public void Save(SecurityKeyWithPrivate securityParameters)
{
lock (lockObject)
_store.Add(securityParameters);
_current = securityParameters;
}
public void Save(SecurityKeyWithPrivate securityParamteres)
{
_context.SecurityKeys.Add(securityParamteres);
_logger.LogInformation($"Saving new SecurityKeyWithPrivate {securityParamteres.Id}", typeof(TContext).Name);
_context.SaveChanges();
}
public void ShouldKeepPublicKeyAfterUpdateAExpiredJwk(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
_jsonWebKeyStore.Revoke(privateKey);
var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).First(w => w.Kid == privateKey.KeyId);
jsonWebKey.Kty.Should().NotBeNullOrEmpty();
jsonWebKey.HasPrivateKey.Should().BeFalse();
switch (jsonWebKey.Kty)
{
case JsonWebAlgorithmsKeyTypes.EllipticCurve:
jsonWebKey.X.Should().NotBeNullOrEmpty();
jsonWebKey.Y.Should().NotBeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.RSA:
jsonWebKey.N.Should().NotBeNullOrEmpty();
jsonWebKey.E.Should().NotBeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.Octet:
jsonWebKey.K.Should().NotBeNullOrEmpty();
break;
}
}
private bool CheckCompatibility(SecurityKeyWithPrivate currentKey, JwksOptions options)
{
if (options == null)
{
options = _options.Value;
}
if (currentKey.JwkType == JsonWebKeyType.Jws)
{
if (currentKey.JwsAlgorithm == options.Jws)
{
return(true);
}
GenerateSigningCredentials(options);
}
if (currentKey.JwkType == JsonWebKeyType.Jwe)
{
if (currentKey.JweAlgorithm == options.Jwe)
{
return(true);
}
GenerateEncryptingCredentials(options);
}
return(false);
}
public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
{
securityKeyWithPrivate.Revoke();
_context.Attach(securityKeyWithPrivate);
_context.SecurityKeys.Update(securityKeyWithPrivate);
_context.SaveChanges();
ClearCache();
}
public SigningCredentials Generate(JwksOptions options = null)
{
if (options == null)
{
options = _options.Value;
}
var key = _jwkService.Generate(options.Algorithm);
var t = new SecurityKeyWithPrivate();
t.SetParameters(key, options.Algorithm);
_store.Save(t);
return(new SigningCredentials(key, options.Algorithm));
}
public void Update(SecurityKeyWithPrivate securityKeyWithPrivate)
{
var oldOne = _store.Find(f => f.Id == securityKeyWithPrivate.Id);
if (oldOne != null)
{
var index = _store.FindIndex(f => f.Id == securityKeyWithPrivate.Id);
Monitor.Enter(lockObject);
_store.RemoveAt(index);
_store.Insert(index, securityKeyWithPrivate);
Monitor.Exit(lockObject);
}
}
public EncryptingCredentials GenerateEncryptingCredentials(JwksOptions options = null)
{
if (options == null)
{
options = _options.Value;
}
var key = _jwkService.Generate(options.Jwe);
var t = new SecurityKeyWithPrivate();
t.SetJweParameters(key, options.Jwe);
_store.Save(t);
return(new EncryptingCredentials(key, options.Jwe, options.Jwe.Encryption));
}
public void Save(SecurityKeyWithPrivate securityParameters)
{
lock (lockObject)
_store.Add(securityParameters);
if (securityParameters.JwkType == JsonWebKeyType.Jws)
{
_currentJws = securityParameters;
}
else
{
_currentJwe = securityParameters;
}
}
private bool CheckCompatibility(SecurityKeyWithPrivate currentKey, JwksOptions options)
{
if (options == null)
{
options = _options.Value;
}
if (currentKey.Algorithm == options.Algorithm)
{
return(true);
}
Generate(options);
return(false);
}
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType)
{
var alg = Algorithm.Create(algorithm, keyType);
var key = _keyService.Generate(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Algorithm = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
privateKey.SetParameters();
_jsonWebKeyStore.Update(privateKey);
}
public void Update(SecurityKeyWithPrivate securityKeyWithPrivate)
{
foreach (var fileInfo in KeysPath.GetFiles("*.key"))
{
var key = GetKey(fileInfo.FullName);
if (key.Id != securityKeyWithPrivate.Id)
{
continue;
}
File.WriteAllText(fileInfo.FullName, JsonSerializer.Serialize(securityKeyWithPrivate, new JsonSerializerOptions()
{
IgnoreNullValues = true
}));
break;
}
}
public void Save(SecurityKeyWithPrivate securityParamteres)
{
if (!KeysPath.Exists)
{
KeysPath.Create();
}
// Datetime it's just to be easy searchable.
if (File.Exists(GetCurrentFile()))
{
File.Copy(GetCurrentFile(), Path.Combine(Path.GetDirectoryName(GetCurrentFile()), $"{_options.Value.KeyPrefix}old-{DateTime.Now:yyyy-MM-dd}-{Guid.NewGuid()}.key"));
}
File.WriteAllText(GetCurrentFile(), JsonSerializer.Serialize(securityParamteres, new JsonSerializerOptions()
{
IgnoreNullValues = true
}));
}
public void Save(SecurityKeyWithPrivate securityParamteres)
{
var possiblyEncryptedKeyElement = _dataProtector.Protect(System.Text.Json.JsonSerializer.Serialize(securityParamteres));
// build the <key> element
var keyElement = new XElement(Name,
new XAttribute(IdAttributeName, securityParamteres.Id),
new XAttribute(VersionAttributeName, 1),
new XElement(CreationDateElementName, DateTimeOffset.UtcNow),
new XElement(ActivationDateElementName, DateTimeOffset.UtcNow),
new XElement(ExpirationDateElementName, DateTimeOffset.UtcNow.AddDays(_options.Value.DaysUntilExpire)),
new XElement(DescriptorElementName,
new XAttribute(DeserializerTypeAttributeName, typeof(SecurityKeyWithPrivate).AssemblyQualifiedName !),
possiblyEncryptedKeyElement));
// Persist it to the underlying repository and trigger the cancellation token.
var friendlyName = string.Format(CultureInfo.InvariantCulture, "key-{0}-{1:D}", securityParamteres.JwkType.ToString(), securityParamteres.Id);
KeyRepository.StoreElement(keyElement, friendlyName);
ClearCache();
}
public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
{
var key = Get(securityKeyWithPrivate.JwkType).First(f => f.Id == securityKeyWithPrivate.Id);
if (key != null && key.IsRevoked)
{
return;
}
securityKeyWithPrivate.Revoke();
var revocationElement = new XElement(RevocationElementName,
new XAttribute(VersionAttributeName, 1),
new XElement(RevocationDateElementName, DateTimeOffset.UtcNow),
new XElement(Name,
new XAttribute(IdAttributeName, securityKeyWithPrivate.Id)),
new XElement(ReasonElementName, "Revoked"));
// Persist it to the underlying repository and trigger the cancellation token
var friendlyName = string.Format(CultureInfo.InvariantCulture, "revocation-{0}-{1:D}-{2:yyyy_MM_dd_hh_mm_fffffff}", securityKeyWithPrivate.JwkType.ToString(), securityKeyWithPrivate.Id, DateTime.UtcNow);
KeyRepository.StoreElement(revocationElement, friendlyName);
ClearCache();
}
public void Update(SecurityKeyWithPrivate securityKeyWithPrivate)
{
_context.SecurityKeys.Update(securityKeyWithPrivate);
_context.SaveChanges();
}
public void Clear()
{
_currentJwe = null;
_currentJws = null;
_store.Clear();
}
