/// <summary>
/// Creates the JWK document.
/// </summary>
public virtual async Task <IEnumerable <Models.JsonWebKey> > CreateJwkDocumentAsync()
{
var webKeys = new List <Models.JsonWebKey>();
var signingCredentials = await Keys.GetSigningCredentialsAsync();
var algorithm = signingCredentials?.Algorithm ?? Constants.SigningAlgorithms.RSA_SHA_256;
foreach (var key in await Keys.GetValidationKeysAsync())
{
if (key is X509SecurityKey x509Key)
{
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
var pubKey = x509Key.PublicKey as RSA;
var parameters = pubKey.ExportParameters(false);
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = x509Key.KeyId,
x5t = thumbprint,
e = exponent,
n = modulus,
x5c = new[] { cert64 },
alg = algorithm
};
webKeys.Add(webKey);
continue;
}
if (key is RsaSecurityKey rsaKey)
{
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = rsaKey.KeyId,
e = exponent,
n = modulus,
alg = algorithm
};
webKeys.Add(webKey);
}
}
return(webKeys);
}
/// <summary>
/// Creates the JWK document.
/// </summary>
public virtual async Task <IEnumerable <Models.JsonWebKey> > CreateJwkDocumentAsync()
{
var webKeys = new List <Models.JsonWebKey>();
foreach (var key in await Keys.GetValidationKeysAsync())
{
var x509Key = key as X509SecurityKey;
if (x509Key != null)
{
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
var pubKey = x509Key.PublicKey as RSA;
var parameters = pubKey.ExportParameters(false);
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = x509Key.KeyId,
x5t = thumbprint,
e = exponent,
n = modulus,
x5c = new[] { cert64 }
};
webKeys.Add(webKey);
continue;
}
var rsaKey = key as RsaSecurityKey;
if (rsaKey != null)
{
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = rsaKey.KeyId,
e = exponent,
n = modulus,
};
webKeys.Add(webKey);
}
}
return(webKeys);
}
public async Task <bool> InsertAsync(Jwt.JsonWebKey jsonWebKey)
{
using (var transaction = _context.Database.BeginTransaction())
{
try
{
var keyOperations = string.Empty;
var x5u = string.Empty;
if (jsonWebKey.KeyOps != null)
{
var keyOperationNumbers = jsonWebKey.KeyOps.Select(s => (int)s);
keyOperations = string.Join(",", keyOperationNumbers);
}
if (jsonWebKey.X5u != null)
{
x5u = jsonWebKey.X5u.AbsoluteUri;
}
var newJsonWebKeyRecord = new Models.JsonWebKey
{
Kid = jsonWebKey.Kid,
Alg = (Models.AllAlg)jsonWebKey.Alg,
Kty = (Models.KeyType)jsonWebKey.Kty,
Use = (Models.Use)jsonWebKey.Use,
KeyOps = keyOperations,
SerializedKey = jsonWebKey.SerializedKey,
X5t = jsonWebKey.X5t,
X5tS256 = jsonWebKey.X5tS256,
X5u = x5u
};
_context.JsonWebKeys.Add(newJsonWebKeyRecord);
await _context.SaveChangesAsync().ConfigureAwait(false);
transaction.Commit();
}
catch (Exception ex)
{
_managerEventSource.Failure(ex);
transaction.Rollback();
return(false);
}
}
return(true);
}
private async Task <IEndpointResult> ExecuteJwksAsync(HttpContext context)
{
_logger.LogTrace("Start key discovery request");
if (_options.DiscoveryOptions.ShowKeySet == false)
{
_logger.LogInformation("Key discovery disabled. 404.");
return(new StatusCodeResult(404));
}
var webKeys = new List <Models.JsonWebKey>();
foreach (var key in await _keyService.GetValidationKeysAsync())
{
if (key != null)
{
var x509Key = new X509SecurityKey(key);
var cert64 = Convert.ToBase64String(key.RawData);
var thumbprint = Base64Url.Encode(key.GetCertHash());
var pubKey = x509Key.PublicKey as RSA;
var parameters = pubKey.ExportParameters(false);
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = await _keyService.GetKidAsync(key),
x5t = thumbprint,
e = exponent,
n = modulus,
x5c = new[] { cert64 }
};
webKeys.Add(webKey);
}
}
return(new JsonWebKeysResult(webKeys));
}
/// <summary>
/// Creates the JWK document.
/// </summary>
public virtual async Task <IEnumerable <Models.JsonWebKey> > CreateJwkDocumentAsync()
{
var webKeys = new List <Models.JsonWebKey>();
foreach (var key in await Keys.GetValidationKeysAsync())
{
if (key.Key is X509SecurityKey x509Key)
{
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
if (x509Key.PublicKey is RSA rsa)
{
var parameters = rsa.ExportParameters(false);
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var rsaJsonWebKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = x509Key.KeyId,
x5t = thumbprint,
e = exponent,
n = modulus,
x5c = new[] { cert64 },
alg = key.SigningAlgorithm
};
webKeys.Add(rsaJsonWebKey);
}
else if (x509Key.PublicKey is ECDsa ecdsa)
{
var parameters = ecdsa.ExportParameters(false);
var x = Base64Url.Encode(parameters.Q.X);
var y = Base64Url.Encode(parameters.Q.Y);
var ecdsaJsonWebKey = new Models.JsonWebKey
{
kty = "EC",
use = "sig",
kid = x509Key.KeyId,
x5t = thumbprint,
x = x,
y = y,
crv = CryptoHelper.GetCrvValueFromCurve(parameters.Curve),
x5c = new[] { cert64 },
alg = key.SigningAlgorithm
};
webKeys.Add(ecdsaJsonWebKey);
}
else
{
throw new InvalidOperationException($"key type: {x509Key.PublicKey.GetType().Name} not supported.");
}
}
else if (key.Key is RsaSecurityKey rsaKey)
{
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = rsaKey.KeyId,
e = exponent,
n = modulus,
alg = key.SigningAlgorithm
};
webKeys.Add(webKey);
}
else if (key.Key is ECDsaSecurityKey ecdsaKey)
{
var parameters = ecdsaKey.ECDsa.ExportParameters(false);
var x = Base64Url.Encode(parameters.Q.X);
var y = Base64Url.Encode(parameters.Q.Y);
var ecdsaJsonWebKey = new Models.JsonWebKey
{
kty = "EC",
use = "sig",
kid = ecdsaKey.KeyId,
x = x,
y = y,
crv = CryptoHelper.GetCrvValueFromCurve(parameters.Curve),
alg = key.SigningAlgorithm
};
webKeys.Add(ecdsaJsonWebKey);
}
else if (key.Key is JsonWebKey jsonWebKey)
{
var webKey = new Models.JsonWebKey
{
kty = jsonWebKey.Kty,
use = jsonWebKey.Use ?? "sig",
kid = jsonWebKey.Kid,
x5t = jsonWebKey.X5t,
e = jsonWebKey.E,
n = jsonWebKey.N,
x5c = jsonWebKey.X5c?.Count == 0 ? null : jsonWebKey.X5c.ToArray(),
alg = jsonWebKey.Alg,
crv = jsonWebKey.Crv,
x = jsonWebKey.X,
y = jsonWebKey.Y
};
webKeys.Add(webKey);
}
}
return(webKeys);
}
private async Task <IEndpointResult> ExecuteJwksAsync(HttpContext context)
{
_logger.LogDebug("Start key discovery request");
if (_options.DiscoveryOptions.ShowKeySet == false)
{
_logger.LogInformation("Key discovery disabled. 404.");
return(new StatusCodeResult(404));
}
var webKeys = new List <Models.JsonWebKey>();
foreach (var key in await _keys.GetValidationKeysAsync())
{
// todo
//if (!(key is AsymmetricSecurityKey) &&
// !key.IsSupportedAlgorithm(SecurityAlgorithms.RsaSha256Signature))
//{
// var error = "signing key is not asymmetric and does not support RS256";
// _logger.LogError(error);
// throw new InvalidOperationException(error);
//}
var x509Key = key as X509SecurityKey;
if (x509Key != null)
{
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
var pubKey = x509Key.PublicKey as RSA;
var parameters = pubKey.ExportParameters(false);
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = x509Key.KeyId,
x5t = thumbprint,
e = exponent,
n = modulus,
x5c = new[] { cert64 }
};
webKeys.Add(webKey);
continue;
}
var rsaKey = key as RsaSecurityKey;
if (rsaKey != null)
{
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = rsaKey.KeyId,
e = exponent,
n = modulus,
};
webKeys.Add(webKey);
}
}
return(new JsonWebKeysResult(webKeys));
}
private async Task <IEndpointResult> ExecuteJwksAsync()
{
_logger.LogDebug("Start key discovery request");
if (_options.Discovery.ShowKeySet == false)
{
_logger.LogInformation("Key discovery disabled. 404.");
return(new StatusCodeResult(404));
}
var webKeys = new List <Models.JsonWebKey>();
foreach (var key in await _keys.GetValidationKeysAsync())
{
var x509Key = key as X509SecurityKey;
if (x509Key != null)
{
var cert64 = Convert.ToBase64String(x509Key.Certificate.RawData);
var thumbprint = Base64Url.Encode(x509Key.Certificate.GetCertHash());
var pubKey = x509Key.PublicKey as RSA;
var parameters = pubKey.ExportParameters(false);
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = x509Key.KeyId,
x5t = thumbprint,
e = exponent,
n = modulus,
x5c = new[] { cert64 }
};
webKeys.Add(webKey);
continue;
}
var rsaKey = key as RsaSecurityKey;
if (rsaKey != null)
{
var parameters = rsaKey.Rsa?.ExportParameters(false) ?? rsaKey.Parameters;
var exponent = Base64Url.Encode(parameters.Exponent);
var modulus = Base64Url.Encode(parameters.Modulus);
var webKey = new Models.JsonWebKey
{
kty = "RSA",
use = "sig",
kid = rsaKey.KeyId,
e = exponent,
n = modulus,
};
webKeys.Add(webKey);
}
}
return(new JsonWebKeysResult(webKeys));
}