public async Task Should_Remove_Private_Key_And_Update(string algorithm) { var alg = Algorithm.Create(algorithm); var key = new CryptographicKey(alg); var keyMaterial = new KeyMaterial(key); await _store.Store(keyMaterial); /*Remove private*/ await _store.Revoke(keyMaterial); var current = await _store.Get(keyMaterial.KeyId); current.GetSecurityKey().HasPrivateKey.Should().BeFalse(); }
private void RemovePrivateKeys(JsonWebKeyType jsonWebKeyType) { foreach (var securityKeyWithPrivate in _store.Get(jsonWebKeyType, _options.Value.AlgorithmsToKeep)) { _store.Revoke(securityKeyWithPrivate); } }
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType) { var alg = JwsAlgorithm.Create(algorithm, keyType); var key = _keyService.GenerateSigningCredentials(new JwksOptions() { KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg }); var privateKey = new SecurityKeyWithPrivate(); privateKey.SetJwsParameters(key.Key, alg); _jsonWebKeyStore.Save(privateKey); /*Remove private*/ privateKey.Revoke(); _jsonWebKeyStore.Revoke(privateKey); }
public async Task Invoke(HttpContext httpContext, IJsonWebKeySetService keyService, IJsonWebKeyStore store, IOptions <JwksOptions> options) { foreach (var securityKeyWithPrivate in store.Get(JsonWebKeyType.Jws, options.Value.AlgorithmsToKeep)) { store.Revoke(securityKeyWithPrivate); } keyService.GenerateSigningCredentials(); await httpContext.Response.CompleteAsync(); }
public async Task <SecurityKey> GetCurrentSecurityKey() { var current = await _store.GetCurrent(); if (NeedsUpdate(current)) { // According NIST - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf - Private key should be removed when no longer needs await _store.Revoke(current); var newKey = await GenerateKey(); return(newKey); } // options has change. Change current key if (!await CheckCompatibility(current)) { current = await _store.GetCurrent(); } return(current); }