures requires that the has access to a private key.
Verifying signatures (the default), does not require access to the private key.
is null.
is null or empty.
is true and there is no private key.
If and algorithm pair are not supported.
willCreateSignatures is true and .KeySize is less than the size corresponding to the given algorithm in .
.KeySize is less than the size corresponding to the algorithm in . Note: this is always checked.
If the runtime is unable to create a suitable cryptographic provider.
Gets the mapping from algorithm to the minimum .KeySize for creating signatures.
Gets the mapping from algorithm to the minimum .KeySize for verifying signatures.
Creating a Signature requires the use of a .
This method returns the
that describes the to use when generating a Signature.
The SignatureAlgorithm in use.
The to use.
if is null or whitespace.
if is not supported.
Produces a signature over the 'input' using the and algorithm passed to .
The bytes to be signed.
A signature over the input.
if is null.
if .Length == 0.
If has been called.
Sign is thread safe.
Validates that an asymmetric key size is of sufficient size for a SignatureAlgorithm.
The asymmetric key to validate.
Algorithm for which this key will be used.
Whether they key will be used for creating signatures.
if is null.
if is null or empty.
if .KeySize is less than the minimum
acceptable size.
for minimum signing sizes.
for minimum verifying sizes.
Verifies that the over using the
and specified by this
are consistent.
The bytes to generate the signature over.
The value to verify against.
true if signature matches, false otherwise.
is null or has length == 0.
is null or has length == 0.
If has been called.
Verify is thread safe.
Calls to release managed resources.
true, if called from Dispose(), false, if invoked inside a finalizer.
Encodes and Decodes strings as Base64Url encoding.
The following functions perform base64url encoding which differs from regular base64 encoding as follows
* padding is skipped so the pad character '=' doesn't have to be percent encoded
* the 62nd and 63rd regular base64 encoding characters ('+' and '/') are replace with ('-' and '_')
The changes make the encoding alphabet file and URL safe.
string to encode.
Base64Url encoding of the UTF8 bytes.
Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
the subset as an offset in the input array, and the number of elements in the array to convert.
An array of 8-bit unsigned integers.
An offset in inArray.
The number of elements of inArray to convert.
The string representation in base 64 url encodingof length elements of inArray, starting at position offset.
'inArray' is null.
offset or length is negative OR offset plus length is greater than the length of inArray.
Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
the subset as an offset in the input array, and the number of elements in the array to convert.
An array of 8-bit unsigned integers.
The string representation in base 64 url encodingof length elements of inArray, starting at position offset.
'inArray' is null.
offset or length is negative OR offset plus length is greater than the length of inArray.
Converts the specified string, which encodes binary data as base-64-url digits, to an equivalent 8-bit unsigned integer array.
base64Url encoded string.
UTF8 bytes.
Decodes the string from Base64UrlEncoded to UTF8.
string to decode.
UTF8 string.
Constants for compression algorithms.
Compression provider factory for compression and decompression.
Static constructor that initializes the default .
Default constructor for .
Constructor that creates a deep copy of given object.
to copy from.
Returns the default instance.
Extensibility point for custom compression support application wide.
Answers if an algorithm is supported.
the name of the crypto algorithm.
true if the algorithm is supported, false otherwise.
Returns a for a specific algorithm.
the decompression algorithm.
a .
Definition of cache for crypto providers
Returns the cache key to use when looking up an entry into the cache for a
the to create the key for.
the cache key to use for finding a .
Returns the 'key' that will be used to find a crypto provider in this cache.
the key that is used to by the crypto provider.
the algorithm that is used by the crypto provider.
the typeof the crypto provider obtained by calling object.GetType().
the cache key to use for finding a crypto provider.
Trys to adds a to this cache.
to cache.
true if the was added, false if the cache already contained the
Trys to find a in this cache.
the key that is used to by the crypto provider.
the algorithm that is used by the crypto provider.
the typeof the crypto provider obtained by calling object.GetType().
a bool to indicate if the will be used to sign.
the if found.
true if a was found, false otherwise.
Trys to remove a from this cache.
to remove.
true if the was removed, false if the was not found.
Creates cryptographic operators by specifying a 's and algorithms.
Returns the default instance.
Gets or sets the default value for caching
Static constructor that initializes the default .
Default constructor for .
Constructor that creates a deep copy of given object.
to copy from.
Gets the
Extensibility point for creating custom cryptographic operators.
By default, if set, will be called before creating cryptographic operators.
If true is returned, then will be called. The will throw if the
Cryptographic operator returned is not of the correct type.
Gets or sets a bool controlling if should be cached.
Creates an instance of for a specific <SecurityKey, Algorithm>.
the to use.
the algorithm to use.
an instance of
'key' is null.
'algorithm' is null or empty.
'key' is not a .
'algorithm, key' pair is not supported.
Creates an instance of for a specific <SecurityKey, Algorithm>.
the to use.
the algorithm to use.
an instance of
'key' is null.
'algorithm' is null or empty.
If and algorithm pair are not supported.
When finished with the call .
Creates an instance of for a specific <SecurityKey, Algorithm>.
the to use.
the algorithm to use.
an instance of
'key' is null.
'algorithm' is null or empty.
If and algorithm pair are not supported.
When finished with the call .
Creates a that supports the and algorithm.
The to use for signing.
The algorithm to use for signing.
'key' is null.
'algorithm' is null or empty.
' is too small.
is too small.
is not a or a .
AsymmetricSignatureProviders require access to a PrivateKey for Signing.
When finished with the call .
Returns a instance supports the and algorithm.
The to use for signing.
The algorithm to use for verifying.
'key' is null.
'algorithm' is null or empty.
is too small.
is too small.
' is not a or a .
When finished with the call .
Returns a for a specific algorithm.
the name of the hash algorithm to create.
A
When finished with the call .
'algorithm' is null or empty.
'algorithm' is not supported.
Returns a for a specific algorithm.
the name of the hash algorithm to create.
A
When finished with the call .
'algorithm' is null or empty.
'algorithm' is not supported.
Returns a for a specific algorithm.
the keyed hash algorithm to create.
bytes to use to create the Keyed Hash
A
When finished with the call .
'algorithm' is null or empty.
'algorithm' is not supported.
Answers if an algorithm is supported
the name of the cryptographic algorithm
Checks if an 'algorithm, key' pair is supported.
the algorithm to check.
the .
true if 'algorithm, key' pair is supported.
When finished with a call this method for cleanup. The default behavior is to call
to be released.
When finished with a call this method for cleanup."/>
to be released.
When finished with a call this method for cleanup."/>
to be released.
When finished with a call this method for cleanup. The default behavior is to call
to be released.
Helper class for adding DateTimes and Timespans.
Add a DateTime and a TimeSpan.
The maximum time is DateTime.MaxTime. It is not an error if time + timespan > MaxTime.
Just return MaxTime.
Initial value.
to add.
as the sum of time and timespan.
Gets the Maximum value for a DateTime specifying kind.
DateTimeKind to use.
DateTime of specified kind.
Gets the Minimum value for a DateTime specifying kind.
DateTimeKind to use.
DateTime of specified kind.
Ensures that DataTime is UTC.
to convert.
Ensures that DateTime is UTC.
to convert.
A compression provider that supports compression and decompression using the algorithm.
Initializes a new instance of the class used to compress and decompress used the algorithm.
Initializes a new instance of the class used to compress and decompress used the algorithm.
The compression level to use when compressing.
Gets the compression algorithm.
Specifies whether compression should emphasize speed or compression size.
Set to by default.
Decompress the value using DEFLATE algorithm.
the bytes to decompress.
the decompressed bytes.
Compress the value using the DEFLATE algorithm.
the bytes to compress.
the compressed bytes.
Answers if a compression algorithm is supported.
the name of the compression algorithm.
true if the compression algorithm is supported, false otherwise.
This adapter abstracts the differences between versions of .Net targets.
Initializes a new instance of the class.
creation is not supported by NETSTANDARD1.4, when running on platforms other than Windows.
For more details, see https://aka.ms/IdentityModel/create-ecdsa.
Creates an ECDsa object using the and .
Creates an ECDsa object using the and .
'ECParameters' structure is available in .NET Framework 4.7+, .NET Standard 1.6+, and .NET Core 1.0+.
This method is supported only on Windows as other platforms don't support operations with .
Returns the size of key in bytes
Represents ecdsa curve -P256, P384, P521
Size of the key in bytes
Returns the size of key in bits.
Represents ecdsa curve -P256, P384, P512
Size of the key in bits.
Magic numbers identifying ECDSA blob types
Returns the magic value representing the curve corresponding to the curve id.
Represents ecdsa curve -P256, P384, P512
Whether the provider will create signatures or not
Uint representing the magic number
Tests if user's runtime platform supports operations using .
True if operations using are supported on user's runtime platform, false otherwise.
Represents a ECDsa security key.
Returns a new instance of .
instance used to initialize the key.
Gets a bool indicating if a private key exists.
true if it has a private key; otherwise, false.
Gets an enum indicating if a private key exists.
'Exists' if private key exists for sure; 'DoesNotExist' if private key doesn't exist for sure; 'Unknown' if we cannot determine.
Gets key size.
A class for properties that are used for token encryption.
Initializes a new instance of the class.
.
A key wrap algorithm to use when encrypting a session key.
Data encryption algorithm to apply.
if 'certificate' is null.
if 'alg' is null or empty.
if 'enc' is null or empty.
Initializes a new instance of the class.
to use when encrypting a session key.
A key wrap algorithm to use when encrypting a session key.
Data encryption algorithm to apply.
if 'key' is null.
if 'alg' is null or empty.
if 'enc' is null or empty.
Initializes a new instance of the class.
Used in scenarios when a key represents a 'shared' symmetric key.
For example, SAML 2.0 Assertion will be encrypted using a provided symmetric key
which won't be serialized to a SAML token.
to apply.
Data encryption algorithm to apply.
If the is not a .
if 'enc' is null or empty.
Gets the key wrap algorithm used for session key encryption.
Gets the data encryption algorithm.
Users can override the default with this property. This factory will be used for creating encryption providers.
Gets the used for encryption.
Provides authenticated encryption and decryption services.
Initializes a new instance of the class used for encryption and decryption.
The that will be used for crypto operations.
The encryption algorithm to apply.
'key' is null.
'algorithm' is null or whitespace.
key size is not large enough.
'algorithm' is not supported.
a symmetricSignatureProvider is not created.
Gets the encryption algorithm that is being used.
Gets or sets a user context for a .
This is null by default. This can be used by applications for extensibility scenarios.
Gets the that is being used.
Encrypts the 'plaintext'
the data to be encrypted.
will be combined with iv and ciphertext to create an authenticationtag.
containing ciphertext, iv, authenticationtag.
plaintext is null or empty.
authenticationData is null or empty.
AES crypto operation threw. See inner exception for details.
Encrypts the 'plaintext'
the data to be encrypted.
will be combined with iv and ciphertext to create an authenticationtag.
initialization vector for encryption.
containing ciphertext, iv, authenticationtag.
is null or empty.
is null or empty.
AES crypto operation threw. See inner exception for details.
Decrypts ciphertext into plaintext
the encrypted text to decrypt.
the authenticateData that is used in verification.
the initialization vector used when creating the ciphertext.
the authenticationTag that was created during the encyption.
decrypted ciphertext
is null or empty.
is null or empty.
is null or empty.
is null or empty.
signature over authenticationTag fails to verify.
AES crypto operation threw. See inner exception.
Checks if an 'key, algorithm' pair is supported
the
the algorithm to check.
true if 'key, algorithm' pair is supported.
The algorithm parameter logically defines a HMAC algorithm.
This method returns the HMAC to use.
Called to obtain the byte[] needed to create a
that will be used to obtain the byte[].
[] that is used to populated the KeyedHashAlgorithm.
if is null.
if a byte[] can not be obtained from SecurityKey.
and are supported.
For a .Key is returned
For a Base64UrlEncoder.DecodeBytes is called with if == JsonWebAlgorithmsKeyTypes.Octet
Checks that the key has sufficient length
that contains bytes.
the algorithm to apply.
if is null.
if is null or empty.
if is not a supported algorithm.
Contains the results of operation.
Initializes a new
the used during
protected text.
the initialization vector used.
the bytes that need be passed to .
Gets the .
Gets the Ciphertext.
Gets the initialization vector.
Gets the authentication tag
Provides Wrap key and Unwrap key services.
Gets the KeyWrap algorithm that is being used.
Gets or sets a user context for a .
This is null by default. This can be used by runtimes or for extensibility scenarios.
Gets the that is being used.
Calls and
Can be over written in descendants to dispose of internal components.
true, if called from Dispose(), false, if invoked inside a finalizer
Unwrap a key.
key to unwrap.
Unwrapped key.
Wrap a key.
the key to be wrapped
wrapped key.
Provides RSA Wrap key and Unwrap key services.
Initializes a new instance of used for wrapping and un-wrappping keys.
These keys are usually symmetric session keys that are wrapped using the recipients public key.
The that will be used for cryptographic operations.
The KeyWrap algorithm to apply.
Whether this is required to un-wrap keys. If true, the private key is required.
'key' is null.
'algorithm' is null.
The key size doesn't match the algorithm.
If and algorithm pair are not supported.
Failed to create RSA algorithm with provided key and algorithm.
Gets the KeyWrap algorithm that is being used.
Gets or sets a user context for a .
This is null by default. This is for use by the application and not used by this SDK.
Gets the that is being used.
Disposes of internal components.
true, if called from Dispose(), false, if invoked inside a finalizer.
Checks if an algorithm is supported.
The that will be used for crypto operations.
The KeyWrap algorithm to apply.
true if the algorithm is supported; otherwise, false.
Unwrap a key using RSA decryption.
the bytes to unwrap.
Unwrapped key
'keyBytes' is null or length == 0.
If has been called.
Failed to unwrap the wrappedKey.
If the internal RSA algorithm is null.
Wrap a key using RSA encryption.
the key to be wrapped
A wrapped key
'keyBytes' is null or has length == 0.
If has been called.
Failed to wrap the 'keyBytes'.
If the internal RSA algorithm is null.
Provides Wrap key and Unwrap key services.
Initializes a new instance of the class used for wrap key and unwrap key.
The that will be used for crypto operations.
The KeyWrap algorithm to apply.
'key' is null.
'algorithm' is null.
If and algorithm pair are not supported.
The cannot be converted to byte array
The keysize doesn't match the algorithm.
Failed to create symmetric algorithm with provided key and algorithm.
Gets the KeyWrap algorithm that is being used.
Gets or sets a user context for a .
This is null by default. This can be used by runtimes or for extensibility scenarios.
Gets the that is being used.
Disposes of internal components.
true, if called from Dispose(), false, if invoked inside a finalizer.
Returns the .
The cannot be converted to byte array
The keysize doesn't match the algorithm.
Failed to create symmetric algorithm with provided key and algorithm.
Answers if an algorithm is supported
the
the algorithm to use
true if the algorithm is supported; otherwise, false.
Unwrap a key using Symmetric decryption.
bytes to unwrap
Unwraped key
'keyBytes' is null or length == 0.
'keyBytes' is not a multiple of 8.
If has been called.
Failed to unwrap the wrappedKey.
Wrap a key using Symmetric encryption.
the key to be wrapped
The wrapped key result
'keyBytes' is null or has length 0.
'keyBytes' is not a multiple of 8.
If has been called.
Failed to wrap 'keyBytes'.
Returns the absolute DateTime or the Seconds since Unix Epoch, where Epoch is UTC 1970-01-01T0:0:0Z.
DateTime as UTV for UnixEpoch
Per JWT spec:
Gets the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the desired date/time.
The DateTime to convert to seconds.
if dateTimeUtc less than UnixEpoch, return 0
the number of seconds since Unix Epoch.
Creates a DateTime from epoch time.
Number of seconds.
The DateTime in UTC.
Thrown when JWE compression fails.
Initializes a new instance of
Initializes a new instance of
Initializes a new instance of
Thrown when JWE decompression fails.
Initializes a new instance of
Initializes a new instance of
Initializes a new instance of
Represents a security token exception when decryption failed.
Initializes a new instance of the class.
Initializes a new instance of the class with a specified error message.
The error message that explains the reason for the exception.
Initializes a new instance of the class with a specified error message
and a reference to the inner exception that is the cause of this exception.
The error message that explains the reason for the exception.
The that is the cause of the current exception, or a null reference if no inner exception is specified.
Represents a security token exception when encryption failed.
Initializes a new instance of the class.
Initializes a new instance of the class with a specified error message.
The error message that explains the reason for the exception.
Initializes a new instance of the class with a specified error message
and a reference to the inner exception that is the cause of this exception.
The error message that explains the reason for the exception.
The that is the cause of the current exception, or a null reference if no inner exception is specified.
This exception is thrown when a security token contained a key identifier but the key was not found by the runtime
when decrypting a token.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Represents a security token exception.
Initializes a new instance of the class.
Initializes a new instance of the class with a specified error message.
The error message that explains the reason for the exception.
Initializes a new instance of the class with a specified error message
and a reference to the inner exception that is the cause of this exception.
The error message that explains the reason for the exception.
The that is the cause of the current exception, or a null reference if no inner exception is specified.
Throw this exception when a received Security Token has expiration time in the past.
Gets or sets the Expires value that created the validation exception.
Initializes a new instance of
Initializes a new instance of
Initializes a new instance of
This exception is thrown when 'audience' of a token was not valid.
Gets or sets the InvalidAudience that created the validation exception.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
This exception is thrown when 'issuer' of a token was not valid.
Gets or sets the InvalidIssuer that created the validation exception.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
This exception is thrown when 'lifetime' of a token was not valid.
Gets or sets the NotBefore value that created the validation exception.
Gets or sets the Expires value that created the validation exception.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
This exception is thrown when 'signature' of a token was not valid.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Throw this exception when a received Security Token has an invalid issuer signing key.
Gets or sets the SigningKey that was found invalid.
Initializes a new instance of
Initializes a new instance of
Initializes a new instance of
Represents a key wrap exception when encryption failed.
Initializes a new instance of the class.
Initializes a new instance of the class with a specified error message.
The error message that explains the reason for the exception.
Initializes a new instance of the class with a specified error message
and a reference to the inner exception that is the cause of this exception.
The error message that explains the reason for the exception.
The that is the cause of the current exception, or a null reference if no inner exception is specified.
This exception is thrown when a security is missing an ExpirationTime.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Throw this exception when a received Security token has an effective time
in the future.
Gets or sets the NotBefore value that created the validation exception.
Initializes a new instance of
Initializes a new instance of
Initializes a new instance of
This exception is thrown when an add to the TokenReplayCache fails.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Throw this exception when a received Security Token has been replayed.
Initializes a new instance of
Initializes a new instance of
Initializes a new instance of
This exception is thrown when a security token contained a key identifier but the key was not found by the runtime.
Initializes a new instance of the class.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
Initializes a new instance of the class.
Addtional information to be included in the exception and displayed to user.
A that represents the root cause of the exception.
Represents a security token validation exception.
Initializes a new instance of the class.
Initializes a new instance of the class with a specified error message.
The error message that explains the reason for the exception.
Initializes a new instance of the class with a specified error message
and a reference to the inner exception that is the cause of this exception.
The error message that explains the reason for the exception.
The that is the cause of the current exception, or a null reference if no inner exception is specified.
Compression provider interface.
Gets the compression algorithm.
Called to determine if an algorithm is supported.
the algorithm that defines the compression method.
true if supported
Decompress.
the value to decompress.
Compress.
the value to decompress.
Provides extensibility for cryptographic operators.
If custom operators are needed for then can be set to
return these operators. will be before each creation.
Called to determine if a cryptographic operation is supported.
the algorithm that defines the cryptographic operator.
the arguments required by the cryptographic operator. May be null.
true if supported
returns a cryptographic operator that supports the algorithm.
the algorithm that defines the cryptographic operator.
the arguments required by the cryptographic operator. May be null.
call when finished with the object.
called to release the object returned from
the object returned from .
Defines a cache for crypto providers.
Current support is limited to only.
Returns the cache key to use when looking up an entry into the cache for a
the to create the key for.
if signatureProvider is null.
the cache key to use for finding a .
Returns the 'key' that will be used to find a crypto provider in this cache.
the key that is used to by the crypto provider.
the algorithm that is used by the crypto provider.
the typeof the crypto provider obtained by calling object.GetType().
if securityKey is null.
if algorithm is null or empty string.
if typeofProvider is null or empty string.
the cache key to use for finding a crypto provider.
Trys to adds a to this cache.
to cache.
if signatureProvider is null.
true if the was added, false if the cache already contained the
if the is added will be set to 'this'.
Trys to find a to this cache.
the key that is used to by the crypto provider.
the algorithm that is used by the crypto provider.
the typeof the crypto provider obtained by calling object.GetType().
a bool to indicate if the will be used to sign.
the if found.
if securityKey is null.
if algorithm is null or empty string.
if typeofProvider is null or empty string.
true if a was found, false otherwise.
Trys to remove a from this cache.
to remove.
if signatureProvider is null.
true if the was removed, false if the was not found.
if the is removed will be set to null.
ISecurityTokenValidator
Returns true if the token can be read, false otherwise.
Returns true if a token can be validated.
Gets and sets the maximum size in bytes, that a will be processed.
Validates a token passed as a string using
Interface that defines a simple cache for tacking replaying of security tokens.
Try to add a securityToken.
the security token to add.
the time when security token expires.
true if the security token was successfully added.
Try to find securityToken
the security token to find.
true if the security token is found.
Constants for JsonWebAlgorithms "kty" Key Type (sec 6.1)
http://tools.ietf.org/html/rfc7518#section-6.1
Represents a JSON Web Key as defined in http://tools.ietf.org/html/rfc7517.
Returns a new instance of .
A string that contains JSON Web Key parameters in JSON format.
If 'json' is null or empty.
If 'json' fails to deserialize.
Initializes an new instance of .
Initializes an new instance of from a json string.
A string that contains JSON Web Key parameters in JSON format.
If 'json' is null or empty.
If 'json' fails to deserialize.
If this was converted to or from a SecurityKey, this field will be set.
When deserializing from JSON any properties that are not defined will be placed here.
Gets or sets the 'alg' (KeyType)..
Gets or sets the 'crv' (ECC - Curve)..
Gets or sets the 'd' (ECC - Private Key OR RSA - Private Exponent)..
Value is formated as: Base64urlUInt
Gets or sets the 'dp' (RSA - First Factor CRT Exponent)..
Value is formated as: Base64urlUInt
Gets or sets the 'dq' (RSA - Second Factor CRT Exponent)..
Value is formated as: Base64urlUInt
Gets or sets the 'e' (RSA - Exponent)..
Gets or sets the 'k' (Symmetric - Key Value)..
Base64urlEncoding
Gets the key id of this .
Gets the 'key_ops' (Key Operations)..
Gets or sets the 'kid' (Key ID)..
Gets or sets the 'kty' (Key Type)..
Gets or sets the 'n' (RSA - Modulus)..
Value is formated as: Base64urlEncoding
Gets or sets the 'oth' (RSA - Other Primes Info)..
Gets or sets the 'p' (RSA - First Prime Factor)..
Value is formated as: Base64urlUInt
Gets or sets the 'q' (RSA - Second Prime Factor)..
Value is formated as: Base64urlUInt
Gets or sets the 'qi' (RSA - First CRT Coefficient)..
Value is formated as: Base64urlUInt
Gets or sets the 'use' (Public Key Use)..
Gets or sets the 'x' (ECC - X Coordinate)..
Value is formated as: Base64urlEncoding
Gets the 'x5c' collection (X.509 Certificate Chain)..
Gets or sets the 'x5t' (X.509 Certificate SHA-1 thumbprint)..
Gets or sets the 'x5t#S256' (X.509 Certificate SHA-1 thumbprint)..
Gets or sets the 'x5u' (X.509 URL)..
Gets or sets the 'y' (ECC - Y Coordinate)..
Value is formated as: Base64urlEncoding
Gets the key size of .
Gets a bool indicating if a private key exists.
true if it has a private key; otherwise, false.
Gets a bool that determines if the 'key_ops' (Key Operations) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'key_ops' (Key Operations) is not empty; otherwise, false.
Gets a bool that determines if the 'x5c' collection (X.509 Certificate Chain) property should be serialized.
This is used by Json.NET in order to conditionally serialize properties.
true if 'x5c' collection (X.509 Certificate Chain) is not empty; otherwise, false.
Returns the formatted string: GetType(), Use: 'value', Kid: 'value', Kty: 'value', InternalId: 'value'.
string
Converts a into a
Supports: converting to a from one of: , , and .
Converts a into a
a to convert.
a
if is null.
if is not a supported type.
Supports: , and .
Converts a into a
a to convert.
a
if is null.
Converts a into a
a to convert.
a
if is null.
Converts a into a
a to convert.
a
if is null.
Constants for JsonWebKey Elliptical Curve Types
https://tools.ietf.org/html/rfc7518#section-6.2.1.1
Names for Json Web Key Values
Contains a collection of that can be populated from a json string.
provides support for http://tools.ietf.org/html/rfc7517.
Returns a new instance of .
a string that contains JSON Web Key parameters in JSON format.
If 'json' is null or empty.
If 'json' fails to deserialize.
Initializes an new instance of .
Initializes an new instance of from a json string.
a json string containing values.
If 'json' is null or empty.
If 'json' fails to deserialize.
Initializes an new instance of from a json string.
a json string containing values.
jsonSerializerSettings
If 'json' is null or empty.
If 'json' fails to deserialize.
When deserializing from JSON any properties that are not defined will be placed here.
Gets the .
Default value for the flag that controls whether unresolved JsonWebKeys will be included in the resulting collection of method.
Flag that controls whether unresolved JsonWebKeys will be included in the resulting collection of method.
Returns the JsonWebKeys as a .
To include unresolved JsonWebKeys in the resulting collection, set to false.
Names for Json Web Key Set Values
Constants for JsonWebKeyUse (sec 4.2)
http://tools.ietf.org/html/rfc7517#section-4
Log messages and codes
The purpose of this class is to ensure that we obtain an RsaCryptoServiceProvider that supports SHA-256 signatures.
If the original RsaCryptoServiceProvider doesn't support SHA-256, we create a new one using the same KeyContainer.
There is no support for and on non-Windows platforms which makes a Windows-specific class.
Gets the SignatureAlgorithm
Gets the KeyExchangeAlgorithm
Initializes an new instance of .
if is null.
Decrypts data with the System.Security.Cryptography.RSA algorithm.
The data to be decrypted.
true to perform direct System.Security.Cryptography.RSA decryption using OAEP padding
(only available on a computer running Microsoft Windows XP or later) otherwise, false to use PKCS#1 v1.5 padding.
decrypted bytes.
if is null or has Length == 0.
Decrypts the input.
the bytes to decrypt.
decrypted bytes
if is null or Length == 0.
Encrypts data with the System.Security.Cryptography.RSA algorithm.
The data to be encrypted.
true to perform direct System.Security.Cryptography.RSA encryption using OAEP padding (only available on a computer running Microsoft Windows XP or later);
otherwise, false to use PKCS#1 v1.5 padding.
encrypted bytes.
if is null or has Length == 0.
Encrypts the input.
the bytes to encrypt.
encrypted bytes.
if is null or Length == 0.
Computes the hash value of the specified byte array using the specified hash algorithm, and signs the resulting hash value.
The input byte array for which to compute the hash.
The hash algorithm to use to create the hash value.
The Signature for the specified data.
if is null or Length == 0.
if is null.
Verifies that a digital signature is valid by determining the hash value in the signature using the provided public key and comparing it to the hash value of the provided data.
The input byte array.
The hash algorithm to use to create the hash value.
The signature byte array to be verified.
true if the signature is valid; otherwise, false.
if is null or Length == 0.
if is null.
if is null or Length == 0.
Exports rsa parameters as
flag to control is private parameters are included.
Imports rsa parameters as
to import.
Calls to release managed resources.
true, if called from Dispose(), false, if invoked inside a finalizer.
Represents a Rsa security key.
Initializes a new instance of the class.
Initializes a new instance of the class.
Gets a bool indicating if a private key exists.
true if it has a private key; otherwise, false.
Gets an enum indicating if a private key exists.
'Exists' if private key exists for sure; 'DoesNotExist' if private key doesn't exist for sure; 'Unknown' if we cannot determine.
Gets RSA key size.
used to initialize the key.
instance used to initialize the key.
Constants for Security Algorithm.
Base class for Security Key.
Default constructor
This must be overridden to get the size of this .
Gets the key id of this .
Gets or sets .
Returns the formatted string: GetType(), KeyId: 'value', InternalId: 'value'.
string
Contains information about the keys inside the tokens.
Base class for security token.
This must be overridden to get the Id of this .
This must be overridden to get the issuer of this .
This must be overridden to get the .
This must be overridden to get or set the that signed this instance.
.ValidateToken(...) can this value when a is used to successfully validate a signature.
This must be overridden to get the time when this was Valid.
This must be overridden to get the time when this is no longer Valid.
Contains some information which used to create a security token.
Gets or sets the value of the 'audience' claim.
Defines the compression algorithm that will be used to compress the JWT token payload.
Gets or sets the used to create a encrypted security token.
Gets or sets the value of the 'expiration' claim.
Gets or sets the issuer of this .
Gets or sets the time the security token was issued.
Gets or sets the notbefore time for the security token.
Gets or sets the which represents the claims that will be used when creating a security token.
Gets or sets the used to create a security token.
Gets or sets the .
Defines the interface for a Security Token Handler.
Creates an instance of
Returns .
true if attached; otherwise, false.
Returns .
Gets a value indicating whether this handler supports validation of tokens
handled by this instance.
v
'True' if the instance is capable of SecurityToken
validation.
Gets a value indicating whether the class provides serialization functionality to serialize token handled
by this instance.
true if the WriteToken method can serialize this token.
This must be overridden to get the System.Type of the SecurityToken this instance handles.
Indicates whether the is positioned at an element that can be read.
An reader positioned at a start element. The reader should not be advanced.
'true' if the token can be read.
Indicates whether the current token string can be read as a token
of the type handled by this instance.
The token string thats needs to be read.
'True' if the ReadToken method can parse the token string.
Deserializes from string a token of the type handled by this instance.
The string to be deserialized.
SecurityToken instance which represents the serialized token.
Gets security token.
.
SecurityToken instance which represents the serialized token.
Serializes to string a token of the type handled by this instance.
A token of type TokenType.
The serialized token.
This must be overridden to serialize to XML a token of the type handled by this instance.
The XML writer.
A token of type .
This must be overridden to deserialize token with the provided .
.
the current .
SecurityToken instance which represents the serialized token.
This must be overridden to validate a token passed as a string using
A token of type .
the current .
The token of type that was validated.
Reads and validates a token using a xmlReader and
A pointing at the start element of the token.
Contains data and information needed for validation.
The that was validated.
Provides signature services, signing and verifying.
Initializes a new instance of the class used to create and verify signatures.
The that will be used for signature operations.
The signature algorithm to apply.
is null.
is null or empty.
Gets the signature algorithm.
Gets or sets a user context for a .
This is null by default. This is for use by the application and not used by this SDK.
Gets or sets the that is associated with this
Calls and
Can be over written in descendants to dispose of internal components.
true, if called from Dispose(), false, if invoked inside a finalizer
Gets the .
This must be overridden to produce a signature over the 'input'.
bytes to sign.
signed bytes
Verifies that the over using the
and specified by this
are consistent.
the bytes that were signed.
signature to compare against.
true if the computed signature matches the signature parameter, false otherwise.
Gets or sets a bool indicating if this is expected to create signatures.
Defines the , algorithm and digest for digital signatures.
Initializes a new instance of the class.
that will be used for signing.
Algorithm will be set to .
the 'digest method' if needed may be implied from the algorithm. For example implies Sha256.
if 'key' is null.
if 'algorithm' is null or empty.
Initializes a new instance of the class.
that will be used for signing.
The signature algorithm to apply.
the 'digest method' if needed may be implied from the algorithm. For example implies Sha256.
if 'certificate' is null.
if 'algorithm' is null or empty.
Initializes a new instance of the class.
.
The signature algorithm to apply.
the 'digest method' if needed may be implied from the algorithm. For example implies Sha256.
if 'key' is null.
if 'algorithm' is null or empty.
Initializes a new instance of the class.
.
The signature algorithm to apply.
The digest algorithm to apply.
if 'key' is null.
if 'algorithm' is null or empty.
if 'digest' is null or empty.
Gets the signature algorithm.
if 'value' is null or empty.
Gets the digest algorithm.
Users can override the default with this property. This factory will be used for creating signature providers.
This will have precedence over
Gets the used for signature creation or validation.
Gets the key id associated with .
Defines the default set of algorithms this library supports
Checks if an 'algorithm, key' pair is supported.
the algorithm to check.
the .
true if 'algorithm, key' pair is supported.
Represents a symmetric security key.
Returns a new instance of instance.
The byte array of the key.
Gets the key size.
Gets the byte array of the key.
Provides signing and verifying operations using a and specifying an algorithm.
This is the minimum .KeySize when creating and verifying signatures.
Initializes a new instance of the class that uses an to create and / or verify signatures over a array of bytes.
The that will be used for signature operations.
The signature algorithm to use.
'key' is null.
'algorithm' is null or empty.
If and algorithm pair are not supported.
'.KeySize' is smaller than .
Initializes a new instance of the class that uses an to create and / or verify signatures over a array of bytes.
The that will be used for signature operations.
The signature algorithm to use.
indicates if this will be used to create signatures.
'key' is null.
'algorithm' is null or empty.
If and algorithm pair are not supported.
'.KeySize' is smaller than .
Gets or sets the minimum .KeySize"/>.
'value' is smaller than .
Called to obtain the byte[] needed to create a
that will be used to obtain the byte[].
[] that is used to populated the KeyedHashAlgorithm.
if key is null.
if a byte[] can not be obtained from SecurityKey.
and are supported.
For a .Key is returned
For a Base64UrlEncoder.DecodeBytes is called with if == JsonWebAlgorithmsKeyTypes.Octet
Returns the .
The hash algorithm to use to create the hash value.
The byte array of the key.
Gets the for this .
Produces a signature over the 'input' using the and 'algorithm' passed to .
The bytes to sign.
Signed bytes
'input' is null.
'input.Length' == 0.
has been called.
is null. This can occur if a derived type deletes it or does not create it.
Sign is thread safe.
Verifies that a signature created over the 'input' matches the signature. Using and 'algorithm' passed to .
The bytes to verify.
signature to compare against.
true if computed signature matches the signature parameter, false otherwise.
'input' is null.
'signature' is null.
'input.Length' == 0.
'signature.Length' == 0.
has been called.
If the internal is null. This can occur if a derived type deletes it or does not create it.
Verify is thread safe.
Verifies that a signature created over the 'input' matches the signature. Using and 'algorithm' passed to .
The bytes to verify.
signature to compare against.
number of bytes of signature to use.
true if computed signature matches the signature parameter, false otherwise.
'input' is null.
'signature' is null.
'input.Length' == 0.
'signature.Length' == 0.
'length < 1'
has been called.
If the internal is null. This can occur if a derived type deletes it or does not create it.
Disposes of internal components.
true, if called from Dispose(), false, if invoked inside a finalizer.
An opaque context used to store work when working with authentication artifacts.
Instantiates a new with a default activityId.
Instantiates a new with an activityId.
Gets or set a that will be used in the call to EventSource.SetCurrentThreadActivityId before logging.
Gets or sets a boolean controlling if logs are written into the context.
Useful when debugging.
The collection of logs associated with a request. Use to control capture.
Defines properties shared across all security token handlers.
Default lifetime of tokens created. When creating tokens, if 'expires' and 'notbefore' are both null,
then a default will be set to: expires = DateTime.UtcNow, notbefore = DateTime.UtcNow + TimeSpan.FromMinutes(TokenLifetimeInMinutes).
Gets and sets the maximum token size in bytes that will be processed.
'value' less than 1.
Gets or sets a bool that controls if token creation will set default 'exp', 'nbf' and 'iat' if not specified.
See: for configuration.
Gets or sets the token lifetime in minutes.
Used during token creation to set the default expiration ('exp').
'value' less than 1.
Definition for AudienceValidator.
The audiences found in the .
The being validated.
required for validation.
true if the audience is considered valid.
Definition for IssuerSigningKeyResolver.
The representation of the token that is being validated.
The that is being validated. It may be null.
A key identifier. It may be null.
required for validation.
A to use when validating a signature.
Definition for IssuerSigningKeyValidator.
The that signed the .
The being validated.
required for validation.
Definition for IssuerValidator.
The issuer to validate.
The that is being validated.
required for validation.
The issuer to use when creating the "Claim"(s) in a "ClaimsIdentity".
The delegate should return a non null string that represents the 'issuer'. If null a default value will be used.
Definition for LifetimeValidator.
The 'notBefore' time found in the .
The 'expiration' time found in the .
The being validated.
required for validation.
Definition for TokenReplayValidator.
The 'expiration' time found in the .
The being validated.
required for validation.
Definition for SignatureValidator.
A securityToken with a signature.
required for validation.
Definition for TokenReader.
A securityToken with a signature.
required for validation.
Definition for TokenDecryptionKeyResolver.
The representation of the token to be decrypted.
The to be decrypted. The runtime by default passes null.
A key identifier. It may be null.
required for validation.
A to use when decrypting the token.
Contains a set of parameters that are used by a when validating a .
This is the fallback authenticationtype that a will use if nothing is set.
Default for the clock skew.
300 seconds (5 minutes).
Default for the maximm token size.
250 KB (kilobytes).
Copy constructor for .
Initializes a new instance of the class.
Gets or sets .
Gets or sets a delegate that will be used to validate the audience.
If set, this delegate will be called to validate the 'audience' instead of normal processing.
If is false, this delegate will not be called.
Gets or sets a delegate that will be used to read the token.
If set, this delegate will be called to read the token instead of normal processing.
Gets or sets the AuthenticationType when creating a .
If 'value' is null or whitespace.
Gets or sets the clock skew to apply when validating a time.
If 'value' is less than 0.
Returns a new instance of with values copied from this object.
A new object copied from this object
This is a shallow Clone.
Creates a using:
'NameClaimType': If NameClaimTypeRetriever is set, call delegate, else call NameClaimType. If the result is a null or empty string, use .
'RoleClaimType': If RoleClaimTypeRetriever is set, call delegate, else call RoleClaimType. If the result is a null or empty string, use .
A with Authentication, NameClaimType and RoleClaimType set.
Users can override the default with this property. This factory will be used for creating signature providers.
Gets or sets the that is to be used for decryption.
Gets or sets a delegate that will be called to retreive a used for decryption.
This will be used to decrypt the token. This can be helpful when the does not contain a key identifier.
Gets or sets a delegate for validating the that signed the token.
If set, this delegate will be called to validate the that signed the token, instead of normal processing.
Gets or sets the that is to be used for signature validation.
Gets or sets a delegate that will be called to retrieve a used for signature validation.
This will be used to check the signature. This can be helpful when the does not contain a key identifier.
Gets or sets an used for signature validation.
Gets or sets a delegate that will be used to validate the issuer of the token.
If set, this delegate will be called to validate the 'issuer' of the token, instead of normal processing.
If is false, this delegate will not be called.
Gets or sets a delegate that will be used to validate the lifetime of the token
If set, this delegate will be called to validate the lifetime of the token, instead of normal processing.
If is false, this delegate will not be called.
Gets or sets a delegate that will be used to validate the token replay of the token
If set, this delegate will be called to validate the token replay of the token, instead of normal processing.
If is false, this delegate will not be called.
Gets or sets a that defines the .
Controls the value returns. It will return the first where the equals .
Gets or sets the that defines the .
Controls the results of .
Each where == will be checked for a match against the 'string' passed to .
Gets or sets a delegate that will be called to obtain the NameClaimType to use when creating a ClaimsIdentity
after validating a token.
Gets or sets the that contains a collection of custom key/value pairs. This allows addition of parameters that could be used in custom token validation scenarios.
Gets or sets a value indicating whether SAML tokens must have at least one AudienceRestriction.
Gets or sets a value indicating whether tokens must have an 'expiration' value.
Gets or sets a value indicating whether a can be considered valid if not signed.
Gets or sets a delegate that will be called to obtain the RoleClaimType to use when creating a ClaimsIdentity
after validating a token.
Gets or sets a boolean to control if the original token should be saved after the security token is validated.
The runtime will consult this value and save the original token that was validated.
Gets or sets a delegate that will be used to validate the signature of the token.
If set, this delegate will be called to signature of the token, instead of normal processing.
Gets or sets the that is to be used for decrypting inbound tokens.
Gets or set the that store tokens that can be checked to help detect token replay.
If set, then tokens must have an expiration time or the runtime will fault.
Gets or sets a value indicating if an actor token is detected, whether it should be validated.
Gets or sets a boolean to control if the audience will be validated during token validation.
Validation of the audience, mitigates forwarding attacks. For example, a site that receives a token, could not replay it to another side.
A forwarded token would contain the audience of the original site.
Gets or sets a boolean to control if the issuer will be validated during token validation.
Validation of the issuer mitigates forwarding attacks that can occur when an
IdentityProvider represents multiple tenants and signs tokens with the same keys.
It is possible that a token issued for the same audience could be from a different tenant. For example an application could accept users from
contoso.onmicrosoft.com but not fabrikam.onmicrosoft.com, both valid tenants. A application that accepts tokens from fabrikam could forward them
to the application that accepts tokens for contoso.
Gets or sets a boolean to control if the lifetime will be validated during token validation.
Gets or sets a boolean that controls if validation of the that signed the securityToken is called.
It is possible for tokens to contain the public key needed to check the signature. For example, X509Data can be hydrated into an X509Certificate,
which can be used to validate the signature. In these cases it is important to validate the SigningKey that was used to validate the signature.
Gets or sets a boolean to control if the token replay will be validated during token validation.
Gets or sets a string that represents a valid audience that will be used to check against the token's audience.
Gets or sets the that contains valid audiences that will be used to check against the token's audience.
Gets or sets a that represents a valid issuer that will be used to check against the token's issuer.
Gets or sets the that contains valid issuers that will be used to check against the token's issuer.
Generates unique IDs.
Creates a unique ID suitable for use in an xml:id field. The value is
not hard to guess but is unique.
The unique ID.
Creates a unique ID similar to that created by CreateNonRandomId,
but instead of an underscore, the supplied prefix is used.
The prefix to use.
The unique ID, with the given prefix.
Creates a unique, random ID suitable for use in an xml:id field. The
value is hard to guess and unique.
The unique ID.
Creates a unique, random ID similar to that created by CreateRandomId,
but instead of an underscore, the supplied prefix is used.
The prefix to use.
The random URI.
Creates a unique, random ID suitable for use as a URI. The value is
hard to guess and unique. The URI is in the urn:uuid: namespace.
The random URI.
Contains some utility methods.
A string with "empty" value.
A string with "null" value.
Creates a copy of the byte array.
The resource array.
A copy of the byte array.
Serializes the list of strings into string as follows:
'str1','str2','str3' ...
The strings used to build a comma delimited string.
The single .
Returns whether the input string is https.
The input string.
true if the input string is https; otherwise, false.
Returns whether the input uri is https.
.
true if the input uri is https; otherwise, false.
Compares two byte arrays for equality. Hash size is fixed normally it is 32 bytes.
The attempt here is to take the same time if an attacker shortens the signature OR changes some of the signed contents.
One set of bytes to compare.
The other set of bytes to compare with.
true if the bytes are equal, false otherwise.
Compares two byte arrays for equality. Hash size is fixed normally it is 32 bytes.
The attempt here is to take the same time if an attacker shortens the signature OR changes some of the signed contents.
One set of bytes to compare.
The other set of bytes to compare with.
length of array to check
true if the bytes are equal, false otherwise.
AudienceValidator
Determines if the audiences found in a are valid.
The audiences found in the .
The being validated.
required for validation.
If 'vaidationParameters' is null.
If 'audiences' is null and is true.
If is null or whitespace and is null.
If none of the 'audiences' matched either or one of .
An EXACT match is required.
Determines if an issuer found in a is valid.
The issuer to validate
The that is being validated.
required for validation.
The issuer to use when creating the "Claim"(s) in a "ClaimsIdentity".
If 'vaidationParameters' is null.
If 'issuer' is null or whitespace and is true.
If is null or whitespace and is null.
If 'issuer' failed to matched either or one of .
An EXACT match is required.
Validates the that signed a .
The that signed the .
The being validated.
required for validation.
if 'securityKey' is null and ValidateIssuerSigningKey is true.
if 'securityToken' is null and ValidateIssuerSigningKey is true.
if 'vaidationParameters' is null.
Validates the lifetime of a .
The 'notBefore' time found in the .
The 'expiration' time found in the .
The being validated.
required for validation.
If 'vaidationParameters' is null.
If 'expires.HasValue' is false and is true.
If 'notBefore' is > 'expires'.
If 'notBefore' is > DateTime.UtcNow.
If 'expires' is < DateTime.UtcNow.
All time comparisons apply .
Validates if a token has been replayed.
When does the security token expire.
The being validated.
required for validation.
If 'securityToken' is null or whitespace.
If 'validationParameters' is null or whitespace.
If is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.
If the 'securityToken' is found in the cache.
If the 'securityToken' could not be added to the .
Validates if a token has been replayed.
The being validated.
When does the security token expire.
required for validation.
If 'securityToken' is null or whitespace.
If 'validationParameters' is null or whitespace.
If is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.
If the 'securityToken' is found in the cache.
If the 'securityToken' could not be added to the .
An designed to construct based on a x509 certificate.
Designed to construct based on a x509 certificate.
A
will be used as the key wrap algorithm
will be used as the data encryption algorithm
if 'certificate' is null.
Designed to construct based on the x509 certificate, a key wrap algorithm, and data encryption algorithm.
A
A key wrap algorithm
Data encryption algorithm
if 'certificate' is null.
if 'keyWrapAlgorithm' is null or empty.
if 'dataEncryptionAlgorithm' is null or empty.
Gets the used by this instance.
An that is backed by a
Instantiates a using a
The to use.
if is null.
Instantiates a using a .
The to use.
The value to set for the KeyId
if is null.
if is null or empty.
Gets the key size.
Gets the X5t of this .
Returns the private key from the .
Gets the public key from the .
Gets a bool indicating if a private key exists.
true if it has a private key; otherwise, false.
Gets an enum indicating if a private key exists.
'Exists' if private key exists for sure; 'DoesNotExist' if private key doesn't exist for sure; 'Unknown' if we cannot determine.
Gets the .
Returns a bool indicating if this key is equivalent to another key.
true if the keys are equal; otherwise, false.
Returns an int hash code.
An int hash code
Defines the , algorithm and digest for digital signatures.
Initializes a new instance of the class.
that will be used for signing.
Algorithm will be set to .
the 'digest method' if needed may be implied from the algorithm. For example implies Sha256.
if 'certificate' is null.
Initializes a new instance of the class.
A that will be used for signing.
The signature algorithm to apply.
the 'digest method' if needed may be implied from the algorithm. For example implies Sha256.
if 'certificate' is null.
if 'algorithm' is null or empty.
Gets the used by this instance.