public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
{
securityKeyWithPrivate.Revoke();
_context.Attach(securityKeyWithPrivate);
_context.SecurityKeys.Update(securityKeyWithPrivate);
_context.SaveChanges();
ClearCache();
}
public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
{
securityKeyWithPrivate.Revoke();
var oldOne = _store.Find(f => f.Id == securityKeyWithPrivate.Id);
if (oldOne != null)
{
var index = _store.FindIndex(f => f.Id == securityKeyWithPrivate.Id);
Monitor.Enter(lockObject);
_store.RemoveAt(index);
_store.Insert(index, securityKeyWithPrivate);
Monitor.Exit(lockObject);
}
}
public void ShouldRemovePrivateAndUpdate(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
privateKey.Revoke();
_jsonWebKeyStore.Revoke(privateKey);
}
public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
{
securityKeyWithPrivate.Revoke();
foreach (var fileInfo in KeysPath.GetFiles("*.key"))
{
var key = GetKey(fileInfo.FullName);
if (key.Id != securityKeyWithPrivate.Id)
{
continue;
}
File.WriteAllText(fileInfo.FullName, JsonSerializer.Serialize(securityKeyWithPrivate, new JsonSerializerOptions()
{
IgnoreNullValues = true
}));
break;
}
ClearCache();
}
public void ShouldRemovePrivateKeyAfterUpdateAExpiredJwk(string algorithm, KeyType keyType)
{
var alg = JwsAlgorithm.Create(algorithm, keyType);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jws = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJwsParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
privateKey.Revoke();
_jsonWebKeyStore.Revoke(privateKey);
var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jws, 5).First(w => w.Kid == privateKey.KeyId);
jsonWebKey.Kty.Should().NotBeNullOrEmpty();
jsonWebKey.HasPrivateKey.Should().BeFalse();
switch (jsonWebKey.Kty)
{
case JsonWebAlgorithmsKeyTypes.EllipticCurve:
jsonWebKey.D.Should().BeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.RSA:
jsonWebKey.D.Should().BeNullOrEmpty();
jsonWebKey.DP.Should().BeNullOrEmpty();
jsonWebKey.DQ.Should().BeNullOrEmpty();
jsonWebKey.P.Should().BeNullOrEmpty();
jsonWebKey.Q.Should().BeNullOrEmpty();
jsonWebKey.QI.Should().BeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.Octet:
jsonWebKey.K.Should().NotBeNullOrEmpty();
break;
}
}
public void Revoke(SecurityKeyWithPrivate securityKeyWithPrivate)
{
var key = Get(securityKeyWithPrivate.JwkType).First(f => f.Id == securityKeyWithPrivate.Id);
if (key != null && key.IsRevoked)
{
return;
}
securityKeyWithPrivate.Revoke();
var revocationElement = new XElement(RevocationElementName,
new XAttribute(VersionAttributeName, 1),
new XElement(RevocationDateElementName, DateTimeOffset.UtcNow),
new XElement(Name,
new XAttribute(IdAttributeName, securityKeyWithPrivate.Id)),
new XElement(ReasonElementName, "Revoked"));
// Persist it to the underlying repository and trigger the cancellation token
var friendlyName = string.Format(CultureInfo.InvariantCulture, "revocation-{0}-{1:D}-{2:yyyy_MM_dd_hh_mm_fffffff}", securityKeyWithPrivate.JwkType.ToString(), securityKeyWithPrivate.Id, DateTime.UtcNow);
KeyRepository.StoreElement(revocationElement, friendlyName);
ClearCache();
}
