/// <summary>
        /// If current doesn't exist will generate new one
        /// </summary>
        public SigningCredentials GetCurrent(JwksOptions options = null)
        {
            if (_store.NeedsUpdate())
            {
                // According NIST - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf - Private key should be removed when no longer needs
                RemovePrivateKeys();
                return(Generate(options));
            }

            var currentKey = _store.GetCurrentKey();

            // options has change. Change current key
            if (!CheckCompatibility(currentKey, options))
            {
                currentKey = _store.GetCurrentKey();
            }

            return(currentKey.GetSigningCredentials());
        }
        public void ShouldGenerateECDsa()
        {
            _options.Setup(s => s.Value).Returns(new JwksOptions()
            {
                Jws = JwsAlgorithm.ES256, KeyPrefix = $"{nameof(JsonWebKeySetServiceTests)}_"
            });
            var sign    = _jwksService.GenerateSigningCredentials();
            var current = _store.GetCurrentKey(JsonWebKeyType.Jws);

            current.KeyId.Should().Be(sign.Kid);
            current.JwsAlgorithm.Should().Be(SecurityAlgorithms.EcdsaSha256);
        }