private IEnumerable <SecurityKey> GetSigningKeys()
{
var httpClient = new HttpClient();
var identityServerAddress = _configurationManager.Get <string>("IdentityServerAddress");
var identityServerPath = _configurationManager.Get("IdentityServerPath", string.Empty);
var discoveryEndpoint = $"{identityServerAddress}{identityServerPath}/.well-known/openid-configuration";
logger.Debug($"{nameof(NanoHttp)}.{nameof(GetSigningKeys)}",
new LogItem("Event", "Retrieving identity server settings"),
new LogItem("Url", discoveryEndpoint));
var openIdConfigResult = httpClient.GetStringAsync(discoveryEndpoint).Result;
var openIdConfig = JsonConvert.DeserializeObject <OpenIdConfig>(openIdConfigResult);
logger.Debug($"{nameof(NanoHttp)}.{nameof(GetSigningKeys)}",
new LogItem("Event", "Retrieving signing keys"),
new LogItem("Url", openIdConfig.JwksUri));
var jwksResult = httpClient.GetStringAsync(openIdConfig.JwksUri).Result;
try
{
var keySet = new JsonWebKeySet(jwksResult);
return(keySet.GetSigningKeys());
}
catch (ArgumentException) { return(null); }
}
public void Constructors(
string json,
JsonWebKeySet compareTo,
JsonSerializerSettings settings,
ExpectedException ee)
{
var context = new CompareContext();
try
{
#pragma warning disable CS0618 // Type or member is obsolete
var jsonWebKeys = new JsonWebKeySet(json, settings);
#pragma warning restore CS0618 // Type or member is obsolete
var keys = jsonWebKeys.GetSigningKeys();
ee.ProcessNoException(context);
if (compareTo != null)
{
IdentityComparer.AreEqual(jsonWebKeys, compareTo, context);
}
}
catch (Exception ex)
{
ee.ProcessException(ex, context.Diffs);
}
TestUtilities.AssertFailIfErrors(context);
}
/// <summary>
/// Retrieves a populated <see cref="OpenIdConnectConfiguration"/> given an address and an <see cref="IDocumentRetriever"/>.
/// </summary>
/// <param name="address">address of the jwks uri.</param>
/// <param name="retriever">the <see cref="IDocumentRetriever"/> to use to read the jwks</param>
/// <param name="cancel"><see cref="CancellationToken"/>.</param>
/// <returns>A populated <see cref="OpenIdConnectConfiguration"/> instance.</returns>
public static async Task <OpenIdConnectConfiguration> GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
{
if (string.IsNullOrWhiteSpace(address))
{
throw LogHelper.LogArgumentNullException(nameof(address));
}
if (retriever == null)
{
throw LogHelper.LogArgumentNullException(nameof(retriever));
}
var doc = await retriever.GetDocumentAsync(address, cancel).ConfigureAwait(false);
LogHelper.LogVerbose("IDX21811: Deserializing the string: '{0}' obtained from metadata endpoint into openIdConnectConfiguration object.", doc);
var jwks = new JsonWebKeySet(doc);
var openIdConnectConfiguration = new OpenIdConnectConfiguration()
{
JsonWebKeySet = jwks,
JwksUri = address,
};
foreach (var securityKey in jwks.GetSigningKeys())
{
openIdConnectConfiguration.SigningKeys.Add(securityKey);
}
return(openIdConnectConfiguration);
}
/*
* Utilizando o 'Microsoft.Owin.Security.Jwt'
* faz a validação do Bearer Token.
*/
public void Configuration(IAppBuilder app)
{
using (var http = new HttpClient())
{
var keysResponse = http.GetAsync("http://localhost:8080/auth/realms/transurc/protocol/openid-connect/certs").Result;
var rawKeys = keysResponse.Content.ReadAsStringAsync().Result;
JsonWebKeySet jsonWebKeySet = JsonConvert.DeserializeObject <JsonWebKeySet>(rawKeys);
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalBearer,
AuthenticationMode = AuthenticationMode.Active,
Realm = "transurc",
TokenValidationParameters = new TokenValidationParameters()
{
AuthenticationType = "Bearer",
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidAudiences = new string[] { "keycloak-sample-webapp-backend", "keycloak-sample-webapp-frontend" },
ValidIssuer = "http://localhost:8080/auth/realms/transurc",
ValidateLifetime = true,
ValidateAudience = true,
IssuerSigningKeys = jsonWebKeySet.GetSigningKeys(),
}
});
}
}
public string ValidateToken()
{
// get jwks url
var jwksUrl = GetJwksUrl();
// get json web keys from its urls
var jsonWebKeys = new WebClient().DownloadString(jwksUrl);
// creates a json web keys set
var jwks = new JsonWebKeySet(jsonWebKeys);
var signedKeys = jwks.GetSigningKeys();
// validate token
SecurityToken validatedToken;
var validationParameters = new TokenValidationParameters
{
ValidAudience = _decodedToken.Audiences.First(),
IssuerSigningKeys = signedKeys,
ValidIssuer = _decodedToken.Issuer
};
_tokenHandler.ValidateToken(_token, validationParameters, out validatedToken);
Console.WriteLine(validatedToken);
return("ok");
}
private void Constructors(
string testId,
string json,
JsonWebKeySet compareTo,
ExpectedException ee)
{
var context = new CompareContext($"{this}.{testId}");
context.PropertiesToIgnoreWhenComparing.Add(typeof(JsonWebKeySet), new List <string>()
{
"SkipUnresolvedJsonWebKeys"
});
try
{
var jsonWebKeys = new JsonWebKeySet(json);
var keys = jsonWebKeys.GetSigningKeys();
ee.ProcessNoException(context);
if (compareTo != null)
{
IdentityComparer.AreEqual(jsonWebKeys, compareTo, context);
}
}
catch (Exception ex)
{
ee.ProcessException(ex, context.Diffs);
}
TestUtilities.AssertFailIfErrors(context);
}
private static TokenValidationResult ValidateSignedToken(string serviceJwt, JsonWebKeySet jwksTrustedSigningKeys, bool includeDetails)
{
// Now validate the JWT using the signing keys we just discovered
TokenValidationParameters tokenValidationParams = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
IssuerSigningKeys = jwksTrustedSigningKeys.GetSigningKeys()
};
var jwtHandler = new JsonWebTokenHandler();
var validatedToken = jwtHandler.ValidateToken(serviceJwt, tokenValidationParams);
if (!validatedToken.IsValid)
{
throw new ArgumentException("JWT is not valid (signature verification failed)");
}
Logger.WriteLine($"JWT signature validation : True");
if (includeDetails)
{
X509SecurityKey signingKey = (X509SecurityKey)validatedToken.SecurityToken.SigningKey;
if (signingKey.PublicKey is RSA publicKey)
{
var modulus = publicKey.ExportParameters(false).Modulus;
var exponent = publicKey.ExportParameters(false).Exponent;
Logger.WriteLine(37, 80, " RSA signing key modulus : ", BitConverter.ToString(modulus).Replace("-", ""));
Logger.WriteLine(37, 80, " RSA signing key exponent : ", BitConverter.ToString(exponent).Replace("-", ""));
}
else
{
Logger.WriteLine($"Unexpected signing key type. Signing Key Type: {signingKey.PublicKey.GetType()}");
}
}
return(validatedToken);
}
public async Task Jwks_with_ecdsa_should_have_parsable_key(string crv, string alg)
{
var key = CryptoHelper.CreateECDsaSecurityKey(crv);
IdentityServerPipeline pipeline = new IdentityServerPipeline();
pipeline.OnPostConfigureServices += services =>
{
services.AddIdentityServerBuilder()
.AddSigningCredential(key, alg);
};
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks");
var json = await result.Content.ReadAsStringAsync();
var jwks = new JsonWebKeySet(json);
var parsedKeys = jwks.GetSigningKeys();
var matchingKey = parsedKeys.FirstOrDefault(x => x.KeyId == key.KeyId);
matchingKey.Should().NotBeNull();
matchingKey.Should().BeOfType <ECDsaSecurityKey>();
}
/// <summary>
/// GetIssuerSigningKeys
/// </summary>
/// <returns></returns>
/// <exception cref="HB.Component.Authorization.AuthorizationException"></exception>
public IEnumerable <SecurityKey> GetIssuerSigningKeys()
{
if (_jsonWebKeySet == null)
{
throw new AuthorizationException(Resources.JsonWebKeySetIsNullErrorMessage);
}
return(_jsonWebKeySet.GetSigningKeys());
}
/// <summary>
/// </summary>
/// <param name="builder"></param>
/// <param name="configuration"></param>
/// <returns></returns>
public static AuthenticationBuilder AddJwtBearerConfiguration(this AuthenticationBuilder builder, IConfiguration configuration)
{
var serviceProvider = builder.Services.BuildServiceProvider();
if (_logger is null)
{
_logger = serviceProvider.GetRequiredService <ILogger <AuthenticationBuilder> >();
}
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters();
configuration.GetSection("Authentication").GetSection("JwtBearer")
.GetSection("TokenValidationParameters").Bind(tokenValidationParameters);
JsonWebKeySet tokenSigningKeys = new JsonWebKeySet();
configuration.GetSection("Authentication").GetSection("JwtBearer")
.GetSection("TokenValidationParameters").Bind(tokenSigningKeys);
IList <SecurityKey> _tokenIssuerSigningSecruityKeys = tokenSigningKeys.GetSigningKeys();
#if DEBUG
var _developerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(
"the secret that needs to be at least 16 characeters long for HmacSha256"
)
);
_tokenIssuerSigningSecruityKeys.Add(_developerSigningKey);
#endif
tokenValidationParameters.IssuerSigningKeys = _tokenIssuerSigningSecruityKeys;
builder.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = tokenValidationParameters;
options.Events = new JwtBearerEvents
{
OnMessageReceived = _onMessageReceived,
OnChallenge = _onChallenge,
OnTokenValidated = _onTokenValidated,
OnAuthenticationFailed = _onAuthenticationFailed
};
options.SaveToken = true;
});
return(builder);
}
/// <summary>
/// Gets the instance of <see cref="OpenIdConnectConfiguration"/> with the given certificate.
/// </summary>
/// <param name="cert">The certificate with the signing public keys.</param>
/// <returns>The instance of <see cref="OpenIdConnectConfiguration"/>.</returns>
private static OpenIdConnectConfiguration GetTestO365OpenIdConnectConfiguration(X509Certificate2 cert)
{
OpenIdConnectConfiguration config = new OpenIdConnectConfiguration(GetTestOpenIDConfiguration().ToString());
JObject jwk = CertificateHelper.ToJsonWebKey(cert);
JsonWebKeySet jwks = new JsonWebKeySet(jwk.ToString());
foreach (SecurityKey key in jwks.GetSigningKeys())
{
config.SigningKeys.Add(key);
}
return(config);
}
/// <summary>
/// Return all signing keys from jwks.json file content
/// </summary>
/// <param name="jsonString">full json string from jwks.json</param>
/// <returns></returns>
public static IList <SecurityKey> GetSigningKeysFromJson(string jsonString)
{
IList <SecurityKey> keys = new List <SecurityKey>();
JsonWebKeySet keyset = JsonConvert.DeserializeObject <JsonWebKeySet>(jsonString);
foreach (SecurityKey key in keyset.GetSigningKeys())
{
keys.Add(key);
}
return(keys);
}
public void ValidateTokenWithKey()
{
string keys =
"{\"keys\":[{\"kty\":\"RSA\",\"use\":\"sig\",\"kid\":\"WHROgiuc_n3Zb3i_5q7d7c5cb4s\",\"x5t\":\"WHROgiuc_n3Zb3i_5q7d7c5cb4s\",\"e\":\"AQAB\",\"n\":\"nkSx7FnImfW47T4XBKyP9ndwkqyL3JU3J4Zeg3F-pO7OVMaIx7LIEQMD12Lldy1kX3tHd31J5M4FhbKj9eJg4iiVKciAOBZ39JvGGFlzkqrdabifcFE9sO1nTeY7rYt5vzFuFpDNs02I9Bk1Uv6avWzkWKdjUWHx3sQmPuVWmE4pKvG254dF_5XY-6k3uqtwDPYPB7UTMgQE1GJennGbK97YSsmEcoOBWA8aDgUgWhRmwfbSkvLYfm5dubxhORl5foOVzqSaOaF7WtzAa8X9V2mYwNLFYJC4r6oPZSFxND7SR_JtqHkHYyvSOn80li-XPV9zplDtwdg7aD4P4uTtDQ\",\"x5c\":[\"MIIDNTCCAiGgAwIBAgIQb4pkRNbarbdGxSNiJ20w/zAJBgUrDgMCHQUAMCoxKDAmBgNVBAMTH01pY3JvbGlzZSBTaW5nbGUgU2lnbiBPbiBTZXJ2ZXIwHhcNMTcxMTA5MDc0NjIwWhcNMzkxMjMxMjM1OTU5WjAqMSgwJgYDVQQDEx9NaWNyb2xpc2UgU2luZ2xlIFNpZ24gT24gU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkSx7FnImfW47T4XBKyP9ndwkqyL3JU3J4Zeg3F+pO7OVMaIx7LIEQMD12Lldy1kX3tHd31J5M4FhbKj9eJg4iiVKciAOBZ39JvGGFlzkqrdabifcFE9sO1nTeY7rYt5vzFuFpDNs02I9Bk1Uv6avWzkWKdjUWHx3sQmPuVWmE4pKvG254dF/5XY+6k3uqtwDPYPB7UTMgQE1GJennGbK97YSsmEcoOBWA8aDgUgWhRmwfbSkvLYfm5dubxhORl5foOVzqSaOaF7WtzAa8X9V2mYwNLFYJC4r6oPZSFxND7SR/JtqHkHYyvSOn80li+XPV9zplDtwdg7aD4P4uTtDQIDAQABo18wXTBbBgNVHQEEVDBSgBCjX6Gh3YfGU9dc1VM4HzlZoSwwKjEoMCYGA1UEAxMfTWljcm9saXNlIFNpbmdsZSBTaWduIE9uIFNlcnZlcoIQb4pkRNbarbdGxSNiJ20w/zAJBgUrDgMCHQUAA4IBAQBVgwG5ZK7banky6EnWboyQjWjI3okm4m1xaOF4bWlBRXnK2Ywpnj34BI1itSvUitDWwUaqZQBsrUoKBQFb9ooi8RlPX/0GWpuoaQSXrXIavEg2KtXhuax8AYfhO4rAOTElVUhMHmfpwahOMClnUhUArwZKrjbf4PklEPnLjZ+3gAig4jcMfX8MeZ3UnuYRLSwuLilXCKk4g8qtqhbc6BW99mJ9YNWf7X3odFlXnCvtR4kw/BNaL4+eXXS6li2aCs8wL8AlqfJZR4cuZ4OJTpsySU5w9zzh4cScxrEWyWtVNVXEJl9sFvhbAInvMX7ZdogCcyMpkE3P1oumc0hitxFD\"]}]}";
string token =
//"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwOi8vMTkyLjE2OC4xMjAuMTM4L2lkZW50aXR5L2lkZW50aXR5IiwiYXVkIjoiZHBtIiwiZXhwIjoxNTA4ODUzNzk3LCJuYmYiOjE1MDg4NTM0OTcsIm5vbmNlIjoiOGRkMjljMmFjZjFlNGVmN2IyZTEwMzViMjc0MjkyYTEiLCJpYXQiOjE1MDg4NTM0OTQsImF0X2hhc2giOiJlYjBIYkFSRUlhNy13aEhYT093Q0dBIiwic2lkIjoiNmFiNjVhODFiZWJjNzA0Zjk0N2NkMGZiNmI4MzEwYzUiLCJzdWIiOiJlZCIsImF1dGhfdGltZSI6MTUwODc2ODU0MCwiaWRwIjoiaWRzcnYiLCJuYW1lIjoiZWQiLCJnaXZlbl9uYW1lIjoiRWR3YXJkIiwiZmFtaWx5X25hbWUiOiJTYWx0ZXIiLCJlbWFpbCI6ImVkd2FyZC5zYWx0ZXJAbWljcm9saXNlLmNvbSIsImFtciI6WyJwYXNzd29yZCJdfQ.DgHQdYn5BvoEALTbJEGCNLWbG5ujQSphhJomzevQ_vS9HGAC_ebzQzOUhvpL_95h-_18tBzwRiLYpyEYXdYBVaDgkOvGjNZxhZZUZ0mXunw-aHi2Z9YbRZaiZlp3ONNhdIOMmQvNtmf4NKB0nthZq14PJt0IjRjmyBk0OtFk8KBrqpRU4Ifg8uPE5CTtUbtoGM3pD73-_5ds5ZZArEQWYRPnPpZjL3RQHMhJ-xB3qsa98s3OHTnQ5oe00-RjqCIoSikyiqwUQjscxiPRS9qNJnWCyDR8xFJecVclKztAddg9hFBcLIV-1hDKTb1gsX4kIKW_HF3qrUTkMUa72DI5WA";
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IldIUk9naXVjX24zWmIzaV81cTdkN2M1Y2I0cyIsImtpZCI6IldIUk9naXVjX24zWmIzaV81cTdkN2M1Y2I0cyJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdC9pZGVudGl0eVNlcnZpY2UvaWRlbnRpdHkiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdC9pZGVudGl0eVNlcnZpY2UvaWRlbnRpdHkvcmVzb3VyY2VzIiwiZXhwIjoxNTE2MTk3Mjc3LCJuYmYiOjE1MTYxOTM2NzcsImNsaWVudF9pZCI6ImNsaWVudHJlc291cmNlb3duZXJmbG93Iiwic2NvcGUiOlsiaWRlbnRpdHlzZXJ2aWNlYXBpIiwib3BlbmlkIl0sInN1YiI6Im1zaW5naCIsImF1dGhfdGltZSI6MTUxNjE5MzY3NywiaWRwIjoiaWRzcnYiLCJuYW1lIjoibXNpbmdoIiwiZ2l2ZW5fbmFtZSI6Ik1hbmRlZXAiLCJmYW1pbHlfbmFtZSI6IlNpbmdoIiwiZW1haWwiOiJtYW5kZWVwLnNpbmdoQG1pY3JvbGlzZS5jb20iLCJyb2xlIjoiW3tcIlJvbGVJZFwiOlwiMVwiLFwiTmFtZVwiOlwiQWRtaW5cIixcIkRlc2NyaXB0aW9uXCI6XCJjYW4gcGVyZnJvbSBhbGwgdGhlIG9wZXJhdGlvblwifV0iLCJvcmdhbmlzYXRpb25pZHMiOiJbXCJNSUMwMDFcIl0iLCJhbXIiOlsicGFzc3dvcmQiXX0.fw85A6brNrm5Wc_r54AsnhnZCzUFkNgGZvSDssJPCbDWwYCiUL7vLshKoRUYb8u0vBohWna-BYWaCvD8-5ku--6N1aHPCQm7ii-McHYfeKnEd1_qAQKFa0IGreClYZhLtsLwBUzLDvTzWNt103WDj592BQQSt550RdPqZyv_SB8eWnmmAYkq-EMOIqHHM_ZtU78M7Lw3yjdKdqRjGDWtVU52CyQ_br95HphHukk4vd-7bAocNpFqP07d0bZ5j-Efca-0bzQtVzmzal_cVWwvQHZHxHbIjAUW_2yHQlB2ROdOfDYoICNKcIdGP1Kf5ysFONsCaygHJo-xHCLsMYPmPA";
JsonWebKeySet keyset = new JsonWebKeySet(keys);
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
handler.ValidateToken(token, new TokenValidationParameters
{
IssuerSigningKeys = keyset.GetSigningKeys(),
ValidateAudience = false
},
out SecurityToken blah);
}
private static TokenValidationResult ValidateSignedToken(string policyJwt, JsonWebKeySet jwksTrustedSigningKeys)
{
// Now validate the JWT using the signing keys we just discovered
TokenValidationParameters tokenValidationParams = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
IssuerSigningKeys = jwksTrustedSigningKeys.GetSigningKeys()
};
var jwtHandler = new JsonWebTokenHandler();
var validatedToken = jwtHandler.ValidateToken(policyJwt, tokenValidationParams);
if (!validatedToken.IsValid)
{
throw new ArgumentException("Policy JWT is not valid (signature verification failed)");
}
return(validatedToken);
}
public void RetrieveMetadataSigningKeys()
{
using (MockContext ctx = MockContext.Start(this.GetType()))
{
var attestationClient = GetAttestationClient();
var response = attestationClient.SigningCertificates.Get(tenantBaseUrl);
var json = JsonConvert.DeserializeObject(response.ToString()) as JObject;
Assert.NotNull(json);
var jwks = new JsonWebKeySet(response.ToString());
var signingKeys = jwks.GetSigningKeys();
foreach (var key in signingKeys)
{
Assert.True(key is X509SecurityKey);
var x509Key = key as X509SecurityKey;
}
}
}
public static async Task <IList <SecurityKey> > GetApplePublicKeys()
{
var requestUrl = $"https://appleid.apple.com/auth/keys";
using (HttpClient client = new HttpClient())
using (HttpResponseMessage res = await client.GetAsync(requestUrl))
using (HttpContent content = res.Content)
{
string data = await content.ReadAsStringAsync();
if (data != null)
{
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(data);
IList <SecurityKey> keys = jsonWebKeySet.GetSigningKeys();
return(keys);
}
return(null);
}
}
public void Constructors(string json, JsonWebKeySet compareTo, ExpectedException ee)
{
var context = new CompareContext();
try
{
var jsonWebKeys = new JsonWebKeySet(json);
var keys = jsonWebKeys.GetSigningKeys();
ee.ProcessNoException(context);
if (compareTo != null)
{
IdentityComparer.AreEqual(jsonWebKeys, compareTo, context);
}
}
catch (Exception ex)
{
ee.ProcessException(ex, context.Diffs);
}
TestUtilities.AssertFailIfErrors(context);
}
private static SecurityKey GetSecurityKey(string jwksJson, string token)
{
string[] tokenParts = token.Split('.');
JwtHeader header = JwtHeader.Base64UrlDeserialize(tokenParts[0]);
JsonWebKeySet jwks = new JsonWebKeySet(jwksJson);
IList <SecurityKey> keyList = jwks.GetSigningKeys();
SecurityKey signedKey = null;
for (int index = 0; index < keyList.Count; index++)
{
SecurityKey key = keyList[index];
if (StringComparer.Ordinal.Equals(key.KeyId, header.Kid))
{
signedKey = key;
break;
}
}
return(signedKey);
}
public AuthorizationService(IOptions <AuthorizationServerOptions> options, ITransaction transaction, IDistributedLockManager lockManager,
SignInTokenBiz signInTokenBiz, IIdentityService identityService /*, ILogger<AuthorizationService> logger*/)
{
_options = options.Value;
_transaction = transaction;
_lockManager = lockManager;
_identityService = identityService;
_signInTokenBiz = signInTokenBiz;
#region Initialize Jwt Signing Credentials
X509Certificate2?cert = CertificateUtil.GetBySubject(_options.SigningCertificateSubject);
if (cert == null)
{
throw new AuthorizationException(ErrorCode.JwtSigningCertNotFound, $"Subject:{_options.SigningCertificateSubject}");
}
_jsonWebKeySet = CredentialHelper.CreateJsonWebKeySet(cert);
_issuerSigningKeys = _jsonWebKeySet.GetSigningKeys();
#endregion
#region Initialize Jwt Content Encrypt/Decrypt Credentials
X509Certificate2?encryptionCert = CertificateUtil.GetBySubject(_options.EncryptingCertificateSubject);
if (encryptionCert == null)
{
throw new FrameworkException(ErrorCode.JwtEncryptionCertNotFound, $"Subject:{_options.EncryptingCertificateSubject}");
}
_encryptingCredentials = CredentialHelper.GetEncryptingCredentials(encryptionCert);
_decryptionSecurityKey = CredentialHelper.GetSecurityKey(encryptionCert);
#endregion
}
