internal async Task <IEnumerable <RsaKeyContainer> > GetKeysFromStoreAsync(bool cache = true) { var protectedKeys = await _store.LoadKeysAsync(); if (protectedKeys != null && protectedKeys.Any()) { var keys = protectedKeys.Select(x => { try { var key = _protector.Unprotect(x); if (key == null) { _logger.LogWarning("Key with kid {kid} failed to unprotect.", x.Id); } return(key); } catch (Exception ex) { _logger.LogError(ex, "Error unprotecting key with kid {kid}.", x?.Id); } return(null); }) .Where(x => x != null) .ToArray().AsEnumerable(); // retired keys are those that are beyond inclusion, thus we act as if they don't exist. keys = await FilterAndDeleteRetiredKeysAsync(keys); if (keys.Any()) { _logger.LogDebug("Keys successfully returned from store."); if (cache) { await CacheKeysAsync(keys); } return(keys); } } _logger.LogInformation("No keys returned from store."); return(Enumerable.Empty <RsaKeyContainer>()); }
internal async Task <IEnumerable <KeyContainer> > GetKeysFromStoreAsync(bool cache = true) { _logger.LogDebug("Loading keys from store."); var protectedKeys = await _store.LoadKeysAsync(); if (protectedKeys != null && protectedKeys.Any()) { var keys = protectedKeys.Select(x => { try { var key = _protector.Unprotect(x); if (key == null) { _logger.LogWarning("Key with kid {kid} failed to unprotect.", x.Id); } return(key); } catch (Exception ex) { _logger.LogError(ex, "Error unprotecting key with kid {kid}.", x?.Id); } return(null); }) .Where(x => x != null) .ToArray() .AsEnumerable(); if (_logger.IsEnabled(LogLevel.Trace) && keys.Any()) { var ids = keys.Select(x => x.Id).ToArray(); _logger.LogTrace("Loaded keys from store: {kids}", ids.Aggregate((x, y) => $"{x},{y}")); } // retired keys are those that are beyond inclusion, thus we act as if they don't exist. keys = await FilterAndDeleteRetiredKeysAsync(keys); if (_logger.IsEnabled(LogLevel.Trace) && keys.Any()) { var ids = keys.Select(x => x.Id).ToArray(); _logger.LogTrace("Remaining keys after filter: {kids}", ids.Aggregate((x, y) => $"{x},{y}")); } // only use keys that are allowed keys = keys.Where(x => _options.AllowedSigningAlgorithmNames.Contains(x.Algorithm)).ToArray(); if (_logger.IsEnabled(LogLevel.Trace) && keys.Any()) { var ids = keys.Select(x => x.Id).ToArray(); _logger.LogTrace("Keys with allowed alg from store: {kids}", ids.Aggregate((x, y) => $"{x},{y}")); } if (keys.Any()) { _logger.LogDebug("Keys successfully returned from store."); if (cache) { await CacheKeysAsync(keys); } return(keys); } } _logger.LogInformation("No keys returned from store."); return(Enumerable.Empty <KeyContainer>()); }