public EncryptingCredentials GenerateEncryptingCredentials(JwksOptions options = null)
{
if (options == null)
{
options = _options.Value;
}
var key = _jwkService.Generate(options.Jwe);
var t = new SecurityKeyWithPrivate();
t.SetJweParameters(key, options.Jwe);
_store.Save(t);
return(new EncryptingCredentials(key, options.Jwe, options.Jwe.Encryption));
}
public void ShouldRemovePrivateKeyFromJweAfterUpdateAExpiredJwk(string algorithm, KeyType keyType, string encryption)
{
var alg = JweAlgorithm.Create(algorithm, keyType).WithEncryption(encryption);
var key = _keyService.GenerateSigningCredentials(new JwksOptions()
{
KeyPrefix = "ShouldGenerateManyRsa_", Jwe = alg
});
var privateKey = new SecurityKeyWithPrivate();
privateKey.SetJweParameters(key.Key, alg);
_jsonWebKeyStore.Save(privateKey);
/*Remove private*/
_jsonWebKeyStore.Revoke(privateKey);
var jsonWebKey = _keyService.GetLastKeysCredentials(JsonWebKeyType.Jwe, 5).First(w => w.Kid == privateKey.KeyId);
jsonWebKey.Kty.Should().NotBeNullOrEmpty();
jsonWebKey.HasPrivateKey.Should().BeFalse();
switch (jsonWebKey.Kty)
{
case JsonWebAlgorithmsKeyTypes.EllipticCurve:
jsonWebKey.D.Should().BeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.RSA:
jsonWebKey.D.Should().BeNullOrEmpty();
jsonWebKey.DP.Should().BeNullOrEmpty();
jsonWebKey.DQ.Should().BeNullOrEmpty();
jsonWebKey.P.Should().BeNullOrEmpty();
jsonWebKey.Q.Should().BeNullOrEmpty();
jsonWebKey.QI.Should().BeNullOrEmpty();
break;
case JsonWebAlgorithmsKeyTypes.Octet:
jsonWebKey.K.Should().NotBeNullOrEmpty();
break;
}
}
