Exemple #1
0
        internal bool CanBeUsedForSigning(RsaKeyContainer key, bool ignoreActiveDelay = false)
        {
            if (key == null)
            {
                return(false);
            }

            if (key.KeyType != _options.KeyType)
            {
                _logger.LogTrace("Key {kid} is of type {kty} but server configured for {configuredKty}", key.Id, key.KeyType, _options.KeyType);
                return(false);
            }

            var now = _clock.UtcNow;

            // newly created key check
            var start = key.Created;

            if (start > now)
            {
                // if another server created the key in the future (meaning this server's clock is
                // behind the other), then we will just assume the other server's time for this key.
                // this is how we can deal with clock skew for recently created keys.
                now = start;
            }

            if (!ignoreActiveDelay)
            {
                _logger.LogTrace("Checking if key with kid {kid} is active (respecting activation delay).", key.Id);
                start = start.Add(_options.KeyActivationDelay);
            }
            else
            {
                _logger.LogTrace("Checking if key with kid {kid} is active (ignoring activation delay).", key.Id);
            }

            if (start > now)
            {
                _logger.LogTrace("Key with kid {kid} is inactive: the current time is prior to its activation delay.", key.Id);
                return(false);
            }

            // expired key check
            var end = key.Created.Add(_options.KeyExpiration);

            if (end < now)
            {
                _logger.LogTrace("Key with kid {kid} is inactive: the current time is past its expiration.", key.Id);
                return(false);
            }

            _logger.LogTrace("Key with kid {kid} is active.", key.Id);

            return(true);
        }
Exemple #2
0
        /// <summary>
        /// Protects RsaKeyContainer.
        /// </summary>
        /// <param name="key"></param>
        /// <returns></returns>
        public SerializedKey Protect(RsaKeyContainer key)
        {
            var data = KeySerializer.Serialize(key);

            if (_options.DataProtectKeys)
            {
                data = _dataProtectionProvider.Protect(data);
            }

            return(new SerializedKey
            {
                Created = DateTime.UtcNow,
                Id = key.Id,
                KeyType = key.KeyType,
                Data = data,
                DataProtected = _options.DataProtectKeys,
            });
        }