internal async Task <IEnumerable <RsaKeyContainer> > GetKeysFromStoreAsync(bool cache = true)
{
var protectedKeys = await _store.LoadKeysAsync();
if (protectedKeys != null && protectedKeys.Any())
{
var keys = protectedKeys.Select(x =>
{
try
{
var key = _protector.Unprotect(x);
if (key == null)
{
_logger.LogWarning("Key with kid {kid} failed to unprotect.", x.Id);
}
return(key);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error unprotecting key with kid {kid}.", x?.Id);
}
return(null);
})
.Where(x => x != null)
.ToArray().AsEnumerable();
// retired keys are those that are beyond inclusion, thus we act as if they don't exist.
keys = await FilterAndDeleteRetiredKeysAsync(keys);
if (keys.Any())
{
_logger.LogDebug("Keys successfully returned from store.");
if (cache)
{
await CacheKeysAsync(keys);
}
return(keys);
}
}
_logger.LogInformation("No keys returned from store.");
return(Enumerable.Empty <RsaKeyContainer>());
}
internal async Task <IEnumerable <KeyContainer> > GetKeysFromStoreAsync(bool cache = true)
{
_logger.LogDebug("Loading keys from store.");
var protectedKeys = await _store.LoadKeysAsync();
if (protectedKeys != null && protectedKeys.Any())
{
var keys = protectedKeys.Select(x =>
{
try
{
var key = _protector.Unprotect(x);
if (key == null)
{
_logger.LogWarning("Key with kid {kid} failed to unprotect.", x.Id);
}
return(key);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error unprotecting key with kid {kid}.", x?.Id);
}
return(null);
})
.Where(x => x != null)
.ToArray()
.AsEnumerable();
if (_logger.IsEnabled(LogLevel.Trace) && keys.Any())
{
var ids = keys.Select(x => x.Id).ToArray();
_logger.LogTrace("Loaded keys from store: {kids}", ids.Aggregate((x, y) => $"{x},{y}"));
}
// retired keys are those that are beyond inclusion, thus we act as if they don't exist.
keys = await FilterAndDeleteRetiredKeysAsync(keys);
if (_logger.IsEnabled(LogLevel.Trace) && keys.Any())
{
var ids = keys.Select(x => x.Id).ToArray();
_logger.LogTrace("Remaining keys after filter: {kids}", ids.Aggregate((x, y) => $"{x},{y}"));
}
// only use keys that are allowed
keys = keys.Where(x => _options.AllowedSigningAlgorithmNames.Contains(x.Algorithm)).ToArray();
if (_logger.IsEnabled(LogLevel.Trace) && keys.Any())
{
var ids = keys.Select(x => x.Id).ToArray();
_logger.LogTrace("Keys with allowed alg from store: {kids}", ids.Aggregate((x, y) => $"{x},{y}"));
}
if (keys.Any())
{
_logger.LogDebug("Keys successfully returned from store.");
if (cache)
{
await CacheKeysAsync(keys);
}
return(keys);
}
}
_logger.LogInformation("No keys returned from store.");
return(Enumerable.Empty <KeyContainer>());
}