public void ShouldKeepPublicKeyAfterUpdateAExpiredJwk(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
_jsonWebKeyStore.Revoke(privateKey);
var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).First(w => w.Kid == privateKey.KeyId);
jsonWebKey.Kty.Should().NotBeNullOrEmpty();
jsonWebKey.HasPrivateKey.Should().BeFalse();
switch (jsonWebKey.Kty)
{
case JsonWebAlgorithmsKeyTypes.EllipticCurve:
jsonWebKey.X.Should().NotBeNullOrEmpty();
jsonWebKey.Y.Should().NotBeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.RSA:
jsonWebKey.N.Should().NotBeNullOrEmpty();
jsonWebKey.E.Should().NotBeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.Octet:
jsonWebKey.K.Should().NotBeNullOrEmpty();
break;
}
}
public SigningCredentials GenerateSigningCredentials(JwksOptions options = null)
{
if (options == null)
{
options = _options.Value;
}
var key = _jwkService.Generate(options.Jws);
var t = new SecurityKeyWithPrivate();
t.SetJwsParameters(key, options.Jws);
_store.Save(t);
return(new SigningCredentials(key, options.Jws));
}
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
privateKey.Revoke();
_jsonWebKeyStore.Revoke(privateKey);
}
