/// <summary>
/// If current doesn't exist will generate new one
/// </summary>
public SigningCredentials GetCurrent(JwksOptions options = null)
{
if (_store.NeedsUpdate())
{
// According NIST - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf - Private key should be removed when no longer needs
RemovePrivateKeys();
return(Generate(options));
}
var currentKey = _store.GetCurrentKey();
// options has change. Change current key
if (!CheckCompatibility(currentKey, options))
{
currentKey = _store.GetCurrentKey();
}
return(currentKey.GetSigningCredentials());
}
public void ShouldGenerateECDsa()
{
_options.Setup(s => s.Value).Returns(new JwksOptions()
{
Jws = JwsAlgorithm.ES256, KeyPrefix = $"{nameof(JsonWebKeySetServiceTests)}_"
});
var sign = _jwksService.GenerateSigningCredentials();
var current = _store.GetCurrentKey(JsonWebKeyType.Jws);
current.KeyId.Should().Be(sign.Kid);
current.JwsAlgorithm.Should().Be(SecurityAlgorithms.EcdsaSha256);
}